Hello all...
I finally got deeply disturbed about all the double-bounces coming into my
email box (sometimes 2500 after a weekend... :-( ) from the Hybris virus
([EMAIL PROTECTED]) and I figured I needed to create a personal filter
for my mailbox to filter these thingies out... So I did.
The proggie is simple (and included here) but most everything's hardcoded
into the program, so you'll need to modify it to suit yourself (& salt to
taste... ;-)
It's a *very* short Perl script, named (on my machine) killhahaha.pl, and
here's what my .qmail file reads:
|/home/zmerch/killhahaha.pl
./Maildir/
and here's the script:
#!/usr/local/bin/perl
### Let's get the info first, to see if it's actually something
### we need to control...
@zline = <STDIN>;
$limpy = grep (/TVqQAAMAAAAEAAAA/, @zline);
exit (0) if ($limpy == 0);
# Now, we know that we have a virus... send it to a separate file
# have the proggie die quietly while disregarding further delivery
# instructions in the .qmail file...
open (Q,">>/home/zmerch/hahainfo.txt");
# go thru each environment variable and write them to my logfile...
foreach $quack ( keys(%ENV) ) {
print Q "ENV - $quack = $ENV{$quack}\n";
}
print Q "\n\n";
foreach $liner (@zline) {
# re-search for the beginning of the virus, because we don't
# need to save the entire virus payload to our data file...
$limpy = grep (/TVqQAAMAAAAEAAAA/, $liner);
last if ($limpy != 0);
print Q "OMail: $liner";
}
print Q "\n=-=-=-=-=-=-=-=-=-=-=\n\n";
# Now exit the proggie & exit w/a #99 exit code to make
# qmail disregard any further lines in the .qmail file
close (Q);
exit (99);
====================================================
Anyway, I hope this helps someone out there...
Thanks,
Roger "Merch" Merchberger
--
Roger "Merch" Merchberger --- sysadmin, Iceberg Computers
Recycling is good, right??? Ok, so I'll recycle an old .sig.
If at first you don't succeed, nuclear warhead
disarmament should *not* be your first career choice.
