fun w/ the sircam trojan (#1 virus in the us right now):
I’ve recieved a ton of these mails. Copy the attachments to your favourite *nix box and run:
dd if=infected.doc.exe of=clean.doc bs=1 skip=137216
The virus actually mails you real files, appended to the end of the virus code. The dd command skips the virus code.
Now I’m looking forward to recieving more – kind of like a “book of the month” club!