dealing with email from "Mydoom" worm
Stefan Bellon
sbellon at sbellon.de
Tue Jan 27 21:07:06 CET 2004
Fred Yankowski wrote:
[snip]
> But something feels wrong about using bogofilter to process
> worm-generated email as akin to spam. I'm concerned that the "Mydoom"
> triggered messages are a bit too close to real non-spam messages for
> comfort. (On the other hand, I get so many bounce messages as a
> result of spammer's forging "from" headers with my domain names, that
> I'm mostly ignoring such messages anyway.)
I already posted an ~/.procmailrc filter for the last worm that spread
around. For this one, I found the following recipe:
:0
* > 30000
* < 34000
{
:0 BD
*
^aUgARAc4MDRN03QDKCQcGBDTLLvXCCMD\+Cnw6E3TNE3g2NDIvLQ0TdM0rKSclIzONk3TiHxwaClv$
/dev/null
}
The line after ":0 BD" and before "/dev/null" is actually one single
line.
--
Stefan Bellon
More information about the Bogofilter
mailing list