Date: Fri, 19 Sep 2003 19:29:13 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: Sieve script to filter today's MS annoyances Message-ID: <200309191729.h8JHTDal019393@lurza.secnetix.de> In-Reply-To: <87fzitqwop.fsf@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kirk Strauser <kirk@strauser.com> wrote:
> I don't know what's going on, but I've been getting literally hundreds of
> virus/worm-looking emails per hour all day today. I grew tired of it and
> wrote the following Sieve script to filter my mail on the server.
>
> The pseudo-bounce messages were particularly annoying; they're close enough
> to the real bounce messages that I *want* to keep that they justified a
> little closer examination. I'll probably tighten the other message type to
> also examine the sender, but I doubt I'll be getting any legitimate mails
> that look like:
>
> Subject: latest security patch
>
> in the near future. Anyway, enjoy as you see fit.
I got lots of those, too. From looking at the headers,
there didn't seem to be very reliable things to identify
that crap, so i decided to filter by body.
The following is an excerpt from my ~/.mailfilter (I'm
using /usr/ports/mail/maildrop):
if (/^"September 2003, Cumulative Patch" update which /:b || \
/^Content-Type: audio\/x-(wav|midi); name="[a-z]*\.(exe|com|bat|scr)")/:b)
{
to "$HOME/Mail/fake-ms-crap"
}
Regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
C++: "an octopus made by nailing extra legs onto a dog"
-- Steve Taylor, 1998
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309191729.h8JHTDal019393>