[Esd-l] Goner trap for local.procmail
Murray Crane
mcrane at longbridge.com
Tue Dec 11 06:56:00 PST 2001
(By way of penence for my last post...)
Here is a simple little procmail recipe for trapping the Goner worm, much in the style of John's other worm traps. It could probably do with being made a little more specific, but it's
working well enough for me.
# Trap Goner? (signature as of 2001-12-10)
#
:0
* > 50000
* < 60000
* ^Subject.*Hi
* ^Content-Type: multipart/mixed;
{
:0 B hfi
* name=.*gone\.scr
| formail -A "X-Content-Security: [$HOST] NOTIFY" \
-A "X-Content-Security: [$HOST] QUARANTINE" \
-A "X-Content-Security: [$HOST] REPORT: Trapped Goner worm - see http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.a@mm.html"
}
Murray Crane
Network Systems Administrator
Longbridge International Plc
More information about the esd-l
mailing list