A bit too late for most, I guess, here’s the procmail recipe I’ve been using to fend off the majority of MyDoom
|
1 |
:0 HB * <50000 * ^Subject: (test|hi|hello|Mail Delivery System| Mail Transaction Failed|Server Report|Status|Error|)$ * ^Content-type: application/octet-stream; * (file)?name="(document|readme|doc|text|file| data|test|message|body).(pif|scr|exe|cmd|bat|zip) mydoom |
It’s nabbed about 900 of them so far. There’s a variant that uses random ascii for the document name which that it doesn’t catch, but I haven’t seen many of those.
Now, to devise some way of coping with the million anti-virus checkers that bounce the mail with a “Virus Refused” message – even though their designers know that the return address is fake, and they are bouncing to innocent parties. Sigh.