[Esd-l] Re: Signature to trap Mimail.C (fwd)
John D. Hardin
jhardin at impsec.org
Tue Nov 4 15:48:37 PST 2003
---------- Forwarded message ----------
Date: Tue, 4 Nov 2003 18:12:17 -0500
From: J Paul Keen <paulk at floridachristian.org>
To: John D. Hardin <jhardin at impsec.org>
Subject: Re: Signature to trap Mimail.C
Sorry I just realized I messed up the email .... I was trying to type on only
2hrs of sleep ... lol. Anyway here is the correct info:
# Trap Mimail.C
#
:0
* ^X-Mailer:.*The Bat
* ^Content-Type:.*multipart/mixed;
{
:0 B hfi
* ^Content-Type: application/x-zip-compressed;
* ^Content-Transfer-Encoding: base64
* ^Content-Disposition: attachment; filename=.*photos\.zip
* ^UEsDBAoAAAAAA
| formail -A "X-Content-Security: [$HOST] NOTIFY" \
-A "X-Content-Security: [$HOST] QUARANTINE" \
-A "X-Content-Security: [$HOST] REPORT: Trapped MiMail.C worm
- http://www.sarc.com/avcenter/venc/data/w32.mimail.c@mm.html"
}
--Paul Keen
Technology Cordinator
Florida Christian School
More information about the esd-l
mailing list