Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Ovid (2709)

Ovid
  (email not shown publicly)
http://publius-ovidius.livejournal.com/
AOL IM: ovidperl (Add Buddy, Send Message)

Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.

Journal of Ovid (2709)

Sunday September 21, 2003
12:05 AM

No more email

[ #14813 ]

The new Swen worm is killing me. In 14 hours, I received 18 megs of this damned worm, shutting down my email account with Yahoo! I also noticed an unusually low amount of legitimate email, but I have no idea if this is a fluke or if I have a bunch of bounced emails.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Not bounces (Score:3, Informative)

    by bart (450) <bart.lateur@pandora.be> on 2003.09.21 3:46 (#24378) Journal
    No it's not you, I receive about 50 of them an hour, at 150k each, that's 60MB/hour. As a fellow victim, I can tell you this: barely any of them are bounces.

    I've worked out a simple script that can check, via POP3, the headers and the first $N lines of the mail and delete it if it finds an executable. On average, it'll take less than 10% of the full bandwidth. I'm currently checking to see if I can reduce that while still having a reliable test. You can run it both at home and from a server on the internet — I have it running in a cron job on my web server, which is a different server than where my mail arrives, at my ISP.

    I'll post it on Perlmonks shortly. Of course, that won't do you any good if you don't have POP access to your mailbox.

  • No more exe (Score:2, Interesting)

    The new Swen worm is killing me

    That's like standing in the snow naked. .exe files in attachments are a thing of the past. Here's a start:

    /^TV[nopqr]....[AB]..A.A/i REJECT Microsoft .exe file, possible virus source
    /^M35[GHIJK].`..`..*````/i REJECT Signature matches Microsoft .exe file, possible virus source