[unisog] Sendmail Filter for Sircam

William D. Colburn (aka Schlake) wcolburn at nmt.edu
Tue Jul 31 16:14:26 GMT 2001


On Tue, Jul 31, 2001 at 08:26:36AM -0700, David Lundy wrote:
> I am getting a lot of Sircam infected email.  Our email gateway is sendmail,
> but we have no filtering in place.  Does anyone have a pointer to a milter
> for Sircam or information on filtering for this or other rogue email?
> 
> I'm interested in an immediate fix for Sircam as well as information on what
> solutions have proven themselves more generally.

I got this from:
  http://linuxtoday.com/news_story.php3?ltsn=2001-07-24-009-20-SC-MS-SV

If you use procmail as your local edlivery agent it seems to work great.
Notice I did modify it to add postmaster.  Also, delete the "REMOVE"
from between the "sa" and the "eL" (there to keep this message from
matching).

----- /etc/procmailrc -----
:0 Bh
             *I send you this file in order to have your advice
             *daREMOVEeLRCQEM9KJEIN8JAwAdBmLRCQEi1QkCIkQi0QkDCtEJAiLVCQEiUIEg8QUXV9eW8NTVldV
               |(formail -rtb -I "Precedence: junk" \
                 -I "Subject: SirCam Virus Spam Worm" \
                 -I "Cc: postmaster at nmt.edu"; \
                 echo "Your computer is infected with the SirCam
		 worm. Please see"; \
                 echo
		 "http://www.wired.com/news/technology/0,1282,45427,00.html for more information.")\
                 |$SENDMAIL -oi -t
----- end /etc/procmailrc -----


--
William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn



More information about the unisog mailing list