Re: [Exim] the Klez virus

Top Page
Delete this message
Reply to this message
Author: John W Baxter
Date:  
To: exim-users
Subject: Re: [Exim] the Klez virus
At 12:20 +0100 5/10/2002, Neil Long wrote:
>A simple
>
>if $message_body contains "AAAAAAAA    2AAAAA4fug4AtAnNIbgBTM0hVGhpc" then
>freeze text "Klez"
>endif

>
>will give you something to refine - better to also filter on body
>length, etc as the above would trap this email (of course).


I dropped a run of spaces into the test's target (it has none).

How far down the KLEZ messages does this data appear (how much do we have
to lengthen message_body_visible to reach it)? Rhetorical question, as I
have plenty of sample KLEZ available to look at. The default 500 bytes
pretty clearly isn't enough.

--John

--
John Baxter   jwblist@???      Port Ludlow, WA, USA