Greg Owen {gowen} <[EMAIL PROTECTED]> wrote:
>
>On Mon, 14 Jun 1999, Mark Drummond wrote:
>> There is much interest here in the idea of blocking email carrying
>> ExploreZip so we don't have to rely on end-user intelligence(?!) to
>> prevent an infestation. I realise that sticking filters into the pipe
>> like this is not necessarily as good idea but nonetheless ...
>
> I spent 5 minutes last friday looking at using 'condredirect' to
>bounce anything with the string 'Till then, blah blah blah' into an admin
>mailbox. It silently didn't work. I didn't care enough to look too
>deeply into it at the time, but if we're going to be discussing fixes, I'd
>love to hear the right way to use condredirect...
Dan posted a similar "fix" for melissa, though he didn't use
condredirect or mess822:
]From: "D. J. Bernstein" <[EMAIL PROTECTED]>
]To: [EMAIL PROTECTED]
]Subject: Re: Melissa Virus
]Date: 29 Mar 1999 22:03:55 -0000
]
][EMAIL PROTECTED] writes:
]> The sendmail "fix" is silly. It's 4 lines (or something), and all it does
]> is search for a string in the subject line. That "fix" is more
]> likely to bounce good mail than it is to catch the virus.
]
]Indeed. Legitimate messages do occasionally contain the same ``Important
]Message From'' subject line that the Melissa worm produces. If, however,
]someone does want this ``fix'' for qmail, here's a sample one-liner to
]put before ./Mailbox in /var/qmail/rc or in the POP-toaster .qmail file:
]
] | bouncesaying VIRUS awk '/^Subject: I am a virus/{exit 0}/^$/{exit 1}END{exit 1}'
]
]To test, put this line into ~you/.qmail-melissa and send some messages
]to you-melissa. If you have Microsoft users with their own .qmail files,
]they can decide for themselves whether to add this to .qmail.
]
]---Dan
-Dave
