I don't know what's going on, but I've been getting literally hundreds of
virus/worm-looking emails per hour all day today. I grew tired of it and
wrote the following Sieve script to filter my mail on the server.
The pseudo-bounce messages were particularly annoying; they're close enough
to the real bounce messages that I *want* to keep that they justified a
little closer examination. I'll probably tighten the other message type to
also examine the sender, but I doubt I'll be getting any legitimate mails
that look like:
Subject: latest security patch
in the near future. Anyway, enjoy as you see fit.
############################################################
#### Virus detection
# 2003-09-18: Something stupid and Microsofty
if anyof(
# This one is super-annoying; it mimics real bounce messages
allof(
header :matches "From" [
"email*",
"internet*",
"microsoft*",
"ms*" ],
header :matches "From" [
"*service",
"*system"
],
header :is "Subject" [
"abort advice",
"abort letter",
"Error Notice",
"mail: user unknown",
"Returned Mail",
"returned message" ]
),
# "Current Security Pack", "New Security Update", etc.
allof(
header :matches "Subject" [
"current*",
"last*",
"latest*",
"microsoft*",
"new*",
"newest*" ],
header :matches "Subject" [
"*upgrade",
"*update",
"*pack",
"*patch" ]
)
)
{
fileinto "INBOX.virus.2003-09-18";
}
############################################################
--
Kirk Strauser
The Strauser Group
Open. Solutions. Simple.
http://www.strausergroup.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20030918/f1d2d14a/attachment.bin