on Sat, Jul 28, 2001 at 04:31:13PM -0400, Joey Hess ([EMAIL PROTECTED]) wrote: > begin Colin Watson quote: > > That's the SirCam virus, which causes its victims to unknowingly send > > mail to addresses harvested from their web cache. Not much you can do > > about it, AFAIK. > > Oh sure there is. You can procmail it to /dev/null (anyone have a good > recipe? Mine sucks).
A good one (for English versions of SirCam) was posted to LinuxToday. My slight adaptation ('This is an automatically generated message'): ------------------------------------------------------------------------ # SirCam spam recipie, from LinuxToday, Tue Jul 24 22:28:09 PDT 2001 :0 Bh *I send you this file in order to have your advice *daeLRCQEM9KJEIN8JAwAdBmLRCQEi1QkCIkQi0\QkDCtEJAiLVCQEiUIEg8QUXV9eW8NTVldV | (formail -rtb -I "Precedence: junk" \ -I "Subject: SirCam Virus Spam Worm"; \ echo "Your computer is infected with the SirCam worm. Please see"; \ echo "http://www.wired.com/news/technology/0,1282,45427,00.html for more inf ormation." \ echo "This is an automatically generated message.") \ | $SENDMAIL -oi -t ------------------------------------------------------------------------ > Or you can go a step further, and just procmail all mail from > virus-prone windows MTA's to /dev/null, which I am seriously > considering doing, except for this annoying problem that I > occasionally hear from debian users who are stuck in windows for some > reason and I'd hate to blanket reject their mail. A passfile (allowed users) followed by a reject ruleset (broken mailers) might be a way around this. Lars Wirzenius's procmail filter rules ('spamfilter' package) works pretty well for this, though it's complex. Cheers. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org Free Dmitry!! Boycott Adobe!! Repeal the DMCA!! http://www.freedmitry.org
pgpMeAsTTOLBc.pgp
Description: PGP signature