[Esd-l] virus in zipped file not catching (netsky P.Dam)
Sergio P. Cesar
sergio at winc.net
Fri Oct 22 12:46:56 PDT 2004
try to quarantene this thing and not working:
I have the virus I can send it somewhere. :(
Thanks
Sergio
using 1.147
I have this in the config file:
Set $USE_CPAN
this in my local-rules:
# Trap Netsky P.Dam (signature as of 11/17/2004)
#
:0
* > 130000
* ^Content-Type:.*multipart/mixed;
{
:0 B hfi
* ^Content-Disposition: attachment;
* ^Content-Transfer-Encoding: base64
* UEsDBAoAAAAAA
| formail -A "X-Content-Security: [$HOST] NOTIFY" \
-A "X-Content-Security: [$HOST] QUARANTINE" \
-A "X-Content-Security: [$HOST] REPORT: Trapped Netsky
P.Dam - see
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html"
}
procmail.log show
Sanitizing MIME & attachments in "[Fwd: Spamed?]" from <xxxxxxxx.com> to
<sergio at winc.net>
msgid=<15912.67.97.100.22.1098473651.squirrel at www.winc.net>
Checking ZIP archive "abuse_list.zip" for poisoning.
Checking ZIP archive "abuse_list.zip" for poisoning.
ERR: mimencode failed:
>From xxxxxx.com Fri Oct 22 14:34:12 2004
Subject: [Fwd: Spamed?]
Folder: ./sergio/new/1098473652.5123_2.tao.winc.net
42609
More information about the esd-l
mailing list