Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Pierre Abbat: Procmail recipe for getting rid of the Sircam worm

Jul 24, 2001, 18:07 (17 Talkback[s])

[ Thanks to Pierre Abbat for this link. ]

The Sircam worm is one of those 'net nuisances that Linux users will feel good about not helping to spread. On the other hand, it's a real pain if for nothing other than the hammering it gives your mailbox (55 and counting in two days for one of our editors). Here's a link describing the worm, and a procmail recipe that appends a "Precedence: junk" header to mails coming from SirCam-infected clients. Keep in mind that this recipe sends a notification to infected clients: if you don't have procmail up, running, and tested already, it may pay to check out some tutorials (see related stories). If nothing else, the regexp included in the recipe may provide a way to move it out of sight for mail clients with filtering available (like kmail, Evolution, and Netscape Communicator, for instance.)

-----BEGIN PGP SIGNED MESSAGE-----

The following procmail recipe will filter out the SirCam worm and send a reply
to the sender. The backslash must be removed from the middle of the line of
gibberish for it to work; it is there so that the procmail recipe, which I have
installed, will not filter out this message and tell me that I am infected (I
can't be; it's a Windows virus and I'm running Linux). Please install in your
global procmailrc and pass this on to other sysadmins.

Pierre Abbat
- ---

:0 Bh
*I send you this file in order to have your advice
*daeLRCQEM9KJEIN8JAwAdBmLRCQEi1QkCIkQi0\QkDCtEJAiLVCQEiUIEg8QUXV9eW8NTVldV
  |(formail -rtb -I "Precedence: junk" \
    -I "Subject: SirCam Virus Spam Worm"; \
    echo "Your computer is infected with the SirCam worm. Please see"; \
    echo "http://www.wired.com/news/technology/0,1282,45427,00.html for more information.")\
    |$SENDMAIL -oi -t

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO10fzuiqAEP6euMdAQHFawf+P+Wb0CHGwTFdsSRKxdhQqY7vIamqF/GQ
pa+lOcfOawl/R4OmtcMDrL3WVRC4mjIC38Kj2A6+a400D4/OVK4bsLiflH/3y2Bd
fR96SrljSUIimIwFzzCxF0nkBGPPG98Cw9qj6GorMrHi858+sqg/9YALLyUod/CS
ZPt9CicpV9SkW5bK2EJ91YK5XGNLXx1qjmP4tZhR6l0r2vZ7AsR7aD7m3KiHSF0D
L/rZ2auP/GFTiPK9gkuonS1z1+H4efZiEB2HXgXa62xmGCqJE+fbA6aiIA2qR72B
qDKHxNCOuUavtjpIdmYJ6gpx2dn4BTvJzgDvItHFNn6T249uBbWN0w==
=fR4e
-----END PGP SIGNATURE-----

Wired's Story

Related Stories: