-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 27 January 2004 02:41 am, Richard Beyer wrote: > We're seeing a lot of activity from the [EMAIL PROTECTED] virus > (http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] >m l) > > > > Could someone help me cobble together a rule quickly to counteract the > attachments it's using. Something to catch test.zip, readme.zip and > body.zip (the most common ones it appears to be using at the moment). >
if you use maildrop you could do this with clamav.
if($SIZE < 2000000)
{
xfilter "clamscan.sh"
}
if ((/^X-Virus-Status:.*INFECTED/))
{
to "$VIRUS"
}
attached is clamscan.sh
>
>
> Cheers,
>
> Richard
- --
-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Brook Humphrey
Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107
http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED]
Holiness unto the Lord
-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAFoWsnT1TkA6FgPgRAnc2AJ0b6/eSM1uyQbziT2j++JtrHAZNdACeJ/xF
YfFoj1+jBWrDybBrCao6bYA=
=EOxh
-----END PGP SIGNATURE-----
clamscan.sh
Description: application/shellscript
