Re: Re: DML virus spreading - EVERYBODY READ!

From: andy levy (andy-dml@levyclan.us)
Date: Wed Aug 20 2003 - 22:33:17 EDT


Christopher Orr wrote:

>
> Hey all,
> For those running procmail as their MDA, this recipe works great to keep
> users from opening the file on accident. It just puts .txt at the end
> of the filename, so when it gets double clicked, notepad comes up.
>
> :0
> *^Content-type: (multipart/mixed|application/octet-stream)
> {
> :0 B
> *^Content-Disposition: (attachment|inline);
> *filename=".*\.(vbs|scr|pif)"
> {
> :0 fbw
> |/usr/bin/sed -e
> 's/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.txt"/' \
> -e
> 's/\([nN][aA][mM][eE]=".*\.[sS][cC][rR]\)"/\1.txt"/' \
> -e
> 's/\([nN][aA][mM][eE]=".*\.[pP][iI][fF]\)"/\1.txt"/'
> }
> }

Why not just drop the attachment on sight? 99% of people wouldn't be
intentionally sending these types of files "bare" in the first place.

-- 
-andy

http://home.twcny.rr.com/andylevy/dakota - andy-dml@levyclan.us -------------------------------------------- "Whatever Adam does, do the opposite and you'll be fine" -Bob Tom --------------------------------------------



This archive was generated by hypermail 2b29 : Fri Feb 06 2004 - 11:46:48 EST