Re: [Exim] Tracking SirCam (fwd)

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Felipe
Date:  
À: Alan Thew
CC: Exim Users Mailing List
Nouveaux-sujets: Re: [Exim] Tracking SirCam (fwd) with 'date:' header
Sujet: Re: [Exim] Tracking SirCam (fwd)
Please Can you tell me how can i do?
>
>This may help those of you who want to filter on headers and not on
> message body.
>

How can I compouse the right filter...?

Thanks

> This may help those of you who want to filter on headers and not on
> message body.
>

----- Original Message -----
From: "Alan Thew" <Alan.Thew@???>
To: "Exim List" <exim-users@???>
Sent: Thursday, July 26, 2001 11:07 AM
Subject: [Exim] Tracking SirCam (fwd)


> fyi...
>
> ---------- Forwarded Message ----------
> Date: 25 July 2001 10:49 -0600
> From: Peter Krawczyk <petek@???>
> To: incidents@???
> Subject: Tracking SirCam
>
> Trying to track the SirCam virus without looking at the body of the
> message, we've found a way to track it via headers.
>
> In the header of the message, everything looks dynamic, and so tracking it
> seems to be hard. However, there is a slip -- the Date: header actaully
> appears as 'date:'.
>
> A cursory examination of thousands of emails from mailing lists, private
> sources, and other sources shows that the only messages using the lower
> case 'date:' for the header are sent by the SirCam virus.
>
> This may help those of you who want to filter on headers and not on
> message body.
>
> -Pete K
> --
> Pete Krawczyk <petek@???>
>    Senior System Administrator
>    mc.net <http://www.mc.net/>
>    (847) 594-5111

>
>
>
> --------------------------------------------------------------------------

--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
> ---------- End Forwarded Message ----------
>
>
>
> --
> Alan Thew
> FAX: +44 151 794 4474
> Using Mulberry 2.0.x
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>