[vox-tech] Virus deluge

Karsten M. Self vox-tech@lists.lugod.org
Tue, 27 Jan 2004 19:25:42 -0800 

--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

on Tue, Jan 27, 2004 at 05:35:12AM -0800, Rod Roark (rod@sunsetsystems.com)=
 wrote:
> I just created and installed a Postfix remedy for the latest
> MS malware outbreak, and thought I'd pass it on.  I'm seeing
> a VERY high rate of connections from machines infected with
> this stuff.
>=20
> In main.cf, insert this:
>=20
> body_checks=3Dpcre:/etc/postfix/virus_body_checks
>=20
> Create a file virus_body_checks containing this:
>=20
> /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT Emails with Microsoft executable atta=
chments are not allowed here.
> /^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears t=
o contain a virus.
>=20
> If anyone has an improved solution, let me know, but this
> seems to work.

Try:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
:0 B
* -1
* 1^0 ^Content-Transfer-Encoding: base64
* 1^0 1rrAeM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9r
* 1^0 Ga9SG/3//7dSpCoQS7DvKZAv72JQKWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguXrNq
* 1^0 TBuvVXOm//9/idxR1/7/Y6uPvh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMvgDP
* 1^0 Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hk
* 1^0 Z3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkLRDvZ1r5tSGRWLV
* 1^0 V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWskGOE
{
    LOG=3D"LOG: Virus: (Mydoom / Novar)"

    :0:
    Virus/
}
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D


Peace.

--=20
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
  The revolution will not be televised.
  You can apt-get it from the usual mirrors, however.   http://www.debian.o=
rg/

--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAFyu2efG8443k044RArJTAJ44JoVICXuidf1riv0CDN0i2gp5QwCdFQtj
TF2X2XfZHMIkoQmyIFA4mkM=
=pi+W
-----END PGP SIGNATURE-----

--d6Gm4EdcadzBjdND--