Well, I can't do much about the virus scanner replies, but I wrote a perl
script to sort out that darned Snowhite virus to keep them from coming in
my box... it seems the beginning of the attachment is only a few characters
different from the new virus, so a mod to that program was trivial.
Here's the program (in it's entirity - I've never learned how to use "diff"
and "patch", and the proggie's less than a page long...)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#!/usr/local/bin/perl
### Let's get the info first, to see if it's actually something
### we need to control...
@zline = <STDIN>;
$limpy = grep (/TV[qp]QAA[MI]AAAAEAA/, @zline);
exit (0) if ($limpy == 0);
# Now, we know that we have a virus... send it to a separate file
# have the proggie die quietly...
open (Q,">>/home/zmerch/hahainfo.txt");
foreach $liner (@zline) {
$limpy = grep (/TV[qp]QAA[MI]AAAAEAA/, $liner);
last if ($limpy != 0);
$limp2 = grep (/Received:/, $liner);
if ($limp2 != 0) {
print Q "Zq: $liner";
next;
}
$limp1 = grep (/SMTP/, $liner);
if ($limp1 != 0) {
print Q "Zq: $liner";
next;
}
}
print Q "\n=-=-=-=-=-=-=-=-=-=-=\n\n";
# Shut 'er down, boys!!! ;-)
close (Q);
exit (99);
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
And here's how you'd call the script in your .qmail file...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|/home/zmerch/killhahaha.pl
./Maildir/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Of course, modify the top line for *your* home directory... ;-)
Hope this helps,
Roger "Merch" Merchberger
--
Roger "Merch" Merchberger --- sysadmin, Iceberg Computers
Recycling is good, right??? Ok, so I'll recycle an old .sig.
If at first you don't succeed, nuclear warhead
disarmament should *not* be your first career choice.
