Catch Novarg Worm with Procmail

The latest updated local-rules.procmail from John Hardin has a rule to catch the new NovArg worm. The worm is caught by his security script anyway, but this Procmail recipe identifies the worm.
Update! It seems that the worm uses files with the .zip extension to transmit itself. These aren’t mangled by default so it’s probably worth adding “.zip” to your mangle list for the next week or so. John has more to say..

Leave a Reply

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.