From: Mustafa Akgul (akgul@Bilkent.EDU.TR)
Date: Thu 04 May 2000 - 17:16:07 EEST
Merhabalar,
Asyada baslayip Avrupya'da hizla yayian melissa benzeri bir Worm var
ortalikta. Henuz virus tarayicilari tanimiyor.
win32 ortaminda outlook express'te etksini gosterdigi bildirildi.
MP3, JPEG ve MIRC uzeidne etkinsi gosteriyor. Ornegin, bir kullanciin
tum JPEG dosyalarini silmis.
attachemnt'in adi "LOVE-LETTER-FOR-YOU.TXT.vbs"
Subject/konu satirinda ILOVEYOU yaziyor, ve mesaj olarak:
"kindly check the attached LOVELETTER coming from me" yaziyor.
Korunmak icin:
1. subject te ILOVEYOU yazan mesjalari silin
2. outlook vs de security'yi artirin; ynai macrolari otamatik aktif
hale getirmeyin
3. mail programiniza bu tur mesajlari silmesi yaad reddtemesi icin
talimat verin
bunu istemci bazinda kisisel suzgecle yapabilirisniz
yada sendmail.cf/ yada postfix/main.cf'de header kontrolu
yapabilirsiniz.
a.) sendmail icin;ms su satirlari uygun sendmail.cf'e ekleyiebilrsiniz
#### Melissa
#Local Rulesets
# Kludgey Melissa virus checking routine.
# Just need enough of a pattern to match.
# Instructional note:
# The format for the rule is
# RExactly the thing you want to quote
# No quote marks, no tabs, absolutely nothing in
# parentheses (like this, they're considered comments
# and will be removed before they get to the rules).
# After the exact thing, then a tab, and the $#error.
# Note, the $* matches anything, so it's useful for
# wildcarding. This also scans all messages with
# Subject: headers and invokes a rule, so there is
# a performance hit.
HSubject: $>Check_Subject
D{MPat}Important Message From
D{MMsg}This message may contain the Melissa virus.
D{LPat}ILOVEYOU
D{LMsg}This message may contain the Love virus.
SCheck_Subject
R${MPat} $* $#error $: 553 ${MMsg}
RRe: ${MPat} $* $#error $: 553 ${MMsg}
R${LPat} $* $#error $: 553 ${LMsg}
RRe: ${LPat} $* $#error $: 553 ${LMsg}
######################################################################
### check_relay -- check hostname/address on SMTP startup
######################################################################
b) postfox kullaniyorsaniz:
/etc/postfic/main.cf'de
header_checks = regexp:/etc/postfix/header_checks
satirini ekleyin ve /etc/postfix/header_checks dosyasinda
/^Subject: ILOVEYOU/ REJECT
satini ekleyin.
Sunucuyu yeniden baslatmayi unutmayin.
%%%
Saygilar
Mustafa Akgul
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr'a gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/
This archive was generated by hypermail 2b29 : Thu 04 May 2000 - 17:16:13 EEST