Jeffrey Goldberg wrote ...
>
>Regarding a new Word macro virus W97M.Malissa, which has the effect of
>sending chain mail
>
> http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
> http://www.microsoft.com/security/bulletins/ms99-002.asp
> http://www.ciac.org/ciac/bulletins/j-037.shtml
> http://www.sendmail.com/blockmelissa.html
>
>does anyone have an Exim global filter for this?
# Melissa:
# only works if Melissa is predictible and conformist...
#
if $header_Subject contains "Important Message From" and
$message_body contains
"Here is that document you asked for... don't show anyone else" then
testprint "Melissa header and body part seen from $sender_address"
freeze text
"Melissa header and body part seen. \n \
Message may contain Melissa Word Macro Virus\n $message_headers"
endif
#
It would be nice to be able to freeze the message *and* generate an
autoreply to the sender to let them know the bad news. Any ideas?
>
>I'm not sure that its needed at my site, but it is worth considering.
We've caught a fair number of HAPPY99.EXEs like this as well
http://www.datafellows.com/v-descs/ska.htm
http://members.xoom.com/net_cool/
I can see this becoming an unpleasantly regular thing and
increased justification for running virus scanning at delivery.
:(
Ken
--
# Ken Bailey, Computer Section, # Internet: K.Bailey@??? #
# The Royal Botanic Gardens, Kew, # Tel: +44 (0)181 332 5729 #
# Richmond, Surrey, TW9 3AE, UK # Fax: +44 (0)181 332 5736 #
--
*** Exim information can be found at
http://www.exim.org/ ***
