Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Could you post your script ?
    I didn't receive a lot of Sobig crap, but this one is hitting me pretty badly.
    • Yup, can do. The raw version follows.
      Right now I switched to manual mode. If you modify the outcommented if-conditions a little to suit your specific flavour of mails, you could run it as yes | killmail USER PASS.

      If these mails continue to exist tomorrow, I'll refine the script and let it run as cronjob. I am sick of the current situation. I hope the mail-server admins quickly come up with a server-side solution.



      #! /usr/bin/perl -w

      use strict;
      use Mail::POP3Client;

      my ($user, $pass) = @ARGV;

      REDO:

      my $

      • Re:POP3 chainsaw (Score:2, Informative)

        May I point (again) to the script I posted on Perlmonks earlier today? Based on a different POP3 module (Net::POP3) and rather different in check rule: it checks for a MIME section that has the file name of a Windows executable. my script [perlmonks.org]
        • That would have saved me some trouble if I had known it earlier. Right now the worst seems to be survived. I still receive around a hundred of these mails per hour, but my university's mailserver rips off the attachment so the mails' size has shrunken to a tolerable size. That means that I can't check the MIME section any longer either.

          I eventually solved it with a few procmail rules. The To: line of these mails always consists of words chosen randomly from a set of nine words. So I just have to check for
    • Curious. I've not got that many of these (yet)(about 60), but I did recieve a lot of sobig crap (150100 to /dev/null to date, and another 100M or so before I started filtering)