Re: Is swen back?

To: debian-user@lists.debian.org
Subject: Re: Is swen back?
From: conover@rahul.net (John Conover)
Date: 19 Jan 2004 14:30:47 -0000
Message-id: <[🔎] 20040119143047.13645.qmail@mauve.rahul.net>
Reply-to: conover@rahul.net (John Conover)
In-reply-to: <[🔎] bugl31$2b9$2@sea.gmane.org>
References: <[🔎] 200401191818.09448.ogulla@uonbi.ac.ke> <[🔎] bugl31$2b9$2@sea.gmane.org>

Andreas Janssen writes:
> 
> Alphonse Ogulla (<ogulla@uonbi.ac.ke>) wrote:
> 
> > Got 200 plus mail bombs in my pop3 account this morning. Luckily I
> > used Kmail and filtered (deleted) every incoming message of size
> > greater than 40Kb. Just wondering, is swen back from holiday? How you
> > people managing?
> 
> From my point of view, it looks like it never really went away. Over the
> last months, I get between 30 to 50 of this viruses, mostly swen, every
> day. Sometimes until the daily forwarding quota for my bigfoot account
> is exceeded.
>

FYI, if you are running procmail in a shell account:

    :0 BD
    * ^(T(24gRXJ|V(oAAAI|pQAAI|psAAE|qQAAM))|(UEsDBBQ))
    /dev/null

in your ~/.procmailrc will catch most M$ executables in your e-mail
and trash them.

Be advised that if you expect executables in your e-mail, it will
trash them too, as well as zipped files-so you would have to make a
policy on that.

	John

BTW, the recipe looks for the base64 encoded M$ executable
header/loader information in the beginning of the file in the e-mail
body. See /usr/share/misc/magic for particulars.

-- 

John Conover, conover@rahul.net, http://www.johncon.com/

Reply to:

Follow-Ups:
- Re: Is swen back?
  - From: Andreas Janssen <andreas.janssen@bigfoot.com>

References:
- Is swen back?
  - From: Alphonse Ogulla <ogulla@uonbi.ac.ke>
- Re: Is swen back?
  - From: Andreas Janssen <andreas.janssen@bigfoot.com>

Prev by Date: Correct way of using new kernel-image?
Next by Date: Re: sound card
Previous by thread: Re: Is swen back?
Next by thread: Re: Is swen back?
Index(es):
- Date
- Thread