Klez is virulant so a small lightweight filter is easiest -
the following was posted on the unisog mail list on May 1st (I take no
credit for it).
> From: Bugs <bb1@???>
> We filter it with procmail:
> # Trap Kleez.G
> #
> :0 B
> * AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW
> /local/virus/klez
A simple
if $message_body contains "AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpc" then
freeze text "Klez"
endif
will give you something to refine - better to also filter on body
length, etc as the above would trap this email (of course).
Trying to make a MTA filter all emails and still get them delivered
quickly strikes me as a non-starter. Nigel's original filter proved
very useful (and still does) but unix is all about simplicity.
regards
Neil
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dr Neil J Long, Computing Services, University of Oxford
13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275
EMail: Neil.Long@???
PGP: ID 0xE88EF71F OxCERT: oxcert@??? PGP: ID 0x9FF898D5
