Linux Today: Linux News On Internet Time.

Pierre Abbat: Procmail recipe for getting rid of the Sircam worm

Jul 24, 2001, 18:07 (17 Talkback[s])

[ Thanks to Pierre Abbat for this link. ]

The Sircam worm is one of those 'net nuisances that Linux users will feel good about not helping to spread. On the other hand, it's a real pain if for nothing other than the hammering it gives your mailbox (55 and counting in two days for one of our editors). Here's a link describing the worm, and a procmail recipe that appends a "Precedence: junk" header to mails coming from SirCam-infected clients. Keep in mind that this recipe sends a notification to infected clients: if you don't have procmail up, running, and tested already, it may pay to check out some tutorials (see related stories). If nothing else, the regexp included in the recipe may provide a way to move it out of sight for mail clients with filtering available (like kmail, Evolution, and Netscape Communicator, for instance.)


The following procmail recipe will filter out the SirCam worm and send a reply
to the sender. The backslash must be removed from the middle of the line of
gibberish for it to work; it is there so that the procmail recipe, which I have
installed, will not filter out this message and tell me that I am infected (I
can't be; it's a Windows virus and I'm running Linux). Please install in your
global procmailrc and pass this on to other sysadmins.

Pierre Abbat
- ---

:0 Bh
*I send you this file in order to have your advice
  |(formail -rtb -I "Precedence: junk" \
    -I "Subject: SirCam Virus Spam Worm"; \
    echo "Your computer is infected with the SirCam worm. Please see"; \
    echo "http://www.wired.com/news/technology/0,1282,45427,00.html for more information.")\
    |$SENDMAIL -oi -t

Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Wired's Story

Related Stories: