[Esa-l]Sircam virus filter

Juan Manuel Calvo jmc at cema.edu.ar
Wed Aug 1 07:41:20 PDT 2001


John:

I have found a very simple solution to the Sircam problem. Your
procmail sanitizer allows defang the attachment but the users
receives the email.

I have added the following lines in my /etc/procmailrc BEFORE
the sanitizer:

------------cut here-----------------------
# This tries to match a binary string from the SirCam virus
# in the base64 encoded MIME attachment.
# B: search body, D case sensitive
:0BD
*
AAAAGgU0NhbTMyABCDTUlN|AAAAAaBTQ2FtMzIAEINNSU1F|ABkAAAABoFNDYW0zMgAQg01J
/var/spool/mail/sircamvirus

------------cut here-----------------------

All emails infected with SirCam are ending in
/var/spool/mail/sircamvirus
where I can review, until now I have 0 emails infected passed and 0
false identifications.

I have found this in "A Collection of Procmail Posts" on 
"http://www.panix.com/~eli/procmail/" 

Best Regards

-- 
Ing. Juan Manuel Calvo                       |TE: +54-11-4314-2269
Director del Centro de Computos              |FAX:+54-11-4314-1654
Universidad Del CEMA                         | 
Cordoba 374 (1054) Capital Federal, Argentina| http://www.cema.edu.ar



More information about the esd-l mailing list