[Mailman-Developers] [scr] Worm Klez.E immunity
Stephen J. Turnbull
stephen@xemacs.org
26 Apr 2002 21:45:45 +0900
>>>>> "Dan" == Dan Mick <dmick@utopia.West.Sun.COM> writes:
Dan> Fabulous. This goes to my mailing list, apparently from
Dan> Barry.
Dan> F***ing virus writers. I want them strung up by and with
Dan> their privates.
Well, in the last 48 hours on the xemacs lists, spam "from"
rms@gnu.org, clerik@naggum.no, acs@xemacs.org (XEmacs Review Board
member), ben@666.com (ditto), and me has arrived at xemacs.org ... and
been sent to the bit bucket by procmail:
# Use of $ to match newline is a special procmail extension.
# The idiom (.*$[ ])* should match across RFC 822 folded lines.
# Note that the character class is {SPC,TAB}, procmail doesn't grok \t?
:0
* ^content-type:.*multipart
* B ?? ^content-(type|disposition|description):(.*$[ ])*\
.*name=.*(\.(exe|pif|bat|scr|doc|asp|wab|xls|mpe?g|mp3|rtf)\
|\[[0-9][0-9]*\].*\.htm?l[^"])
xemacs-spam/executable-included
No false positives, and once I got the folded lines part right no Klez
to the lists, either. (Boy, procmail is painful.) Other stuff still
gets through occasionally, though.
Of course Ron Jarrell's $150,000 was well-spent IMO, but for my
purposes this is effective enough to be very satisfying.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
My nostalgia for Icon makes me forget about any of the bad things. I don't
have much nostalgia for Perl, so its faults I remember. Scott Gilbert c.l.py