Catch Novarg Worm with Procmail

The latest updated local-rules.procmail from John Hardin has a rule to catch the new NovArg worm. The worm is caught by his security script anyway, but this Procmail recipe identifies the worm.
Update! It seems that the worm uses files with the .zip extension to transmit itself. These aren’t mangled by default so it’s probably worth adding “.zip” to your mangle list for the next week or so. John has more to say..

By Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Twitter.

Leave a Reply