The latest updated local-rules.procmail from John Hardin has a rule to catch the new NovArg worm. The worm is caught by his security script anyway, but this Procmail recipe identifies the worm.
Update! It seems that the worm uses files with the .zip extension to transmit itself. These aren’t mangled by default so it’s probably worth adding “.zip” to your mangle list for the next week or so. John has more to say..
