Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • After 8 hours, I'm getting back to about half the rate I got during the initial deployment, meaning about 500 virus attacks an hour.

    But the biggest problem is not that. It's the stupid antivirus email to tell me that I am infected! I am not! This was a joe-job.

    And the worst part is that I can develop a procmailrc filter for the virus mail, but not for the antivirus email.

    If you are reading this and work for a company like Norton or Symantec, please tell someone how bad this is for all of us.

    --
    • Randal L. Schwartz
    • Stonehenge
    • > And the worst part is that I can develop a procmailrc filter for the virus mail, but not for the antivirus email.

      I grew desperate during the last outbreak... the below worked pretty well. Remove spurious linebreaks as necessary. This was of course last year, when I still cared about having messages falsely flagged as crap-- now I would store them all safely into /dev/null.

      :0
      * ^Subject: .*(automated response|(failure|mail) (delivery|noti|system)|delivery (fail|noti|problem|report|stat|unsucc|warning)|(no|u)ndeliver|returned|unable to (deliver|process)|Sua mensagem)
      JUNK/daemon

      :0
      * ^Subject: .*([vw]irus|v[ií]rus|V[IÍ]RUS|v[ _]i.r.u.s|anti(gen|vir)|agresearch|emanager|esafe|epolicy|groupshield|interscan| mail(marshal|monitor|scan|.?sweep)|mdaemon|mimedefang|[ns]av |network associates|norton|scanmail|securemail|securityserver|symantec|worldsecure|((bann ed|blocked|dangerous|denied|disallowed|executable|forbidden|hostile|illegal|infe cted|invalid|prohibited|suspicious|unsafe|unsolicited) (attachment|content|delivery|e?.?mail|executable|file(name|.?type)?|message))|sp am|(attachment|courrier|content|e?.?mail|executable|file(name|.?type)?|message). *(re(fu|je)|block|delivery|isolat|quarant|remov|strip|violation)|blocked:)
      JUNK/virus