Re: [Exim] I LOVE YOU - Virus-Filter?

Top Page
Delete this message
Reply to this message
Author: Andromeda
Date:  
To: Derrick MacPherson
CC: Exim
Subject: Re: [Exim] I LOVE YOU - Virus-Filter?
At 09:27 04/05/2000 -0700, you wrote:
>What seems to be the 'final verdict', or best guess to deal with this? I
>don't think those of us with limited exim skills need to be testing on live
>servers for this, nor would I like to spend a couple hours reading


-- begin of filter --

# Exim filter

# ILOVEYOU Virus Filter

if ((($message_body CONTAINS "name=LOVE-LETTER-FOR-YOU.TXT.vbs" or
      $message_body CONTAINS "begin 600 LOVE-LETTER-FOR-YOU.TXT.vbs") and
      $message_body CONTAINS "kindly check the attached LOVELETTER coming
from me.") and
     $header_subject IS "ILOVEYOU") and not error_message then
  logfile /var/spool/exim/log/filter_log
    logwrite "$tod_log $message_id \ 
       $sender_address ($sender_host_name[$sender_host_address]) \ 
       => $recipients (recipients=$recipients_count) \ 
       subject=$header_subject"
  fail text "This message possibly contains the VBS.LoveLetter.A (ILOVEYOU) \
             virus, please use the newest antivirus packages to check that \
             your system is clean. For further information on this virus, \
             please read: \n \
             http://www.sarc.com/avcenter/venc/data/vbs.loveletter.a.html\n \
             http://www.datafellows.com/v-descs/love.htm\n\n \
             Thank You"
  seen finish
endif


-- end of filter --

Enjoy.

A.
- The Andromeda HTML Workshop - http://www.htmlworkshop.com/
Home of Search & Replace 98