Re: Sieve script to filter today's MS annoyances

To: debian-user@lists.debian.org
Subject: Re: Sieve script to filter today's MS annoyances
From: Arnt Karlsen <arnt@c2i.net>
Date: Fri, 19 Sep 2003 18:41:51 +0200
Message-id: <[🔎] 20030919184151.1daf043b.arnt@c2i.net>
In-reply-to: <[🔎] 87u178oln3.fsf@strauser.com>
References: <[🔎] 877k45qwny.fsf@strauser.com> <[🔎] 87u178oln3.fsf@strauser.com>

On Fri, 19 Sep 2003 10:14:56 -0500, 
Kirk Strauser <kirk@strauser.com> wrote in message 
<[🔎] 87u178oln3.fsf@strauser.com>:

> At 2003-09-19T03:33:53Z, Kirk Strauser <kirk@strauser.com> writes:
> 
> OK, last iteration (I promise).  Enough people have found this
> helpful, or at least amusing, that I'm posting my final script update.
> 
> I'm using the "MICROSOFT_EXECUTABLE" block in SpamAssassin in junction
> with this script.  Overnight hit rates look like:
> 
>     My script  : about 4,000 emails
>     SpamAssasin: another few hundred that snuck through
>     My inbox   : about 15-20
> 
> <alan>
> IF YOU DON'T USE MY SCRIPT, THEN YOU MUST BE A WORM AUTHOR.
> </alan>
> 
> ############################################################
> 
> #### Virus detection
> # 2003-09-18: Something stupid and Microsofty
> if anyof(
>     # This one is super-annoying; it mimics real bounce messages
>     allof(
>         # Sender
> 	anyof(
>             # Check that the sender matches a pattern...
> 	    allof(
> 		header :contains "From" [
> 		    "email",
> 		    "inet",
> 		    "internet",
> 		    "mail",
> 		    "microsoft",
> 		    "ms",
> 		    "net",
> 		    "network"
> 		    ],
> 		header :contains "From" [
> 		    "service",
> 		    "section",
> 		    "system"
> 		    ]
> 		),
>             # ...or is one of several words
> 	    header :is "From" [
> 		"administrator",
> 		"admin" ]
> 	    ),
> 
>         # Subject
> 	anyof(
>             # Short phrases
> 	    header :is "Subject" [
> 		"advice",
> 		"announcement",
> 		"failure report",
> 		"letter",
> 		"mail",
> 		"notice",
> 		"report" ],
> 
>             # Weird errors
> 	    allof(
> 		header :matches "Subject" [
> 		    "abort *",
> 		    "bug *",
> 		    "error *" ],
> 		header :matches "Subject" [
> 		    "* advice",
> 		    "* announcement",
> 		    "* letter",
> 		    "* message",
> 		    "* notice" ]
> 		),
> 
>             # Faked bounce messages
> 	    header :matches "Subject" [
> 		"mail: *",
> 		"message*",
> 		"returned mail*",
> 		"returned message*",
> 		"undeliverable message*",
> 		"undelivered message*" ],
> 
>             # No subject
> 	    not exists "Subject"
> 	    )
> 	),
> 
>     # "Current Security Pack", "New Security Update", etc.
>     allof(
> 	header :matches "Subject" [
> 	    "critical *",
> 	    "current *",
> 	    "internet *",
> 	    "last *",
> 	    "latest *",
> 	    "microsoft *",
> 	    "net *",
> 	    "network *",
> 	    "new *",
> 	    "newest *",
> 	    "security *"
> 	    ],
> 	header :matches "Subject" [
> 	    "* upgrade",
> 	    "* update",
> 	    "* pack",
> 	    "* patch"
> 	    ]
> 	)
>     )
> {
>     fileinto "INBOX.virus.2003-09-18";
> }
> 
> ############################################################
> 

..hmmm, cool.  And in .procmailrc'ese it is?  

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to:

Follow-Ups:
- Re: Sieve script to filter today's MS annoyances
  - From: Kirk Strauser <kirk@strauser.com>
- Re: Sieve script to filter today's MS annoyances
  - From: Michael D Schleif <mds@helices.org>

References:
- Sieve script to filter today's MS annoyances
  - From: Kirk Strauser <kirk@strauser.com>
- Re: Sieve script to filter today's MS annoyances
  - From: Kirk Strauser <kirk@strauser.com>

Prev by Date: Trouble Installing Sarge From CD-ROM
Next by Date: Re: ssh + X11
Previous by thread: SpamAssassin, SQL prefs, and Bayes?
Next by thread: Re: Sieve script to filter today's MS annoyances
Index(es):
- Date
- Thread