procmail nimda e-mail filter

[Bryan Bradsby <Bryan.Bradsby () capnet state tx us>]

# Detect W32.nimda worm and move to /var/tmp/nimda.DATE.username
# w32.nimda.amm
#
:0 i
* ^Content-Type: multipart/related
* ^Content-Disposition: Multipart message
* ^Subject: .*Software\\Microsoft\\Windo.*$
{
        :0
        { DATE_=`date "+%Y%m%d"` }
        :0 B
        * ^Content-Type: audio/x-wav
        /var/tmp/nimda.$DATE_.$LOGNAME
}

recycled electrons from sircam...

-bryan bradsby

NOC: 512-475-2432
Texas State Government Net
--
Any technology distinguishable from magic is insufficiently advanced.