[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Title: Untitled Document
I was getting so many swen.a messages that they well more than
exceeded the sum total of all other email I was receiving
combined and even though my antivirus detected them, it was
becoming a chore to acknowledge the virus alerts, so I wrote
myself a short cf script to delete most of the swen.a messages
from my pop server today... I didn't apply any single rule that
would delete a message (like not having an @ in the to field),
but put in a collection of rules and delete anything that hits
more than 2 of the rules. It's probably a fairly crude script,
considering that I'm not really anything like an email guru,
but here's the guts of the template I wrote for anyone who's
headed the same direction:
p.s. If you don't get all the content of this template in
your email, try the cf-community archive.
<cftry>
<cfparam name="attributes" type="struct" default="#structnew()#">
<cfset structappend(attributes,form,false)>
<cfset structappend(attributes,url,false)>
<cfparam name="attributes.username" type="string" default="[EMAIL PROTECTED]">
<cfset attributes.server = "mail." & listrest(attributes.username,"@")>
<cfswitch _expression_="#attributes.username#">
<cfcase value="[EMAIL PROTECTED]"><cfset attributes.password = "????"></cfcase>
</cfswitch>
<cfparam name="attributes.tolerance" type="numeric" default="2">
<cfparam name="attributes.display" type="string" default="yes">
<cfparam name="attributes.scrub" type="boolean" default="false">
<cfparam name="attributes.schedule" type="boolean" default="false">
<cfparam name="attributes.interval" type="numeric" default="300">
<cfpop name="rs" action=""
server="#attributes.server#"
username="#attributes.username#"
password="#attributes.password#">
<cfscript>
function addrank(bool) { var add = 1;
if (arraylen(arguments) gt 1) { add = arguments[2]; }
myexpression = bool; bool = evaluate(bool);
if (bool) { rank = rank + add; } return yesnoformat(bool);
}
</cfscript>
<cfset arank = arraynew(1)>
<cfset atolerable = arraynew(1)>
<cfsavecontent variable="variables.messages">
<cfoutput query="rs">
<cfset rank = 0>
<cfsavecontent variable="variables.thismessage">
<!--- <cfset offset = rereplacenocase(rs.date,"^.*(([+-]|gmt).*)$","\1")>
<cfset querysetcell(rs,"date",rereplace(rs.date,"[^,]*,([^+-]*).*$","\1")
currentrow)>
<cfset received = rereplacenocase(rs.header,"^.*\.cjmgroup\.com[^;]*;[^,]*
([^+-]*).*$","\1")> --->
<br /><table border="1" cellpadding="5" cellspacing="0" width="100%">
<!--- <tr><td>Date</td><td width="100%" nowrap>#dateformat(rs.date)#
#timeformat(rs.date)#</td></tr>
<tr><td>Received</td><td nowrap>#dateformat(received)#
#timeformat(received)#</td></tr> --->
<tr><td>Date</td><td width="100%" nowrap>#rs.date#</td></tr>
<tr><td>From</td><td>#htmleditformat(rs.from)#</td></tr>
<tr><td>To</td><td>#htmleditformat(rs.to)#</td></tr>
<cfif
len(trim(rs.cc))><tr><td>CC</td><td>#htmleditformat(rs.cc)#</td></tr></cfif>
<tr><td>Subject</td><td>#rs.subject#</td></tr>
<!--- to filters --->
<cfset temp = addrank("yesnoformat(not find('@',rs.to))")>
<cfset temp =
addrank("refindnocase('((commercial|e?mail|i?(nter)?net(work)?)[[:space:]]+(user|customer|partner)|consumer|client|recipient|receiver)'
rs.to)")>
<cfset temp =
addrank("refindnocase('(recipient|receiver|customer|client|user|member)[EMAIL PROTECTED]:space:]]*@'
rs.to)")>
<!--- <tr><td>hit</td><td>#temp# ( #myexpression# )</td></tr> --->
<cfset temp = addrank("findnocase('microsoft',rs.to)",2)>
<cfset temp = addrank("findnocase('@yourserver.',rs.to)")>
<!--- subject filters --->
<cfset temp = addrank("yesnoformat(not len(trim(subject)))")>
<cfset temp =
addrank("refindnocase('(critical|security|current|latest|last|new(est)?|i?(nter)?net)[[:space:]]+(pack|patch|update|upgrade)'
rs.subject)")>
<cfset temp =
addrank("refindnocase('(error|bug|abort|failure)[[:space:]]+(letter|message|report|announcement|notice)'
rs.subject)")>
<!--- from filters --->
<cfset temp = addrank("find('""""',rs.from)")>
<cfset temp = addrank("findnocase('security',rs.from)")>
<cfset temp =
addrank("refindnocase('^[[:space:]]*""?[[:space:]]*(ms|microsoft)',rs.from)"
2)>
<cfset temp =
addrank("refindnocase('(microsoft|\.ms|[[:punct:]]msdn)\.[[:alpha:]]{3
3}[[:space:]]*>',rs.from)",2)>
<cfset temp =
addrank("refindnocase('((i?(nter)?net(work)?|e?mail|program|technical)[[:space:]]+)?(delivery|security|storage|bulletin)'
rs.from)")>
<cfset temp =
addrank("refindnocase('(i?(nter)?net|e?mail|delivery|security|storage|message)[[:space:]]+(assistance|center|service|system|section|department|division)'
rs.from)")>
<!--- remove points for list mail and stuff sent to the person --->
<cfset temp = addrank("findnocase(attributes.username,rs.to)",-1)>
<cfset temp = addrank("findnocase('@yahoo.com',rs.to)",-1)>
<cfset temp = addrank("refindnocase('@(houseoffusion\.com|dfwcfug\.org)'
rs.to)",-5)>
<cfset arrayappend(arank,rank)>
<cfset arrayappend(atolerable,iif(rank gt attributes.tolerance, 0, 1))>
<tr><td>Rank</td><td>#rank#</td></tr>
</table>
</cfsavecontent>
<cfif not comparenocase(yesnoformat(rank gt attributes.tolerance)
attributes.display)>
#variables.thismessage#
</cfif>
</cfoutput>
</cfsavecontent>
<cfoutput><div><b>#rs.recordcount# messages</b></div>
<div>#arraysum(atolerable)# tolerable</div>
<div>#arraysum(arank)# total rank</div>
#messages#
</cfoutput>
<cfif rs.recordcount and attributes.scrub>
<cfloop index="x" from="#rs.recordcount#" to="1" step="-1">
<cfif not atolerable[x]>
<cfpop action="" messagenumber="#x#"
server="#attributes.server#"
username="#attributes.username#"
password="#attributes.password#">
</cfif>
</cfloop>
</cfif>
<!--- <cfdump var="#rs#"> --->
<cfflush>
<cfif attributes.schedule>
<cfschedule action="" task="email scrub #attributes.server#
#attributes.username#"
operation="httprequest" publish="false" requesttimeout="180"
resolveurl="false"
startdate="#dateformat(now())#" starttime="#timeformat(now())#"
interval="#attributes.interval#"
url="">
</cfif>
<cfcatch><cfdump var="#cfcatch#"></cfcatch>
</cftry>
> I've seen 3 different sort of emails that probably contain
> the virus. Problem
> is, issues with the headers cause them to be auto-deleted
> in many cases.
> One of them has no date in the header which is a deletable
> no-no.
> Another has a FROM address with a name portion only but no
> email address,
> another deletable no-no.
> The third notes that its multi-part/alternative yet it
> only had an HTML portion
> (no text alternative) which is a really bad, but not
> deletable no-no.
> End result is that I'll have a fast CFPOP solution for
> anyone who's mailbox gets
> overloaded with this virus. Fun. :)
>> There is a new virus threat introduced to the internet
>> yesterday, which
>> Symantec identifies as the [EMAIL PROTECTED] worm. Other
>> anti-virus companies
> may
>> have a slightly different name.
>>
>> This worm invasion has the potential to spread much like
>> the recent msblaster
>> and SoBig.f worm infections and cause greet inconvenience
>> if not permanent
>> damage to your computer and the network it may be
>> attached to.
>>
>> Some of the infected emails may appear to be from
>> Microsoft, and supposedly
>> containing updated patches, etc. Remember that Microsoft
>> never sends out
> email
>> with executables attached.
>>
>> The SAMCFUG mail server has already trapped 105 instances
>> of this virus/worm
>> just overnight, and everyone using a windows operating
>> system is urged to
> update
>> your anti-virus definitions. If you do not have an
>> anti-virus program
> actively
>> running on your computer you may go to any of the
>> following links and can
>> perform a free on-line virus scan in order to be safe.
>>
>> http://www.symantec.com/
>>
>> http://us.mcafee.com/default.asp
>>
>> http://housecall.trendmicro.com/
>>
>> http://www.grisoft.com/us/us_dwnl_free.php
>>
>> http://www.pandasoftware.com/activescan/com/activescan_pr
>> incipal.htm
>>
>> Do you part to make sure your system is protected, and
>> not infecting others.
>>
>> Thanks
>>
>> Doug White
>>
>>
>> ======================================
>> Stop spam on your domain, use our gateway!
>> For hosting solutions http://www.clickdoug.com
>> Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and
>> all databases.
>> ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
>> Suggested corporate Anti-virus policy:
>> http://www.dshield.org/antivirus.pdf
>> ======================================
>> If you are not satisfied with my service, my job isn't
>> done!
>>
>>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~|
> Message:
> http://www.houseoffusion.com/lists.cfm?link=i:5:89331
> Archives: http://www.houseoffusion.com/lists.cfm?link=t:5
> Subscription:
> http://www.houseoffusion.com/lists.cfm?link=s:5
> Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubsc
> ribe.cfm?user=633.558.5
> Signup for the Fusion Authority news alert and keep up
> with the latest news in ColdFusion and related topics.
> http://www.fusionauthority.com/signup.cfm
s. isaac dealey 972-490-6624
team macromedia volunteer http://www.macromedia.com/go/team
chief architect, tapestry cms http://products.turnkey.to
onTap is open source http://www.turnkey.to/ontap
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
