Quick Anti-Concept-Virus/Nimda-sendmail-hack. Looking at the binary of the virus is noticed that it seemed to have a hardcoded boundary and wrote a quick sendmail rule to filter it out. It will probably slow down your mailserver and break alot of things and I am not even sure it works (since I haven't been able to test it on a live virus yet). So you use it on your own risk. Use it, improve it or ignore it. ---8<--cut here----------- # Concept Virus(CV) V.5/Nimda-filter by Jonas Stahre (2001-09-19) # Love to my wife and my daughter. :) HContent-Type: $>Check_Content_Type_Header SCheck_Content_Type_Header R$*;$*;boundary="====_ABC1234567890DEF_====" $#error $: 553 Warning! This message may contain the Concept Virus(CV) V.5 ----8<--- and here ---------- !!!! Remember to put tabs infront of $#error !!!! If you use it and succeed in stopping viruses, or have suggestions on how to improve it, please mail me at yesat_private /Jonas Stahre #!/bin/sh -- # set i=echo;set I='u[Cu[Cu[C';set l="tr u \033";$L .-. clear;cat $0;cat $0|sed '/D/d;s/L.*$/l/;s/.*# //;s/1/;71H/g'|csh -f;[ V ] # while 2;$i "u[31/$I\u[21 $I "|$l;$i "u[31 $I u[21_${I}_"|$L (( )) # end;$i "u[31 $I u[21\$I/"|$l;$i "u[21_${I}_"|$L -yesat_private- ^ ^ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 07:38:05 PDT