[vox-tech] Virus deluge

Karsten M. Self vox-tech@lists.lugod.org
Tue, 27 Jan 2004 21:40:21 -0800 

--yrj/dFKFPuw6o+aM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

on Tue, Jan 27, 2004 at 07:25:42PM -0800, Karsten M. Self (kmself@ix.netcom=
=2Ecom) wrote:
> on Tue, Jan 27, 2004 at 05:35:12AM -0800, Rod Roark (rod@sunsetsystems.co=
m) wrote:
> > I just created and installed a Postfix remedy for the latest
> > MS malware outbreak, and thought I'd pass it on.  I'm seeing
> > a VERY high rate of connections from machines infected with
> > this stuff.
> >=20
> > In main.cf, insert this:
> >=20
> > body_checks=3Dpcre:/etc/postfix/virus_body_checks
> >=20
> > Create a file virus_body_checks containing this:
> >=20
> > /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT Emails with Microsoft executable at=
tachments are not allowed here.
> > /^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears=
 to contain a virus.
> >=20
> > If anyone has an improved solution, let me know, but this
> > seems to work.
>=20
> Try:
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> :0 B
> * -1
> * 1^0 ^Content-Transfer-Encoding: base64
> * 1^0 1rrAeM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2=
d9r
> * 1^0 Ga9SG/3//7dSpCoQS7DvKZAv72JQKWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguX=
rNq
> * 1^0 TBuvVXOm//9/idxR1/7/Y6uPvh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMv=
gDP
> * 1^0 Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh=
5hk
> * 1^0 Z3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkLRDvZ1r5tSGR=
WLV
> * 1^0 V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWsk=
GOE
> {
>     LOG=3D"LOG: Virus: (Mydoom / Novar)"
>=20
>     :0:
>     Virus/
> }
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D


=2E..er...

You'll want to anchor those with '^' so you don't get false positives...
=2E..like I did...
=2E..on my own mail...

;-)


Peace.

--=20
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Geek for hire:  http://kmself.home.netcom.com/resume.html

--yrj/dFKFPuw6o+aM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAF0tFefG8443k044RAiVJAJ9IU1GMlYG+13ZoKenW++x3Hm9OqACfXVJE
IAkWk8H/qwVbdEZpw+y2Y7U=
=sKkI
-----END PGP SIGNATURE-----

--yrj/dFKFPuw6o+aM--