Date: Fri, 19 Sep 2003 13:16:54 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Kirk Strauser <kirk@strauser.com> Cc: freebsd-stable@freebsd.org Subject: Re: Sieve script to filter today's MS annoyances Message-ID: <200309192016.h8JKGsaf025015@apollo.backplane.com> References: <87fzitqwop.fsf@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:I don't know what's going on, but I've been getting literally hundreds of
:virus/worm-looking emails per hour all day today. I grew tired of it and
:wrote the following Sieve script to filter my mail on the server.
:
:The pseudo-bounce messages were particularly annoying; they're close enough
:to the real bounce messages that I *want* to keep that they justified a
:little closer examination. I'll probably tighten the other message type to
:also examine the sender, but I doubt I'll be getting any legitimate mails
:that look like:
:
: Subject: latest security patch
:
:in the near future. Anyway, enjoy as you see fit.
:...
You aren't the only one. My mail system processed over a thousand
of these blasted things overnight. I had over 200 in my mailbox
this morning.
Fortunately it took only two quick commands to wipe them,
matching on a portion of the virus content.
I finally caved in and modified my libmilter based filter to
substring-match elements of the virus in the body of the email
and reject it outright, in real time.
-Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309192016.h8JKGsaf025015>