[Esa-l] SoBig local rule, take II
John D. Hardin
jhardin at impsec.org
Thu Jun 26 15:13:00 PDT 2003
# Trap SoBig (signature as of 06/26/2003)
#
:0
* > 100000
* < 120000
* ^Content-Type:.*multipart/mixed;
{
:0 B hfi
* ^Please see the attached zip file for details\.
* ^Content-Disposition: attachment;
* ^Content-Transfer-Encoding: base64
* 987654321^1 ^Content-(Type|Disposition):.*name *= *"?(your_details|application|document|screensaver|movie)\.zip"?
* 987654321^1 ^Content-(Type|Disposition):.*$.*name *= *"?(your_details|application|document|screensaver|movie)\.zip"?
| formail -A "X-Content-Security: [$HOST] NOTIFY" \
-A "X-Content-Security: [$HOST] QUARANTINE" \
-A "X-Content-Security: [$HOST] REPORT: Trapped SoBig worm - http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html"
}
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad.
-- James Madison, 1799
-----------------------------------------------------------------------
495 days until the Presidential Election
More information about the esa-l
mailing list