[Esd-l] Goner trap for local.procmail

Murray Crane mcrane at longbridge.com
Tue Dec 11 06:56:00 PST 2001

(By way of penence for my last post...)

Here is a simple little procmail recipe for trapping the Goner worm, much in the style of John's other worm traps.  It could probably do with being made a little more specific, but it's 
working well enough for me.

# Trap Goner? (signature as of 2001-12-10)
* > 50000
* < 60000
* ^Subject.*Hi
* ^Content-Type: multipart/mixed;
        :0 B hfi
        * name=.*gone\.scr
        | formail -A "X-Content-Security: [$HOST] NOTIFY" \
                  -A "X-Content-Security: [$HOST] QUARANTINE" \
                  -A "X-Content-Security: [$HOST] REPORT: Trapped Goner worm - see http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.a@mm.html"

Murray Crane
Network Systems Administrator
Longbridge International Plc

More information about the esd-l mailing list