use Perl

• Not bounces (Score:3, Informative)

  by bart (450) <bart.lateur@pandora.be> on 2003.09.21 3:46 (#24378) Journal

  No it's not you, I receive about 50 of them an hour, at 150k each, that's 60MB/hour. As a fellow victim, I can tell you this: barely any of them are bounces.

  I've worked out a simple script that can check, via POP3, the headers and the first $N lines of the mail and delete it if it finds an executable. On average, it'll take less than 10% of the full bandwidth. I'm currently checking to see if I can reduce that while still having a reliable test. You can run it both at home and from a server on the internet — I have it running in a cron job on my web server, which is a different server than where my mail arrives, at my ISP.

  I'll post it on Perlmonks shortly. Of course, that won't do you any good if you don't have POP access to your mailbox.

  Reply to This

  • Re:Not bounces (Score:2)

    by nicholas (3034)

    I receive about 50 of them an hour, at 150k each, that's 60MB/hour

    Curious. That's the rate that I was recieving SOBIG.F at, but I'm seeing far fewer Swens. Whereas rafael seems to be experiencing things the same way as you [perl.org]. I wonder why it differs
  • Re:Not bounces (Score:1)

    by bart (450)

    For those people who usually don't visit Perlmonks, I put the script online at this node:

    "Kill that Swem worm on your POP3 account!" [perlmonks.org]
• No more exe (Score:2, Interesting)

  by echo (2881)

  The new Swen worm is killing me
  
  That's like standing in the snow naked. .exe files in attachments are a thing of the past. Here's a start:
  
  /^TV[nopqr]....[AB]..A.A/i REJECT Microsoft .exe file, possible virus source
/^M35[GHIJK].`..`..*````/i REJECT Signature matches Microsoft .exe file, possible virus source