[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Filter for W32/Swen@MM, was Re: Virus emails

Jarno Elonen just posted in debian-mentors these useful guidelines to
fight against those anoying messages. This works great for me, and
serve as a basis to fight against future similar viruses.

Regards, Ismael

----- Forwarded message from Jarno Elonen <elonen@iki.fi> -----

From: Jarno Elonen <elonen@iki.fi>
Subject: Filter for W32/Swen@MM
To: debian-mentors@lists.debian.org
Date: Sat, 20 Sep 2003 16:38:37 +0300

Sven Luther wrote:

> BTW, the attachement is of md5sum b09e26c292759d654633d3c8ed00d18d.
> Anyone know of an easy way to filter out emails where a given
> attachement has a particular md5sum ?

I wrote a helpfull Python script this morning and have successfully filtered 
about 60(!) virus mails with it today already.


The program - when a message is piped though it - analyzes mail attachments 
and puts the results in the header...

    X-Msg-Part-Info: attachment; size="106496";
         claimedmime="audio/x-wav"; name="gvzvfszn.exe";

... so that one can write mail reader rules to filter messages with certain 
attachments.  I'm using Kmail myself, with the following rules:

   Add the attachment info to header:

   1) 'To' doesn't equal 'MATCH_FOR_ALL' =>
       'pipe through' '/home/jarno/bin/mpartinfo2hdr'
       DON'T stop if this matches

   Remove certain virus mail:

   2) 'any header' matches regexp
      => move to trash

   Move probably virus mail:
   3) 'any header' matches regexp
      'any header' matches regexp
      => move to folder 'virus'

- Jarno

To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

----- End forwarded message -----

"Tout fourmille de commentaries; d'auteurs il en est grande cherté"

Attachment: signature.asc
Description: Digital signature

Reply to: