on Thu, 21 Aug 2003 13:02:01 -0500 Jonathan Angliss wrote: >> You can scan for the presence of the "found to be clean" (or something) >> Header that the virus adds when sending mail, plus the absence of a >> message-ID... thats the virus.
JA> You cannot really guarantee that. Some MTAs add their own msg-id. Mine does, so I scan for this. It's also a good idea to delete the mail from the server. Don't know, if the "(see the attached file for details)" part is in every mail, but for me it is. From now on there are only the virus-alerts at mails, that were spoofed with my adress.. "Mailbox quota exceeded" are also rising.. :/ but somehow GMX or someone else has done sth, as I didn't get any new the last hour..?! .-----[ Paste ]----- | | BeginFilter | Name: worm | Active: 1 | Source: [EMAIL PROTECTED] | Target: \\\Trash | CopyFolder: \\\\none | MainSet: 30(see the attached file for details) | MainSet: 40X\-MailScanner\: Found to be clean | MainSet: 40^(Message\-Id\:).*(server17\.glai\.de\>)$ | Actions: faDelServer,faoRegExp,faFlag,faoHotKey,faoAdvIsAttach,faoAdvLarger | AddGroups: | DelGroups: | ForwardTemplate: | ConfirmTemplate: | ReplyTemplate: | FwdAddr: | RedirectAddr: | NewAddr: | NewTemplate: | ExtCmd: | ExtFile: | ExtractDir: | ColourGroup: <default> | AddAddrItems: afiFrom, | DelAddrItems: afiFrom, | HotKey: 57431 | IsOfColour: <default> | SizeBigger: 80 | SizeSmaller: 0 | AgeOlder: 0 | AgeNewer: 0 | InAddrPos: 0 | OutAddrPos: 0 | InAddrGroups: | NoAddrGroups: | KillFile: | KillMethod: 0 | SaveTemplate: | SndFile: | SysSound: 0 | SoundTime: 0:00-0:00 | AllowTime: 0:00-0:00 | EndFilter | '------------------- -- shinE! Using The Bat! v2.0 Beta/3 on Windows XP 5.1 Build 2600 Service Pack 1 http://www.thequod.de ICQ#152282665 ________________________________________________ Current version is 1.62r | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
