[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sieve script to filter today's MS annoyances



That was way too simple.  I've been growing the script as false negatives
trickle in, and the current results are below.  By the way, I've come to the
realization that filtering this with pattern matching is probably an
exercise in futility, but it's still fun to try (and it's blocking several
hundred mails per hour, so that's kind of worthwhile).

############################################################

#### Virus detection
# 2003-09-18: Something stupid and Microsofty
if anyof(
    # This one is super-annoying; it mimics real bounce messages
    allof(
	# First, check that the sender matches a pattern
	header :matches "From" [
	    "email *",
	    "inet *",
	    "internet *",
	    "mail *",
	    "microsoft *",
	    "ms *",
	    "net *",
	    "network *" ],
	header :matches "From" [
	    "* service",
	    "* system"
	    ],

	# Second, look at the subject line
	anyof(
	    # Short phrases
	    header :is "Subject" [
	    "advice",
	    "announcement",
	    "failure report",
	    "letter",
	    "report" ],

	    # Weird errors
	    allof(
		header :matches "Subject" [
		    "abort *",
		    "bug *",
		    "error *" ],
		header :matches "Subject" [
		    "* advice",
		    "* letter",
		    "* message",
		    "* notice" ]
		),

	    # Faked bounce messages
	    header :matches "Subject" [
		"mail: *",
		"message*",
		"returned mail*",
		"returned message*",
		"undeliverable message*",
		"undelivered message*" ]
	    )
	),
    # "Current Security Pack", "New Security Update", etc.
    allof(
	header :matches "Subject" [
	    "current *",
	    "internet *",
	    "last *",
	    "latest *",
	    "microsoft *",
	    "net *",
	    "new *",
	    "newest *" ],
	header :matches "Subject" [
	    "* upgrade",
	    "* update",
	    "* pack",
	    "* patch" ]
	)
    )
{
    fileinto "INBOX.virus.2003-09-18";
}


############################################################

-- 
Kirk Strauser

Attachment: pgpsCaEmzdkbZ.pgp
Description: PGP signature


Reply to: