Vexen Crabtree 2015

vexen

Vexen Crabtree's Live Journal

Sociology, Theology, Anti-Religion and Exploration: Forcing Humanity Forwards


Previous Entry Share Next Entry
Vexen Crabtree 2015
vexen

I'm back

470 spam emails from the MS/Mail virus, each with a 100k attachment means that after only 1 and a half days without the internet, my mail account gained 47meg of spam. How do you stop it??
Tags: ,

  • 1
I can give you a procmail recipe or a bit of exim filter code to dump them to /dev/null. Only useful if you have access to your mail server really...

I suppose if they're recognisable from the From: or Subject: lines you could possibly build a tiny POP3 client to check your mailbox and delete offending messages from the server, then use your normal mail app to download the rest.

Who do you use for email? And what do you read it with? Via what mechanism?

/joel

I have no access to the server! I use Easyspace for hosting and email. I access via pop3. Subject lines of two email viruses being mass sent are randomly set, sometimes blank, but generally using very authentic-looking subject lines that are frequently used and can't be filtered.

I should probably set to download headers only for a while until the net has calmed down! Actually I'll do that now...

Something like MailWasher (www. - .net, I think) can do filtering based on headers, and then launch your mail client to download the rest if you like. It's a pretty neat program.

You need better filtering software. I never get any SPAM with earthlink's Spam-blocker. I've never heard of anyone receiving that much junk email! :\

Thunderbird/Mozilla Mail seems to detect the web page variant of the virus, but not the mailbounce one - it doesn't like running slabs of MIME-encoded binary through the filter. Filter on the string TVqQAAMAAAAEAAAA// - that's the beginning of the virus code, and will nail it nicely.

spamassassin seems to pick it ALL up pretty effectively - i've getting 30 Mb of that ms virus a day now, but only one or two mails total make it past the spam check. If you have the ability to, find an appropriate build of SA for your OS, and filter to /dev/null or whatever the windoze equiv is

  • 1
?

Log in