On Wed, 4 Feb 2004 01:59:32 +0000 Antony Gelberg <[EMAIL PROTECTED]> wrote:
<snip> > Anyone have a similar rule to nuke this new mymail worm? I have some > samples if anyone can tell me how to analyse them to paste the correct > thing in the BD line. Hello Antony, Here's a snip from one of my procmail rc files containing the rules I use for mydoom. You could easily add two lines to the beginning of each rule so it only runs on certain size messages. Something like this should do it: * > 20000 * < 40000 I setup my filters to deliver to a special mailbox to start with - they've been running several days without an FP though, so it should be safe to set $VIRUS to point to /dev/null. # The following will catch Mimail.Q, MiMail.R, Mydoom, Novarg, Shimg # and automatically filter them - as seen on spamprobe mailing list # from 'Jem' # http://sourceforge.net/mailarchive/forum.php?thread_id=3781344&forum_id=11958 # & http://wpbl.pc9.org/procmailrc # Last updated 2004-01-27 21:30 CST :0 B * ^Content-Transfer-Encoding: base64 * b2br8E5jDS9ta3Boz9e9b7p4LmIPZ29sZC1QeGO8JMOYYWZlJUNiNafjMNhDo3DzdoW7aK { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * Y3liZXJlYnpReXQzt/gt2DJcGUNqcm9GdmtGerq//fZna0YwU2duZnh6Fy5ya3IARwtaKz { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * MNhDo3DzdoW7aK3QWmeLBluvgjl3WCtkDycfaxBbttaliR90aUqMksHRN3S2K58b2OG1bm { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * L2DHhtACuvdg5mwKCwJSjUYIVrKzx05c9wF1FBJYOcIbFl4tP1tAjWwkjEILL5nkiABgfX { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * IGYQqy4g1qORYNsPYRttqCAoagNXaCDvG89sWatHcBBPJB6o0UYq/2lFZpRr3dasC2QQaE { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * KO35/8b/9nwKf0fDana5mf5drmxazU4b64lxjvwb/f//8fYGfHlcE7FPIfVU9StifaRjcL { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * 1rrAeM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9r { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * Ga9SG/3//7dSpCoQS7DvKZAv72JQKWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguXrNq { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * TBuvVXOm//9/idxR1/7/Y6uPvh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMvgDP { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hk { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * Z3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkLRDvZ1r5tSGRWLV { :0 $VIRUS } :0 B * ^Content-Transfer-Encoding: base64 * V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWskGOE { :0 $VIRUS } HTH, Jacob ----- GnuPG Key: 1024D/16377135 Slight disorientation after prolonged system uptime is normal for new Linux users. Please do not adjust your browser.
pgp00000.pgp
Description: PGP signature
