Todd Lattimer wrote:
> Just wondering is anyone has written a successful filter to block the
> badtrans virus.
I've been using this with 100% success, and no apparent false positives:
if $message_body contains "3Dcid:EA4DMGBP9p height=3D0 width=3D0"
and $message_body contains
"Ztvbi9AWBgvKNj8wHB1ht9tNCh8Li1Bdw1nGMhdLth89XVpiWnYoO3uKBI0JCkQKPXH9Yc8dC"
then
mail bcc root@localhost
subject "Badtrans.B Virus Spam Worm"
text "Your computer appears to be infected with the Badtrans.B
worm.\n\
Please see http://www.europe.f-secure.com/v-descs/bt_b_dis.shtml for info."
seen
finish
endif
However, I don't think it's notifying the sender ...
Chris
