[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mymail worm

On Wed, Feb 04, 2004 at 02:10:55PM +0000, Pigeon wrote:

> On Wed, Feb 04, 2004 at 01:59:32AM +0000, Antony Gelberg wrote:


> > Anyone have a similar rule to nuke this new mymail worm?  I have some
> > samples if anyone can tell me how to analyse them to paste the correct
> > thing in the BD line.
> This beastie doesn't set the Message-Id: header. I find I can zap it
> quite happily by looking for Message-Id: headers that have been added
> by my ISP's mail relay; the following mailfilter rule works:
>   DENY=^Message-Id:.*<.*@store[0-9]\.mail\.uk\.easynet\.net>
> ...adjust to fit your ISP's relay and translate to procmailese.

I use an identical rule in my mailfilterrc, or did until five minutes
ago.  Its now commented out.

Its usefulness in deleting spam and mail associated with the mymail worm
before downloading it has been offset by the deletion of a small number
of legitimate mails, including one a few minutes ago.  The originating
mail server should have added a Message-Id but for some reason some
don't.  Effective the rule might have been but I'd rather not lose mail.


Reply to: