Web Hosting Talk






PDA

View Full Version : Sircam virus

Bat
08-15-2001, 04:03 PM
Hi,
Most of you probably heard of the Sircam virus. Well, the worst days are over i guess but since a few days i got a new mail sent by the virus from some random computer. Normally it sends a few mails with attachement from someones computer and then its over only this time i have a terrible case. I get about 200 mails plus big attachment from some dude's computer.
200 a day, maybe more, from just one person who obviously doesnt know he is infected. I tried to mail him but it bounced.
The mail is sent to my raq3 server and from there forwarded to outlook. How can i block this mail to my raq3? Is this even possible? This is getting out of hand, i just leave Outlook open and keep on downloading the virus.
Thank you.

Franck.
webbcite
08-15-2001, 07:33 PM
Do a search for sircam...I got a great procmail script from a thread a couple weeks ago. I am using it and have bounce a number of attempts.

You can also setup procmail to /dev/null any email from the sender. Pretty cool program actually...

I was curious myself, so here is the thread...

http://www.webhostingtalk.com/showthread.php?threadid=16964&highlight=sircam
Bat
08-15-2001, 07:53 PM
Thanks man, i hope this helps.
SI-Chris
08-15-2001, 09:19 PM
You may also want to check out the Cobalt mailling list archives for information, there's been quite a bit of discussion there on Sircam lately:
http://list.cobalt.com/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=sircam
Bat
08-15-2001, 09:35 PM
Thanks, i'll look into it.
Bat
08-15-2001, 09:58 PM
Damn, i went to root, cd /etc opened pico, entered the code and tried to save but pico wont let me save.
It says permission is denied.
Whats that all about?
Thanks.
Chicken
08-15-2001, 10:41 PM
After you login as admin, su to root (super user) and then do it.
Bat
08-16-2001, 09:36 AM
Thanks, that worked, now 1 last question :(
Sorry to bother everyone but i really dont know anything about this. I read in the other posts the file should be in /etc
but now its in root. Should i copy it, move it?
If so, how?
Thanks
jaime
08-17-2001, 08:16 AM
Originally posted by Bat
Thanks, that worked, now 1 last question :(
Sorry to bother everyone but i really dont know anything about this. I read in the other posts the file should be in /etc
but now its in root. Should i copy it, move it?
If so, how?
Thanks


If you have the "procmailrc" file you created in root just move it to the etc dir:

if you need lo know where is the file type: locate procmailrc

cd to the dir where the file is in and do this:

1. su root
2. mv procmailrc /etc

to check if you have moved it correctly
1. cd /etc
2. dir proc*
you'll see the file there.