---

Pierre Abbat: Procmail recipe for getting rid of the Sircam worm

[ Thanks to Pierre
Abbat
for this link. ]

The Sircam worm is one of those ‘net nuisances that Linux users
will feel good about not helping to spread. On the other hand, it’s
a real pain if for nothing other than the hammering it gives your
mailbox (55 and counting in two days for one of our editors).
Here’s a link describing the worm, and a procmail recipe that
appends a “Precedence: junk” header to mails coming from
SirCam-infected clients. Keep in mind that this recipe sends a
notification to infected clients: if you don’t have procmail up,
running, and tested already, it may pay to check out some tutorials
(see related stories). If nothing else, the regexp included in the
recipe may provide a way to move it out of sight for mail clients
with filtering available (like kmail, Evolution, and Netscape
Communicator, for instance.)

-----BEGIN PGP SIGNED MESSAGE-----

The following procmail recipe will filter out the SirCam worm and send a reply
to the sender. The backslash must be removed from the middle of the line of
gibberish for it to work; it is there so that the procmail recipe, which I have
installed, will not filter out this message and tell me that I am infected (I
can't be; it's a Windows virus and I'm running Linux). Please install in your
global procmailrc and pass this on to other sysadmins.

Pierre Abbat
- ---

:0 Bh
*I send you this file in order to have your advice
*daeLRCQEM9KJEIN8JAwAdBmLRCQEi1QkCIkQi0QkDCtEJAiLVCQEiUIEg8QUXV9eW8NTVldV
  |(formail -rtb -I "Precedence: junk" 
    -I "Subject: SirCam Virus Spam Worm"; 
    echo "Your computer is infected with the SirCam worm. Please see"; 
    echo "http://www.wired.com/news/technology/0,1282,45427,00.html for more information.")
    |$SENDMAIL -oi -t

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO10fzuiqAEP6euMdAQHFawf+P+Wb0CHGwTFdsSRKxdhQqY7vIamqF/GQ
pa+lOcfOawl/R4OmtcMDrL3WVRC4mjIC38Kj2A6+a400D4/OVK4bsLiflH/3y2Bd
fR96SrljSUIimIwFzzCxF0nkBGPPG98Cw9qj6GorMrHi858+sqg/9YALLyUod/CS
ZPt9CicpV9SkW5bK2EJ91YK5XGNLXx1qjmP4tZhR6l0r2vZ7AsR7aD7m3KiHSF0D
L/rZ2auP/GFTiPK9gkuonS1z1+H4efZiEB2HXgXa62xmGCqJE+fbA6aiIA2qR72B
qDKHxNCOuUavtjpIdmYJ6gpx2dn4BTvJzgDvItHFNn6T249uBbWN0w==
=fR4e
-----END PGP SIGNATURE-----

Wired’s
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis