Re: [Exim] the Klez virus

Top Page
Delete this message
Reply to this message
Author: Neil Long
Date:  
To: exim-users
Subject: Re: [Exim] the Klez virus
Klez is virulant so a small lightweight filter is easiest -

the following was posted on the unisog mail list on May 1st (I take no
credit for it).

> From:    Bugs <bb1@???>


> We filter it with procmail:
> # Trap Kleez.G
> #
> :0 B
> * AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW
> /local/virus/klez


A simple

if $message_body contains "AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpc" then
freeze text "Klez"
endif

will give you something to refine - better to also filter on body
length, etc as the above would trap this email (of course).

Trying to make a MTA filter all emails and still get them delivered
quickly strikes me as a non-starter. Nigel's original filter proved
very useful (and still does) but unix is all about simplicity.

regards
Neil

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Dr Neil J Long, Computing Services, University of Oxford
 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275
 EMail:       Neil.Long@???
 PGP:    ID 0xE88EF71F    OxCERT: oxcert@??? PGP: ID 0x9FF898D5