[Esa-l]Sircam virus filter

Juan Manuel Calvo jmc at cema.edu.ar
Wed Aug 1 07:41:20 PDT 2001


I have found a very simple solution to the Sircam problem. Your
procmail sanitizer allows defang the attachment but the users
receives the email.

I have added the following lines in my /etc/procmailrc BEFORE
the sanitizer:

------------cut here-----------------------
# This tries to match a binary string from the SirCam virus
# in the base64 encoded MIME attachment.
# B: search body, D case sensitive

------------cut here-----------------------

All emails infected with SirCam are ending in
where I can review, until now I have 0 emails infected passed and 0
false identifications.

I have found this in "A Collection of Procmail Posts" on 

Best Regards

Ing. Juan Manuel Calvo                       |TE: +54-11-4314-2269
Director del Centro de Computos              |FAX:+54-11-4314-1654
Universidad Del CEMA                         | 
Cordoba 374 (1054) Capital Federal, Argentina| http://www.cema.edu.ar

More information about the esd-l mailing list