Re: [Exim] I LOVE YOU - Virus-Filter?

Top Pagina
Delete this message
Reply to this message
Auteur: Marilyn Davis
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] I LOVE YOU - Virus-Filter?
Ha ha on me!

Apparently my message to this list was filtered from some recipients
by their filters for the ILUVEYOU virus. And, of course, it was
filtered from the folks who really know how to get their filters
going and who could possibly help.

This is pretty fun, actually.

So, I'm resending, but I'll mess up the triggering strings:

---------- Forwarded message ----------
Date: Thu, 4 May 2000 10:56:02 -0700 (PDT)
From: Marilyn Davis <marilyn@???>
To: exim-users@???
Subject: Re: [Exim] I LUVE YOU - Virus-Filter?


Exim People,

Thanks for the quick work at making a filter for this.

This is my first time to try a filter and I must be making some kind of
mistake.

I know that the configure part is good because, when I first implemented
it, my log file complained:

2000-05-04 10:42:38 12nPe2-0002UN-00 Error in message_filter file: quote missing at end of string in line 7

So, I added a back-slash on line 7 and it quit complaining.

I tried a test. I just sent myself the following message, which I
would think the filter would catch, but it slipped right through.
Certainly a copy of the filter contains all the text it's looking for.
Or what am I missing?

Thanks for your help.

Marilyn Davis, Ph.D.
eVote - online polling software for email lists
http://www.deliberate.com 
marilyn@???    
+1 650 965-7121  (USA)






---------- Forwarded message ----------
Date: Thu, 4 May 2000 10:45:22 -0700 (PDT)
From: Marilyn Davis <marilyn@???>
To: Marilyn Davis <marilyn@???>
Subject: ILUVEYOU

# Exim filter

# ILUVEYOU Virus Filter

if ((($message_body CONTAINS "name=LUVE-LETTER-FOR-YOU.TXT.vbs" or
      $message_body CONTAINS "begin 600 LUVE-LETTER-FOR-YOU.TXT.vbs") and
      $message_body CONTAINS "kindly check the attached LUVELETTER coming \
from me.") and
     $header_subject IS "ILUVEYOU") and not error_message then
  logfile /var/spool/exim/log/filter_log
    logwrite "$tod_log $message_id \ 
       $sender_address ($sender_host_name[$sender_host_address]) \ 
       => $recipients (recipients=$recipients_count) \ 
       subject=$header_subject"
  fail text "This message possibly contains the VBS.LuveLetter.A (ILUVEYOU) \
             virus, please use the newest antivirus packages to check that \
             your system is clean. For further information on this virus, \
             please read: \n \
             http://www.sarc.com/avcenter/venc/data/vbs.luveletter.a.html\n \
             http://www.datafellows.com/v-descs/luve.htm\n\n \
             Thank You"
  seen finish
endif








--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##