[linux] postfix a Klez

Jan ONDREJ (SAL) ondrejj na salstar.sk
Čtvrtek Květen 2 09:31:42 CEST 2002 

On Thu, May 02, 2002 at 09:26:19AM +0200, Marek Podmaka wrote:
> 
>    Hi!
> 
> nema niekto nahodou nejaky filter (na header, prip. text mailu), ktorym by
> som v postfixe mohol odmietnut maily s tymto virusom?

Ahojte,

  nuz tak nieco take som zbuchal, ale nieje to pre postfix, ale
pre procmail, ktory sa u mna standardne spusta z postfixu.
Prikladam zatial pribaleny skriptik. Zrejme ho v buducnosti budem
udrziavat, takze tam este pribudne par virusov. Ak tam najdete
nejaky bug, dajte mi vediet. :-)

  Postup na instalaciu je v hlavicke. Da sa inak nainstalovat
do globalneho /etc/procmailrc a potom to filtruje pre vsetkych
pouzivatelov (aj ked maju svoj vlastny .procmailrc).
Problem je ale s filtrovanim aliasov (/etc/aliases) alebo
aj diskusnych skupin, ktore cez tento alias idu. Ma niekto nejaky napad?

			SAL
------------- další část ---------------
# Antivir test
# version 0.9
# (c) 2002 Jan ONDREJ (SAL) <ondrejj na salstar.sk>

# usage: put this line into .procmailrc
# VIRUSMARK=0
# VIRUSDELETE=0
# INCLUDERC=$HOME/.antivir

#============================== ANTIVIR ===============================
VIRUS=""

# ILOVEYOU
:0
* ^Subject:.*ILOVEYOU
{ VIRUS="Win32/ILOVEYOU $VIRUS" }

# SirCam
:0
* B ?? ^(I send you this file in order to have your advice|I hope you like the file that I sendo you|I hope you can help me with this file that I send|This is the file with the information you ask for)
{ VIRUS="Win32/SirCam $VIRUS" }

# Win32/Cervivec.A na mm
:0
* ^Content-Type: application/x-zip-compressed; name="worms.zip"
{ VIRUS="Win32/Cervivec.A na mm" }

# Klez.E
:0
* B ?? ZTpcd2luZG93c1xTeVN0ZW0zMlxkTGxjYWNoZVxkZGQu
{ VIRUS="Win32/Klez.E $VIRUS" }

# Klez.J
:0
* B ?? iframe src=3Dcid:.* height=3D0 width=3D0
{ VIRUS="Win32/Klez.J/iframe $VIRUS" }
:0
* B ?? PAAAAABSQ1BUIFRPOjwAAAAlZAAAIA
{ VIRUS="Win32/Klez.J/pattern $VIRUS" }

# MyParty
:0 H
* ^Subject: new photos from my party!
{ VIRUS="Win32/MyParty $VIRUS" }

# Fbound.c na MM
:0 H
* ^SUBJECT: Important$
* ^Content-Type: multipart/mixed; boundary="Boundary-a8dfidaoRadvfuck"$
{ VIRUS="Win32/Fbound.c na MM $VIRUS" }

#======================================================================

:0
* VIRUS ?? [^ ]
{ LOG="VIRUS: $VIRUS
"
# Mark it
:0 fw
* VIRUSMARK ?? 1
| formail -A "X-Virus-Warning: $VIRUS"
# Delete it
:0
* VIRUSDELETE ?? 1
/dev/null
}

Další informace o konferenci linux