On Thu, 4 May 2000, Nick O'Brien wrote:
> Is it pointed out at http://www.datafellows.fi/~descs/love.htm that the
> ILOVEYOU virus will also email all RAS and Windows passwords to
> mailme@??? the next time IE is started
>
> I want to block all outgoing mail to this address - I assume that adding
> something like this to my system filter should cover it:
>
> if $h_to conatins mailme@??? or $repicients contains
> mailme@???
> then
> fail text "you appear to have a virus on your PC (see \
> http://www.fsecure.com/v-descs/love.htm).
> endif
From my reading of
http://www.datafellows.fi/v-descs/love.htm
although the trojan sends email to mailme@???, it
uses the 'smpt.super.net.ph' mail server to send e-mails,
so unless you have a firewall, I *suspect* that these mails from your
infected Windows boxes do not go via your exim machine, thus this wont
catch anything.
Worth doing anyway, in case I'm wrong.
Am I the only one who is catching no real viruses,
but almost every mail in this thread :-) ?
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna
