http://tmda.sourceforge.net Blacklist centric message system.
I haven't seen a single swen message yet. It doesn't solve the bandwidth problem but at least it solves the problem of the messages appearing in your inbox. On Wed, 2003-09-24 at 03:29, Peter Busser wrote: > Hi! > > > Therefore, no IP, e-mail, or domain filter will solve the problem > > completely without filtering every single possible permutation of From: > > address that the virus spits out... > > I use several procmail rules to filter out domains (microsoft.com, msdn.com, > etc.) in From: and From, To: (e.g. microsoft.com) and certain words in the > subject (e.g. Microsoft). Since the virus depends on looking like an authentic > message, it can't do too much randomisation of the domains and subject lines. > Of course the filtering is not perfect, but it still reduces the number of > virus messages hitting the inbox. > > Removing messages with an executable attachment will also help of course. > Except with the messages sent to mailing lists that remove attachments > alltogether. > > > and using the "From" address rather than > > the "From:" address for the filter doesn't work, either, because the "From" > > address appears to be a different non-randomized e-mail address, possibly the > > real e-mail address of the infected victim (? haven't read any forensic > > analysis on this point yet...) > > Does this imply that your e-mail filter does not understand regular > expressions? > > Groetjes, > Peter Busser _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
