> Can anyone help me figure out a way to handle this recent virus?
>
> It typically tags email in body:
> '...in order to have your advice...'
>
> and sends random attachments .2 to 2Mb in size.
>
> We're getting a lot of these already, and I'm worried
> that a flood will jam us up, amounting to a DOS. At the very
> least, this is going to cost us a lot of bandwidth $$$.
>
> Seems to me the only way to stop it is to scan the body before
> the mail is accepted. Yeech. And as soon as we get variations on
> '...in order to have your advice...' it will be just about
> indistinguishable from normal email with attachments.
>
Seems to me that the main "feature" of this virus isn't the text, but
the fact that the attachments that it sends always have two extensions:
".xls.bat", ".doc.lnk" and so on. This way, it tricks Windows lusers who
have the "hide extensions" option turned on into clicking on them. So
you could write a script to look at the name of the attachments and look
for the ones that follow that pattern.
(Aside, of course, of checking out the patches that antivirus vendors
must be putting out...)
Paulo Jan.
DDnet.
