OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: I love you virus
From: Rod MacPherson (rmacpheCOMPTON.NET)
Date: Thu May 04 2000 - 10:52:28 CDT

Sorry for the crossposting but I thought this could help a few of you.

There is a current outbreak of a virus similar to melissa that e-mails
itself to all of your Outlook contacts.
It can be identified by the subject line: ILOVEYOU

Here is a quick fix for sendmail to block it from spreading further.
(adapted from the Melissa blocking code on sendmail.com (included)

Add this to the bottom of your sendamail.cf:

# Kludgey Melissa virus checking routine.
# Just need enough of a pattern to match.
# Instructional note:
# The format for the rule is
# RExactly the thing you want to quote
# No quote marks, no tabs, absolutely nothing in
# parentheses (like this, they're considered comments
# and will be removed before they get to the rules).
# After the exact thing, then a tab, and the $#error.
# Note, the $* matches anything, so it's useful for
# wildcarding. This also scans all messages with
# Subject: headers and invokes a rule, so there is
# a performance hit.

HSubject: $>Check_Subject
D{MPat}Important Message From
D{MMsg}This message may contain the Melissa virus.

SCheck_Subject
R${MPat} $* $#error $: 553 ${MMsg}
RRe: ${MPat} $* $#error $: 553 ${MMsg}

#the same fix as melissa above, but for ILOVEYOU

HSubject: $>Check_Subject
D{IPat}ILOVEYOU
D{IMsg}This message may contain the ILOVEYOU virus.

SCheck_Subject
R${IPat} $* $#error $: 553 ${IMsg}
RRe: ${IPat} $* $#error $: 553 ${IMsg}

########Make sure that you replace the spaces between $* and $# with a tab.

I am working on a POP fix. If you get one put together first let me know.

Rod MacPherson
Compton Communications
Powergate Internet Division