Ok, this is important, as some of you may know, SirCam is a rather nasty virus.

One of it's main "features" is that it not only goes after people on the Outlook address list, but also sends itself to eMails in the person's explorer cache.

And to top it all off, it doesn't send some 2k script, it attaches itself to any files in the "my document" directory, no matter what the file size.

Due to this, I've been getting HAMMERED by spam-viruses with attachments, some as bug as 5mb a piece!

I have a RaQ3, I am wondering if there is a reasonable way for me to block some of these emails of people who don't respond to my "you got a virus" mail and send attachments over and over (this one guy is sending me about 20-30 attachments a day for the last week or so).

How can I block people from sending mail to me (having it bounce back to them) ?

BTW, I did a search on this forum and didn't find one post addressing mail blocking, so this would be a good info to have all around.

Check out this post:
http://www.4webspace.com/forum/showthread.php?threadid=441

I have disabled email in all domains in my raqs. Need help.

I was told to set up this rule in PROCMAIL, but I do not know exactly how to do it.

The rule is this:

:0B:
* ^.*I send you this file in order to have your advice.*$
/dev/null

:0B:
* ^.*Te mando este archivo para que me des tu punto de vista.*$
/dev/null

Can anybody post step by step how to add this Rule or where to get precisse info of how to do it?

Does this rule bounce the email without wasting bandwith transfer?

I have solved it in my Win2000 server ( 6 gigs of sircam virus in just one week) but I need my raq's email operative.

Thanks.

To set that rule in procmail:

su to root, cd to /etc. Fire up pico and add the following lines to a blank document:


:0B:
* ^.*I send you this file in order to have your advice.*$
/dev/null

:0B:
* ^.*Te mando este archivo para que me des tu punto de vista.*$
/dev/null



save this file as "procmailrc" and you're protected from that strain of the virus. Nothing to restart.

I also use the following to combat .vbs viruses.


SHELL=/bin/bash
:0 B
* ^Content-Disposition: attachment;
* filename=".*\.vbs"
{
:0 fbw
|/bin/sed -e 's/\(name=".*\.vbs\)"/\1.txt"/'

:0 c
/var/log/love.txt
}


This string will rename all vbs extensions to txt and log the occurence to /var/log/love.txt. Pretty handy.

Thanks for your reply, Broken.

What does it mean in the rule: /dev/null ?

Does it bounce the emails or emails are accepted and deleted wasting bandwith transfer?

I have my raqs heavy overloaded and going pretty over the 150 gb monthly.

Thanks for your help.

Originally posted by jaime

What does it mean in the rule: /dev/null ?



/device/rubbish :D

Originally posted by microsol


/device/rubbish :D

Thanks.

I have read a little about Procmail an i have noticed this:

"Attempting to lock things you shouldn't lock (such as /dev/null, or using your actual inbox as the lock file for itself :-) can leave Procmail hanging and consuming lots of resources"

http://www.ling.helsinki.fi/users/reriksso/procmail/mini-faq.html#locking

I understand that I have to use :0 and not :0:

I'll try that :)

But the question is ...

Are now all those Sircam emails (lots of Mb's daily) been transferred to my raq consuming my allowed monthly transfer?

If they are transferred to the raq, is there a way to just reject them (bounce) in order not to waste my 100 gb/month transfer?

thanks

Ok, now i'm a bit confused.

Let me know if this is currect:

I type the following into a file positioned at "/etc/" called "procmailrc" :

:0B:
* ^.*I send you this file in order to have your advice.*$
/dev/null

:0B:
* ^.*Te mando este archivo para que me des tu punto de vista.*$
/dev/null


What is the issue about file locking? is the above incorrect? Please post something difinitive...

:0B
* ^.*I send you this file in order to have your advice.*$
/dev/null

:0B
* ^.*Te mando este archivo para que me des tu punto de vista.*$
/dev/null

:0B
* ^.*Espero me puedas ayudar con el archivo que te mando.*$
/dev/null

:0B
* ^.*Espero te guste este archivo que te mando.*$
/dev/null


:0B
* ^.*Este es el archivo con la informaci=n que me pediste.*$
/dev/null

:0B
* ^.*I hope you can help me with this file that I send.*$
/dev/null

:0B
* ^.*I hope you like the file that I sendo you.*$
/dev/null

:0B
* ^.*This is the file with the information that you ask for.*$
/dev/null

from incidents.org (http://www.incidents.org)
CODE RED Infection Spreading Causes DoS Effects
------------------------------------------------
According to an incidents.org poster, Tom Liston, the CODE RED worm causes the unfortunate side effect of crashing Cisco (675/678) DSL CPEs running any CBOS prior to version 2.4.1. Apparently the problem is caused by the buffer overflow GET request. This request locks up any modem with the web
management interface enabled.
James Edwards also posted that large ISPs and DSL providers (including Qwest) are noticing DoS-type problems.