On Tue, 17 Feb 2004, Martin Lyberg wrote:
> Since a few hours back i'm recieving mails containing the new Bagle.B virus.
> How can i reject these messages before they're relayed to our
> Exchangeserver?
If the Symantec website is accurate, then the B(e)agle virus has a
distinctive subject line:
header LOC_BAGLEVIRUS Subject =~ /ID *......\.\.\. *thanks/i
describe LOC_BAGLEVIRUS Bagle virus? Subject="ID (6 rand chars)... thanks"
The equivalent in procmail:
# 'W32.Beagle.B' - REMOVE AFTER FEB 26/2004
:0
* Subject: *ID *......\.\.\. *thanks
{
# Check for a tell-tale line in the body to be sure.....
:0 B
* Yours.ID
/dev/null
}
