Re: debianppc list and sven virus

To: debian-powerpc@lists.debian.org
Subject: Re: debianppc list and sven virus
From: Clive Menzies <clive@clivemenzies.co.uk>
Date: Wed, 26 Nov 2003 10:12:54 +0000
Message-id: <[🔎] 20031126101254.GG789@apollo>
Mail-followup-to: debian-powerpc@lists.debian.org
In-reply-to: <[🔎] 21862.1069438848@www56.gmx.net>
References: <[🔎] 21862.1069438848@www56.gmx.net>

On (21/11/03 19:20), Mick Weiss wrote:
> I think that sombody's box on the debianppc mailing list has the Sven virus.
> After subscribing, I get 100+ e-mails that say that they are from Microsoft.
> 
> I talked to some people at the local linux user group and thats what they
> told me. 
> 
> Anyone else have this problem?
> 
> If this is indeed the case, and someone happens to be running windows ---
> please use an anti-virus :o) pleeeeeez Any more mail and I will cringe. 
This has been an issue for some months and if you could check the
archive (which appears to be down still) you would see copious posts on
the problem and various ways of dealing with it.

It appears that the debian lists are being harvested for addresses and
if you post to any of them, you are a target.

FWIW I use mailfilter in conjunction with fetchmail to remove most of
the swen stuff before download.  Attached is a copy of my mailfilterrc.

HTH

Clive


-- 
http://www.clivemenzies.co.uk
strategies for business

# -----------------------------------------------------------
# Clive's RC file from example rcfile in the INSTALL document
# -----------------------------------------------------------


# -----------------------------------------------------------
# Logile path (be sure you have write permission in this
# directory; you MUST specify a logfile)
 
LOGFILE=/home/your-home_dir/.mailfilter.log
 
 
# -----------------------------------------------------------
# Level of verbosity

VERBOSE=3
 
 
# -----------------------------------------------------------
# POP3 server list (do not change the order of the fields!)
# Note: Port 110 is usually the port POP3 servers use.
#       Currently only POP3 is supported.
 
SERVER=whatever.net
USER=your_username
PASS=your_password
PROTOCOL=pop3
PORT=110
 
       	SERVER=another_whatever.net
	USER=another_username
	PASS=another_password
        PROTOCOL=pop3
        PORT=110
 
 
# -----------------------------------------------------------
# Do you want case sensitive e-mail filters? { yes | no }
 
REG_CASE=no


# -----------------------------------------------------------
# Sets the type of Regular Expression used { extended | basic }
#
# (The default is 'basic', don't change unless you know what you
#  are doing. Extended REs are more complex to set up.)
 
REG_TYPE=basic


# -----------------------------------------------------------
# Maximum e-mail size in bytes that should not be exceeded.
 
# MAXSIZE_DENY=1000000


# -----------------------------------------------------------
# Set maximum line length of any field in the message header
# (default is 998 characters per line; 0 to disable option)
 
# MAXLENGTH=998


# ----------------------------------------------------------
# Filter rules for detecting spam (each rule must be placed
# in a seperate line)

# These filters detect certain unpleasant e-mail subjects:

DENY=^Subject:.*Network \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Net \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Security \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Latest \(Critical\|Internet\|Patch\|Security\|Upgrade\|Update\|Pack\)\+
DENY=^Subject:.*Abort \(Announcement\|Report\)* 
DENY=^Subject:.*Current \(Internet\|Security\|Microsoft\|Pack\|Update\)* 
DENY=^Subject:.*Error Letter
DENY=^Subject:.*Bug Letter
DENY=^Subject:.*New Pack
DENY=^Subject:.*viagra
DENY=^Subject:.*\(penis\|Dick\)\+
DENY=^Subject:.*home loan
DENY=^Subject:.*\(Phentermine\|Valium\|Vicodin\|Xanax\)\+
DENY=^Subject:.*Medications
DENY=^Subject:.*Online Pharmacy
DENY=^Subject:.*DISCREET OVERNIGHT PHARMACY
DENY=^Subject:.*Lowest Rates
DENY=^Subject:.*hey there\.\.\.


