"Christopher W. Curtis" <ccurtis@???> writes:
> if $message_body contains "3Dcid:EA4DMGBP9p height=3D0 width=3D0"
[...]
> mail bcc root@localhost
> subject "Badtrans.B Virus Spam Worm"
From the above I deduce that we are talking about the new BadtransII
or in other words - the newest mutation of the virus, the one whose
breakout we all - as I can see - now observe. And if so, then notifying
the sender is meaningless, the sender address is mangled by the virus,
typically by adding an '_' in front of it. As to the rest of the filter
code - that's about what I would use. Actually, albeit short, even
"3Dcid:EA4DMGBP9p height=3D0 width=3D0" alone shouldn't give any false
positives in real-world operation.
Regards,
--
(-) Łukasz Grochal lukie@???
(for PGP key visit:)
_____________________________________________ http://www.rotfl.eu.org/ __
... all in all it's just another rule in the firewall. /Ping Flood/
