[Mimedefang] klez detection
-ray
ray at ops.selu.edu
Mon Mar 31 13:53:01 EST 2003
Hello all,
I am using the following snippet in filter to detect and discard klez
virii:
if (join("",@{$entity->body}) =~ /TVqQAAMAAAAEAAAA/) {
md_log('klez_virus', $fname, $type);
action_quarantine_entire_message('Caught a Klez virus');
return action_discard();
}
this is until we decide on a real virus scanner. However i believe a few
attachments may have come through that contained the string
TVqQAAMAAAAEAAAA but were not actually klez infected. Has anyone seen
this before or use this technique to detect klez? Is there a better way
to detect klez attachments? thanks for any info...
-ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
More information about the MIMEDefang
mailing list