This is G o o g l e's cache of http://www.netmeister.org/misc/SirCam.procmailrc.
G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting.
Google is not affiliated with the authors of this page nor responsible for its content. |
|
PATH=/usr/local/bin:/usr/bin:/bin
MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/proclog
SUBJECT=`formail -xSubject: \
| sed -e 's/[;\`\\]/ /g' \
| expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`
FROM=`formail -rt -xTo: \
| sed -e 's/[;\`\\]/ /g' \
| expand | sed -e 's/^[ ]*//g' -e 's/[ ]*$//g'`
:0 B:
* $ ^Content-Type: application/mixed; name=.*"$SUBJECT".*
{
:0 hc:
* ^X-Mailer: Microsoft
* ^Content-Type: multipart/mixed;
| (formail -r -I "Subject: \"SirCam\" Worm Warning"; \
echo "Your machine appears to be infected with the \"SirCam\" Email Worm. "; \
echo "As a result, you sent me a file called \"$SUBJECT\" which also contains this worm. "; \
echo; \
echo "Please see http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html "; \
echo "for instructions on how to remove the worm."; \
echo; \
echo "More information is available at: "; \
echo "http://www.wired.com/news/technology/0,1282,45427,00.html and "; \
echo "http://www.zdnet.com/zdnn/stories/news/0,4586,2792260,00.html?chkpt=zdnnp1tp02 "; \
) | $SENDMAIL -t
:0:
/dev/null
}
# Other SirCam recipes that were posted to the procmail-users mailing list.
# Uncomment these if you want to use them and remove the one on top.
# This tries to match a binary string from the SirCam virus
# in the base64 encoded MIME attachment.
# B: search body, D case sensitive
# :0BD:
# * AAAAGgU0NhbTMyABCDTUlN|AAAAAaBTQ2FtMzIAEINNSU1F|ABkAAAABoFNDYW0zMgAQg01J
# /dev/null
# This one tries to match the text of the worm and assume that anything that
# contains this text and has an attachment is the virus. In this example,
# note the use of $FILEDIR to keep the text of the response out of your
# ~/.procmailrc. Also note that this one also consists of two steps: first
# the matching and the response-email, then the sorting into the box "sircam"
# :0c
# * 1^0 ^Content-Type:.*(multipart|attachment)
# * 1^0 B ?? Hi\! How are you(\?|=3F)
# * 1^0 B ?? I send you this file in order to have your advice
# * 1^0 B ?? See you later(\.|=2E) Thanks
# * 1^0 B ?? Hola como estas *\?
# * 1^0 B ?? Te mando este archivo para que me des tu punto de vista
# * 1^0 B ?? Nos vemos pronto, gracias\.
# * 1^0 B ?? I hope you like the file that I send( t)?o you
# * 1^0 B ?? This is the file with the information that you ask for
# |(formail -r -A "Precedence: junk" \
# -I"Subject: Your Machine is infected with the Sircam Virus" \
# cat $FILEDIR/sircam.txt )|$SENDMAIL -t
# :0A:
# sircam