ÀÌ ¹ÙÀÌ·¯½º´Â º¸Åë, 'Hi! How are you?' ¶ó´Â ¹®±¸¸¦ Æ÷ÇÔÇÏ°í ÀÖÀ¸¸ç,
ÀϹÝÀûÀÎ ÆÄÀÏÀ» ÷ºÎÇÏ°í ÀÖ´Â Á¤»óÀûÀÎ ¸ÞÀÏó·³ º¸¿©, ¼Ó¾Æ³Ñ¾î°¡±â ½¬¿î ÇüÅÂÀ̸é¼,
½Ã½ºÅÛ¿¡ ÇÇÇظ¦ ÀÔÈ÷¹Ç·Î, ÁÖÀǸ¦ ¿äÇÏ°í ÀÖ½À´Ï´Ù.
¾Æ·¡ ³»¿ëÀº ±è°æ¿í´Ô²²¼ ÀÛ¼ºÇÑ sendmail 8.9 ÀÌ»ó ¹öÀü¿¡¼ ÀÌ ¹ÙÀÌ·¯½º¸¦
Â÷´ÜÇÏ´Â ¹æ¹ý¿¡ ´ëÇÑ ÆÁÀÔ´Ï´Ù.
--------------------------------------------------------------------------------
ÀÌ ·ê¼ÂÀº quanta-spam_killer¿¡¼ Sircam worm Â÷´Ü ·ê¼Â¸¸À» ºÐ¸®ÇÑ
°ÍÀÔ´Ï´Ù.
Sircam worm¿¡ ´ëÇÑ Á¤º¸´Â ¾Æ·¡ URL¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
http://home.ahnlab.com/search/virus_detail.jsp?SEQ_NO=843
w32.sircam.worm@mm.html"
target="_blank">w32.sircam.worm@mm.html" TARGET=_blank>w32.sircam.worm@mm.html" TARGET=_blank>http://www.symantec.com/avcenter/venc/data/pf/w32.sircam.worm@mm.html
target="_blank">½Ã¸¸ÅØ, ¼Ä· ¿ú ¹ÙÀÌ·¯½º À§Çèµµ »óÇâ Á¶Á¤ (µðÁöÅ» ŸÀÓ½º,
2001/07/23)
target="_blank">[ÄÄÇ»ÅÍ]"How are you" ¹ÙÀÌ·¯½º ±â½Â (µ¿¾ÆÀϺ¸,
2001/07/20)
º» Â÷´Ü¹ýÀº Sircam worm Á¦ÀÛÀÚÀÇ À߸øµÈ Content-Disposition: »ç¿ë¿¡
¹ÙÅÁÀ» µÐ °ÍÀ¸·Î, Content-Disposition: ÀÇ ¿Ã¹Ù¸¥ »ç¿ë¿¹´Â RFC 2183À» ÂüÁ¶ÇϽñâ
¹Ù¶ø´Ï´Ù.
Áï, º» ·ê¼ÂÀº ¸ÞÀÏ Çì´õ¿¡ ¾Æ·¡¿Í °°Àº header field°¡ ¹ß°ßµÉ °æ¿ì sircam
worm À¸·Î °£ÁÖÇÏ¿© reject ÇÕ´Ï´Ù. RHSÀÇ ¿Ã¹Ù¸¥ »ç¿ë¿¹´Â, 'inline' ¶Ç´Â 'attachment'
ÀÔ´Ï´Ù.
Content-Disposition: Multipart message
sendmail.cf¿¡ ´ÙÀ½ ·ê¼Â¸¸À» Ãß°¡ÇÏ¿© Sircam wormÀ» Â÷´ÜÇÒ ¼ö ÀÖ½À´Ï´Ù.
¶ÇÇÑ, ³»ºÎ ³×Æ®¿öÅ©¿¡ ÀÌ¹Ì °¨¿°µÈ PC°¡ ÀÖÀ» °æ¿ì wormÀÇ È®»êÀ» Â÷´ÜÇÔ°ú
µ¿½Ã¿¡, maillog(¶Ç´Â syslog)¸¦ °Ë»öÇÏ¿© °¨¿°µÈ PC¸¦ ¹ß°ßÇÒ ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù.
ÀÌ ·ê¼ÂÀÇ »ç¿ëÀº sendmail 8.9 À̻󿡼¸¸ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÆĶõ»öÀ¸·Î µÈ ºÎºÐÀÌ Ãß°¡µÉ ºÎºÐÀÔ´Ï´Ù.
# check IP address
R$* $: $&{client_addr}
R$@ $@ OK originated locally
R0 $@ OK originated locally
R$=R $* $@ OK relayable IP address
R$* $: $>LookUpAddress <$1> <$1>
R$* $@ RELAY relayable IP address
R<$*> <$*> $: $2
R$* $: [ $1 ] put brackets around it...
R$=w $@ OK ... and see if it is local
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
### Sircam worm filter
HContent-Disposition: $>check_sircam
D{SIRCAM}"Your message may contain the Sircam.worm !!! (¾Æ·¡ÁÙ°ú ¿¬°áÇؼ ¾²¼¼¿ä.)
See w32.sircam.worm@mm.html" TARGET=_blank>w32.sircam.worm@mm.html" TARGET=_blank>http://www.symantec.com/avcenter/venc/data/pf/w32.sircam.worm@mm.html"
Scheck_sircam
RMultipart message $#error $: 550 ${SIRCAM}
#### ÁÖÀÇ: Multimapt message¿Í $#error »çÀÌ´Â [TAB]ÀÔ´Ï´Ù.
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
Sendmail.cfÀÇ ¼öÁ¤ÀÌ ´Ù ³¡³µÀ¸¸é, sendmailÀ»
restart Çϱâ Àü¿¡ ruleset ¸ðµå¿¡¼ Å×½ºÆ®¸¦ ÇØ º¾´Ï´Ù.
$ /usr/lib/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> check_sircam Multipart message check_sircam input:
Multipart message check_sircam returns: $# error $: 550 553
Your message may contain the Sircam . worm ! ! ! See http :
/ / www . symantec . com / avcenter / venc / data / pf / w32
. sircam . worm @ mm . html > ctrl-D (ºüÁ®³ª¿À±â)
À§¿Í °°ÀÌ Àß µÇ¾ú´Ù¸é, sendmailÀ» restart
ÇÕ´Ï´Ù.
|
|
