l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2003 Sep 23 22:47

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] the answer to all my virus problems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] the answer to all my virus problems



On 2003.09.20 14:56, p@dirac.org wrote:
roland smith, whom i met while googling shared a *wonderful* procmail
recipe that catches windows viruses.  it's made my life bearable.
here
it is:



# Broad antivirus recipe:
#
# It looks at the contents of attachments. The 2nd condition is the
header of
# a win32 exe encoded with the base64 algorithm. No matter how the
virus is
# named, that header MUST have this specific form, or it won't be
recognized
# by windows as an executable.  So every attachment that starts with
# TVqQAAMAAAAEAAAA//8AALg is a win32 program and a potential virus.
The 3rd
# condition is the string "this program cannot be run in MS-DOS mode"
encoded
# in base64.  It's there just to be sure, and avoid false positives.
#
:0 B
* ^Content-Transfer-Encoding:.*base64
* ^TVqQAAMAAAAEAAAA//8AALg
* 4fug4AtAnNIbg
{
	LOG="[virus: win32 exe]     "

	:0
	DUMP
}


just cut and paste into .procmailrc and your 99E999 swen viruses per
day
wil be placed into $MAILDIR/DUMP (or /dev/null if that's what you
want).


the guy had some good procmail recipes on his website:

http://www.xs4all.nl/~rsmith/spamblock.html

enjoy!
pete
Wierdly, I haven't gotten any real copies of the virus since I started sending them to .mail/probably-virus, but I have gotten copies of the virus email with the .exe file already stripped from the message (so it still shows up in my inbox just the same)

I know my procmail isn't working, becuase I just emailed myself a .exe file from my windows partition and the filter caught it and shunted the message off to .mail/probably-virus

--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 6/10/2003. If you use GPG, *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***

Attachment: pgp00008.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.