Home page logo
/

nanog logo nanog mailing list archives

procmail nimda e-mail filter
From: Bryan Bradsby <Bryan.Bradsby () capnet state tx us>
Date: Wed, 19 Sep 2001 01:37:47 -0500 (CDT)


# Detect W32.nimda worm and move to /var/tmp/nimda.DATE.username
# w32.nimda.amm
#
:0 i
* ^Content-Type: multipart/related
* ^Content-Disposition: Multipart message
* ^Subject: .*Software\\Microsoft\\Windo.*$
{
        :0
        { DATE_=`date "+%Y%m%d"` }
        :0 B
        * ^Content-Type: audio/x-wav
        /var/tmp/nimda.$DATE_.$LOGNAME
}

recycled electrons from sircam...

-bryan bradsby

NOC: 512-475-2432
Texas State Government Net
--
Any technology distinguishable from magic is insufficiently advanced.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault