# ############################################################################ # Stop Sober.Q spew! A free plug-in for procmail courtesy of Virus Snaggers # # Copyright 2005 by Dallman Ross ; all rights reserved # # FREE USE UNDER THE VIRUS SNAGGERS(tm) LICENSE, incorporated by reference # # here. See vsnag.spamless.us and www.spamless.us for more. # # ############################################################################ # # Module name: npd.rc # Program version: 1.11 # Last edited: 22-May-2005 # Last change: comment typo; added maildir/legacy procmail dir support # Abstract: Block ultra-right-wing spew spread via Sober.Q # Certainty quotient: 4 (1=lowest, 5=highest) # Likely exceptions: None # # Discussion: Sober.Q uses infected zombie computers to send canned # extreme-rightist political messages to millions of # victims. This little recipe-set stops them in their # tracks, for all current examples known to the author. # Naturally, the malware engine producing the messages # could change, rendering this plug-in less effective. # Should that happen, check back at the vsnag site; # there may be an update. # Notes: If you don't use legacy procmail dirs for saving # and if you don't wish to see the extra log info # the functional check causes, preset the _NOTADIR var. # NO WARRANTY, EXPRESS OR IMPLIED, COMES WITH THIS FREE PRODUCT. USE AT # YOUR OWN RISK. FOR FULL LICENSE TERMS, VIEW THE DOCS AT vsnag.spamless.us. # ############################################################################ # First, set some string vars ... # # ############################################################################ MID = 'a-f0-9' MIDa = "[$MID]" MIDb = "[$MID.]" MID2a = "$MIDa$MIDa" MID4a = "$MIDa$MIDa$MIDa$MIDa" MID4b = "$MIDb$MIDb$MIDb$MIDb" # ############################################################################ # Main recipe is case-sensitive ("D"-flag) and headers-only (low-impact) # # ############################################################################ :0 D * B ?? < 2000 * ^Content-Type: text/plain; charset="us-ascii" * $ ^Message-ID: <$MIDa?$MID4a($MID4a($MID4a|$MID4b)|$MID4b$MID4a)\ $MID4a($MIDa?$MID2a|$MID4a)?@ * ! ^X-Mailer: [^O] * ^Importance: Normal * ^X-Priority: 3 [(]Normal[)] * ^MIME-Version: 1.0 { # in case we don't feeling sure enough yet # ######################################################################### # If we made it this far, do a cursory body check before final verdict # # ######################################################################### :0 B * 9876543210 ^0 ()\ * 1 ^0 ()\ * 1 ^0 ()\ { # ####################################################################### # We'll sequester putative virus; first, we'll test need for a lockfile # # ####################################################################### _NPD = "${MYVIRUS:-${TRASH:-Sober.Q}}" # uses MYVIRUS if set, or ... :0 # no maildir if condition true * _NPD ?? ()\/[^/]+^^ { _ALOCK = : } # ... so assign conditional var :0 A # first, try old-style dir-save * _NOTADIR ?? ^^()^^ ${_NPD}/../$MATCH # it won't work on plain files :0 ${_ALOCK} # _ALOCK's unset for maildirs ${_NPD} # ... save to file or maildir } } MID MIDa MIDb MID2a MID4a MID4b _NPD # unset unneeded vars if here # ############################ END OF MODULE ###############################