Re: Researching spamblock/antivirus/attachment filters on mail servers
for procmail i use this two recipes:
:0B
* (^See the attached file for details)
${MAILDIR}.Virus/
:0B
* (^Please see the attached file for details)
${MAILDIR}.Virus/
maybe it would be better to use
* (^(Please see|See) the attached file for details)
but I didn't tried. It was easier and I didn't have time to experience.
${MAILDIR}.Virus/ could be changed to /dev/null but I like to see my every
email (including the infected mails).
Voodooman
- Original Message -
From: "Jarle Aase" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 03, 2003 1:45 AM
Subject: Researching spamblock/antivirus/attachment filters on mail servers
> When Sobig.F hit the local MTA, I started to look for a filter to block
> it. I looked at some common approaches, and my first impression was that
> the filters would be pretty easy to bypass. Which again means that lot's
> og MTA's may be vulnerable for the next attachment plague.
>
> In order to research this theory, I need access to email accounts[1] on
> mail-servers that has applied filters to block suspect attachment types
> like "*.pif". The findings will be published on my home-page (and
> possible on BUGTRAQ if I find anything serious), along with tools to
> verify if an MTA indeed stop masqueraded attachments, or stop valid
> emails in error.
>
> If you have a mail-server that is supposed to block such attachments,
> and are willing to help me in my research, please drop me a note. I'm
> looking for anything from simple perl scripts to commercial filters.
>
> Jarle
> [1] The email-accounts will only be used for this purpose.
> --
> Jarle Aase email: [EMAIL PROTECTED]
> Author of freeware. http://www.jgaa.com
> news:alt.comp.jgaa
>
> War FTP Daemon: http://www.warftp.org
> War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm
> Jgaa's PGP key: http://war.jgaa.com/pgp
> NB: If you reply to this message, please include all relevant
> information from the conversation in your reply. Thanks.
> <<< no need to argue - just kill'em all! >>>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Researching spamblock/antivirus/attachment filters on mail servers
When Sobig.F hit the local MTA, I started to look for a filter to block it. I looked at some common approaches, and my first impression was that the filters would be pretty easy to bypass. Which again means that lot's og MTA's may be vulnerable for the next attachment plague. In order to research this theory, I need access to email accounts[1] on mail-servers that has applied filters to block suspect attachment types like "*.pif". The findings will be published on my home-page (and possible on BUGTRAQ if I find anything serious), along with tools to verify if an MTA indeed stop masqueraded attachments, or stop valid emails in error. If you have a mail-server that is supposed to block such attachments, and are willing to help me in my research, please drop me a note. I'm looking for anything from simple perl scripts to commercial filters. Jarle [1] The email-accounts will only be used for this purpose. -- Jarle Aase email: [EMAIL PROTECTED] Author of freeware. http://www.jgaa.com news:alt.comp.jgaa War FTP Daemon: http://www.warftp.org War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm Jgaa's PGP key: http://war.jgaa.com/pgp NB: If you reply to this message, please include all relevant information from the conversation in your reply. Thanks. <<< no need to argue - just kill'em all! >>> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Virus Found in message "That movie"
Symantec AntiVirus found a virus in an attachment you ([EMAIL PROTECTED] <[EMAIL PROTECTED]>) sent to [EMAIL PROTECTED] To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment. Attachment: document_9446.pif Virus name: [EMAIL PROTECTED] Action taken: Clean failed : Quarantine succeeded : File status: Infected <>
You have been removed from Etips
Hello Friend, This message is confirming your removal from Etips. This is the last message you will receive. We're sorry to see you go. Should you ever wish to resubscribe, you may do so by sending a message to: mailto:[EMAIL PROTECTED] Warmest Regards, Shelley Lowery Etips Editor Web-Source.net http://www.web-source.net --<<>>--<<>>--<<>>--<<>>--<<>>-- Optin Lightning DELIVERS in a BIG way! The Optin Solution that Pays YOU We Personally Guarantee More Features than ANY Other Optin Solution! Auto-Infocapture, Remote Subscribe Code, 26 Followup Autoresponder, MORE! http://www.web-source.net/cgi-bin/web/jump.cgi?ID=513 --<<>>--<<>>--<<>>--<<>>--<<>>-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[no subject]
--<<>>--<<>>--<<>>--<<>>--<<>>-- Optin Lightning DELIVERS in a BIG way! The Optin Solution that Pays YOU We Personally Guarantee More Features than ANY Other Optin Solution! Auto-Infocapture, Remote Subscribe Code, 26 Followup Autoresponder, MORE! http://www.web-source.net/cgi-bin/web/jump.cgi?ID=513 --<<>>--<<>>--<<>>--<<>>--<<>>-- - We Respect Your Privacy, and Pledge not to Abuse This Privilege. To Stop Future Mailings, Click the Link Below to be Removed Instantly. http://www.ebookstarter.com/optin/[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Friend, Confirm Your Subscription to Claim Your Gift
Hi Friend, --- You have Subscribed to Etips as Friend at [EMAIL PROTECTED] --- PLEASE CONFIRM YOUR SUBSCRIPTION and receive your copy of the highly acclaimed ebook, - To Confirm Your Subscription to Our List Please Click This Link. This Confirmation Process Ensures That Our List is 100% Opt-In Only. http://www.ebookstarter.com/optin/[EMAIL PROTECTED]&id=2051 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Friend, Confirm Your Subscription to Claim Your Gift
Hi Friend, --- You have Subscribed to Etips as Friend at [EMAIL PROTECTED] --- PLEASE CONFIRM YOUR SUBSCRIPTION and receive your copy of the highly acclaimed ebook, - To Confirm Your Subscription to Our List Please Click This Link. This Confirmation Process Ensures That Our List is 100% Opt-In Only. http://www.ebookstarter.com/optin/[EMAIL PROTECTED]&id=1925 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
You have been removed from Etips
Hello Friend, This message is confirming your removal from Etips. This is the last message you will receive. We're sorry to see you go. Should you ever wish to resubscribe, you may do so by sending a message to: mailto:[EMAIL PROTECTED] Warmest Regards, Shelley Lowery Etips Editor Web-Source.net http://www.web-source.net --<<>>--<<>>--<<>>--<<>>--<<>>-- Optin Lightning DELIVERS in a BIG way! The Optin Solution that Pays YOU We Personally Guarantee More Features than ANY Other Optin Solution! Auto-Infocapture, Remote Subscribe Code, 26 Followup Autoresponder, MORE! http://www.web-source.net/cgi-bin/web/jump.cgi?ID=513 --<<>>--<<>>--<<>>--<<>>--<<>>-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[no subject]
--<<>>--<<>>--<<>>--<<>>--<<>>-- Optin Lightning DELIVERS in a BIG way! The Optin Solution that Pays YOU We Personally Guarantee More Features than ANY Other Optin Solution! Auto-Infocapture, Remote Subscribe Code, 26 Followup Autoresponder, MORE! http://www.web-source.net/cgi-bin/web/jump.cgi?ID=513 --<<>>--<<>>--<<>>--<<>>--<<>>-- - We Respect Your Privacy, and Pledge not to Abuse This Privilege. To Stop Future Mailings, Click the Link Below to be Removed Instantly. http://www.ebookstarter.com/optin/[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
