[Esd-l] Procmail Sanitizer local rule for SoBig .ZIP worm
Pierre Etchemaite
petchema at concept-micro.com
Thu Jun 26 05:56:52 PDT 2003
Le Wed, 25 Jun 2003 20:46:06 -0700 (PDT), "John D. Hardin"
<jhardin at impsec.org> a écrit :
>
> For your consideration:
>
> # Trap SoBig (signature as of 06/25/2003)
> #
> [...]
> | formail -A "X-Content-Security: [$HOST] NONOTIFY" \
> -A "X-Content-Security: [$HOST] QUARANTINE" \
> -A "X-Content-Security: [$HOST] REPORT: Trapped SoBig
> worm -
> http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html"
Some rules quarantine, others discard; Somes rules notify, that one
doesn't...
Is there a logic behind those differences, or only historical reasons ?
Just wondering...
BR,
Pierre.
More information about the esd-l
mailing list