Has anyone tried this with W32/Magistr-A which appears to use FROM and
SUBJECT
--
Alan Thew alan.thew@???
Computing Services,University of Liverpool Fax: +44 151 794-4442
On Fri, 27 Jul 2001, Jim Tittsler wrote:
> On Thu, Jul 26, 2001 at 01:05:35PM -0500, Felipe wrote:
> > Alan Thew quoted a securityfocus posting:
> > > In the header of the message, everything looks dynamic, and so tracking it
> > > seems to be hard. However, there is a slip -- the Date: header actaully
> > > appears as 'date:'.
>
> > How can I compouse the right filter...?
>
> Perhaps a filter stanza like:
>
> # The W32/Sircam virus is sending messages with lower case date: headers
> if $message_headers CONTAINS "\ndate: "
> then
> freeze text "Suspect W32/Sircam virus message"
> endif
>
>
> (The upper-case CONTAINS makes the string comparison case
> sensitive.)
>
> --
> Jim Tittsler, Tokyo
> Python Starship http://starship.python.net/crew/jwt/
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>