Catch Novarg Worm with Procmail

The latest updated local-rules.procmail from John Hardin has a rule to catch the new NovArg worm. The worm is caught by his security script anyway, but this Procmail recipe identifies the worm.
Update! It seems that the worm uses files with the .zip extension to transmit itself. These aren’t mangled by default so it’s probably worth adding “.zip” to your mangle list for the next week or so. John has more to say..

You might also like

If you like this post then please subscribe to my full RSS feed. You can also click here to subscribe by email. There are also my fabulous photos to explore too!

Published by


Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

Leave a Reply