Hi Randal! In message mid:200210270255.TAA14570@;scn.org on Saturday, October 26, 2002, 9:55:54 PM, you wrote:
SU> I have received 18 files within the last 48 hours that are infected SU> with the I-Worm/klez.k virus. No damage has been done, but it is a real SU> nuisance. I downloaded the bat this evening and noticed that the bat is SU> immune to the current versions of the klez.k worm. I posted a filter a couple of days ago that seems to be consistently able to catch klez and bugbear (although it might catch innocent email as well, so watch out). With this, you wouldn't have to block a specific IP. Here's a repost: In message mid:10331470372.20021017160415@;wildpetals.com on Thursday, October 17, 2002, 6:04:15 PM, you wrote: A> is there a way to tell if norton antivirus detected a virus in A> a message and filter it to some other folder based on the A> attachment name containing "norton antivirus"? Due to a bug in filtering mime headers (apparently can't do it), this apparently cannot be done in a direct manner. The best that I could do is this, which seems to catch both BugBear and Klez: BeginFilter Name: Maybe Virus Active: 1 Source: Inbox Target: Maybe Virus MainSet: 40Content-Type: multipart/alternative Actions: faoAdvIsAttach EndFilter Remember to fix the Target directory, and remember to move the rule up to the top of the list. Followup: --------- Interestingly, I tried it on my spam, a total of 1815 messages, and it pulled out 12 messages, all of which were Klez or BugBear. I took a quick glance through the spam and wasn't able to find any more messages that had been stomped by Norton, so it appears to be 100% effeective. Chances are that it will work with messages stomped by other scanners, as well as messages with live BugBear and Klez. Note: ----- To install a filter, mark and copy the text above (including "BeginFilter" and "EndFilter"), click on Account | Sorting Office/Filters, click on "Incoming Mail", then use Ctrl-V to paste. It will then appear in the list. -- --Scott. mailto:Wizard@;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
