Re: Warning Worm/MyDoom.A1 spreading very fast!
This is a discussion on Re: Warning Worm/MyDoom.A1 spreading very fast! within the mailing.postfix.users forums, part of the Mail Servers and Related category; Paul Robertson <proberts@patriot.net> wrote: >> Yeah im trying to think of a decent procmail script ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-27-2004
|
|||
|
|||
Re: Warning Worm/MyDoom.A1 spreading very fast!
Paul Robertson <proberts@patriot.net> wrote:
>> Yeah im trying to think of a decent procmail script to remove >> these...but I don't think its possible unless you just block the .zip >> files completly >=20 > It's not always a zip, it does other extensions as well, from a small > sampling: >=20 > 8 bat > 13 cmd > 30 exe > 130 pif > 117 scr > 473 zip > . >=20 > (Look for strings in the bottom of the message attachments if you want = to > procmail it- strings there don't change as much.) Hm. I could detect only one similarity: All mails containing a zipped attachment used either charset=3D"Windows-1252" or charset=3Dwindows-1252 together with Content-Transfer-Encoding: 7bit All other executable attachments are blocked anyway. by T=F6ns --=20 There is no safe distance. 
|
Linear Mode