DENY=^From:.*Microsoft \(Network\|Security\|Corporation\|Email\|Inet\|Mail\|Service\|Message\|Internet\|Customer\|Public\|Support\)*
DENY=^From:.*MS \(Net\|Network\|Security\|Corporation\|Mail\|Service\|Message\|Internet\|Customer\|Support\)*
DENY=^From:.*Customer Bulletin
DENY=^From:.*Internet \(Delivery\|Email\|Service\|System\|Mail\|Message\|Storage\|Upgrade\)\+
DENY=^From:.*Net \(Delivery\|Email\|Service\|System\|Mail\|Message\|Storage\|Upgrade\)\+
DENY=^From:.*Delivery Service
DENY=^From:.*Security Department
DENY=^From:.*Email \(Delivery\|Service\)\+
DENY=^From:.*Storage \(Service\|System\)*
DENY=^From:.*Network \(Client\|Mail\|Storage\|System\|Security\|Service\)\+
DENY=^From:.*Technical \(Assistance\)\+
DENY=^From:.*Public Services
DENY=^From:.*CyberAtlas
DENY=^From:.*youask4it

DENY=^To:.*Net \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Inet \(Client\|Recipient\)*
DENY=^To:.*Internet \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Network \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Mail \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Email \(Client\|Consumer\|Recipient\|Receiver\|User\)\+
DENY=^To:.*Commercial \(Client\|Customer\|Consumer\|User\)*
DENY=^To:.*Microsoft \(Client\|Customer\|Consumer\|User\)*
DENY=^To:.*Customer
DENY=^To:.*Client




# This one filters mail from everyone at a certain organisation:
DENY=^From:.*@any_provider_that_spams.org

# We don't want any of those 'LEGAL' messages either
# while stuff with 'legal' in the subject still interests us:
DENY_CASE=^Subject:.*LEGAL


# -----------------------------------------------------------
# Normalises the subject strings before parsing, e.g.
# ',L.E-G,A.L; ,C.A-B`L`E, +.B-O`X` ;D`E`S,C;R,A.MB;L,E.R-]'
# becomes 'LEGAL CABLE BOX DESCRAMBLER' which can be filtered.
#
# If NORMAL is switched on, Mailfilter tries to apply filters
# to both the normalised and the original subject.

NORMAL=yes


# -----------------------------------------------------------
# The maximum e-mail size in bytes that messages from friends
# should not exceed. Set this to 0 if all your friends (ALLOW)
# can send messages as long as they want.
 
MAXSIZE_ALLOW=0
 
 
# ----------------------------------------------------------
# Set list of friends that always pass, if they do not
# exceed the message length of MAXSIZE_ALLOW
 
# This rule allows all mail from a friend who was unlucky enough
# to have signed up with a spam organisation. With DENY we
# block everyone else from that domain though! See above!
ALLOW=^From:.*a_friend_with_account@any_provider_that_spams.org
ALLOW=^From:.*pratima@accounting-redhouse.co.uk
 
# Of course we allow e-mail from anyone who has something to say about
# mailfilter:
ALLOW=^Subject:.*mailfilter

# We also let our girlfriend send any e-mail she wants:
ALLOW=^From:.*my_girlfriend@any_provider.com

#    SHOW_HEADERS =yes
#    TEST =yes

Reply to:

Follow-Ups:
- Re: debianppc list and sven virus
  - From: Martin-Éric Racine <q-funk@pp.fishpool.fi>

References:
- debianppc list and sven virus
  - From: "Mick Weiss" <micklweiss@gmx.net>

Prev by Date: question about include/asm-ppc/uaccess.h on linux 2.6.0-test10
Next by Date: OF errors (Re: rivafb in 2.4 / 2.6 benh kernel.)
Previous by thread: Re: debianppc list and sven virus
Next by thread: Re: debianppc list and sven virus
Index(es):
- Date
- Thread