Re: Earthlink and Swen
On Thu, 04 Dec 2003 22:56:59 -0800, Ross Boylan wrote:
> On Thu, Dec 04, 2003 at 03:08:23PM -0500, Paul Morgan wrote:
> ...
>> I have all services locked down to localhost; my only connections to
>> the outside world are mail, news via nntpcached, web via squid... I run
>> Apache but it too is locked down to localhost. My mail is run through my
>> ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
>> be getting like 10 Svens per day). I do see, from time to time, Apache
>> refusing connections attempts which are generally attacks by Windoze worms.
>
> I had a long talk with earthlink a month or two ago in which they told
> me they were not filtering out swen (and they certainly weren't; I got
> a ton). Soon after that, I did see some swen-like stuff in their spam
> filter for my account (but I also saw plenty still coming at me).
>
> What's your basis for saying they are filtering out swen, rather than
> that you're just getting less swen?
I have no idea why you are attacking my veracity. My statement is fact.
>From - Fri Dec 5 15:57:48 2003
X-UIDL: 1asa4W2Al3NZFop0
X-Mozilla-Status: 0001
X-Mozilla-Status2: 08000000
Status: U
Return-Path: <transp@bancorp.ru>
Received: from mail.telebit.ru ([217.107.81.59])
by coot (EarthLink SMTP Server) with ESMTP id 1asa4W2Al3NZFop0
Thu, 4 Dec 2003 23:08:41 -0800 (PST)
Received: from [81.25.172.123] (HELO qivz)
by mail.telebit.ru (CommuniGate Pro SMTP 4.1.6)
with SMTP id 3349026; Fri, 05 Dec 2003 10:07:59 +0300
FROM: "Email System" <webrobot@microsoft.com>
TO: "Mail Receiver" <client@yourserver.com>
SUBJECT: Failure Letter
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="tkvyqd"
Date: Fri, 05 Dec 2003 10:08:00 +0300
Message-ID: <auto-000003349026@mail.telebit.ru>
X-ELNK-AV: 1
--tkvyqd
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<HTML>You currently have EarthLink Virus Blocker powered by Symantec enabled.<br>The following attachments were infected and have been repaired:<br><br>No attachments are in this category.<br>
<br>The following infected attachments were deleted:<br><br>1. fdbq.exe: W32.Swen.A@mm<br>
<br>------------ Original message text follows ------------<br><br>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cid:bbhhysgma" height=3D0 width=3D0></iframe>
<BR><BR>Hi.
<BR>This is the qmail program<BR>
<BR><BR><BR>Undeliverable to <B>bwjkue@microsoft.com</B>
</BODY></HTML>
--tkvyqd
Content-Type: text/plain;
name="DELETED0.TXT"
Content-Transfer-Encoding: base64
Content-Id: <bbhhysgma>
ZmlsZSBhdHRhY2htZW50OiBmZGJxLmV4ZQ0KDQpUaGUgZmlsZSBhdHRhY2hlZCB0byB0aGlz
IGVtYWlsIHdhcyByZW1vdmVkIGJlY2F1c2UgaXQgaXMgaW5mZWN0ZWQgd2l0aCB0aGUgVzMy
LlN3ZW4uQUBtbSB2aXJ1cy4NCg==
--tkvyqd--
--
....................paul
"The number of UNIX installations has grown to 10, with more expected."
(The UNIX Programmer's Manual, 2nd Edition, June 1972)
Reply to: