[ Thanks to Pierre
Abbat for this link. ]
The Sircam worm is one of those ‘net nuisances that Linux users
will feel good about not helping to spread. On the other hand, it’s
a real pain if for nothing other than the hammering it gives your
mailbox (55 and counting in two days for one of our editors).
Here’s a link describing the worm, and a procmail recipe that
appends a “Precedence: junk” header to mails coming from
SirCam-infected clients. Keep in mind that this recipe sends a
notification to infected clients: if you don’t have procmail up,
running, and tested already, it may pay to check out some tutorials
(see related stories). If nothing else, the regexp included in the
recipe may provide a way to move it out of sight for mail clients
with filtering available (like kmail, Evolution, and Netscape
Communicator, for instance.)
-----BEGIN PGP SIGNED MESSAGE----- The following procmail recipe will filter out the SirCam worm and send a reply to the sender. The backslash must be removed from the middle of the line of gibberish for it to work; it is there so that the procmail recipe, which I have installed, will not filter out this message and tell me that I am infected (I can't be; it's a Windows virus and I'm running Linux). Please install in your global procmailrc and pass this on to other sysadmins. Pierre Abbat - --- :0 Bh *I send you this file in order to have your advice *daeLRCQEM9KJEIN8JAwAdBmLRCQEi1QkCIkQi0QkDCtEJAiLVCQEiUIEg8QUXV9eW8NTVldV |(formail -rtb -I "Precedence: junk" -I "Subject: SirCam Virus Spam Worm"; echo "Your computer is infected with the SirCam worm. Please see"; echo "http://www.wired.com/news/technology/0,1282,45427,00.html for more information.") |$SENDMAIL -oi -t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBO10fzuiqAEP6euMdAQHFawf+P+Wb0CHGwTFdsSRKxdhQqY7vIamqF/GQ pa+lOcfOawl/R4OmtcMDrL3WVRC4mjIC38Kj2A6+a400D4/OVK4bsLiflH/3y2Bd fR96SrljSUIimIwFzzCxF0nkBGPPG98Cw9qj6GorMrHi858+sqg/9YALLyUod/CS ZPt9CicpV9SkW5bK2EJ91YK5XGNLXx1qjmP4tZhR6l0r2vZ7AsR7aD7m3KiHSF0D L/rZ2auP/GFTiPK9gkuonS1z1+H4efZiEB2HXgXa62xmGCqJE+fbA6aiIA2qR72B qDKHxNCOuUavtjpIdmYJ6gpx2dn4BTvJzgDvItHFNn6T249uBbWN0w== =fR4e -----END PGP SIGNATURE-----