[Esd-l] virus in zipped file not catching (netsky P.Dam)

Sergio P. Cesar sergio at winc.net
Fri Oct 22 12:46:56 PDT 2004

try to quarantene this thing and not working:
I have the virus I can send it somewhere. :(



using 1.147
I have this in the config file:


this in my local-rules:
# Trap Netsky P.Dam (signature as of 11/17/2004)
* > 130000
* ^Content-Type:.*multipart/mixed;
        :0 B hfi
        * ^Content-Disposition: attachment;
        * ^Content-Transfer-Encoding: base64
        * UEsDBAoAAAAAA
        | formail -A "X-Content-Security: [$HOST] NOTIFY" \
                  -A "X-Content-Security: [$HOST] QUARANTINE" \
                  -A "X-Content-Security: [$HOST] REPORT: Trapped Netsky
P.Dam - see

procmail.log show
Sanitizing MIME & attachments in "[Fwd: Spamed?]" from <xxxxxxxx.com> to
<sergio at winc.net>
msgid=<15912. at www.winc.net>
 Checking ZIP archive "abuse_list.zip" for poisoning.
 Checking ZIP archive "abuse_list.zip" for poisoning.
 ERR: mimencode failed:
>From xxxxxx.com  Fri Oct 22 14:34:12 2004
 Subject: [Fwd: Spamed?]
  Folder: ./sergio/new/1098473652.5123_2.tao.winc.net                    

More information about the esd-l mailing list