pop3 email header classifier?
Robin Becker
robin at jessikat.fsnet.co.uk
Mon Sep 22 03:54:44 EDT 2003
In article <r81tmvo2rph8109ohf357mq2fajkliqhoh at 4ax.com>, Tim Roberts
<timr at probo.com> writes
>Robin Becker <robin at jessikat.fsnet.co.uk> wrote:
>>
>>Hi, I'm getting vast numbers of fake upgrade emails containing some kind
>>of virus. My rather old client can be made to reject these based on some
>>patterns in the subject line. They're nearly all based on the word
>>'New', 'Latest', 'Microsoft', 'Patch', 'Pack', ... etc etc.
>>
>>Is there a python tool that can be made to delete these from my POP3
>>mail box rather than let my client reject? Quite a few seem to have
>>semi-valid return addresses so I get postmaster rejects from
>>xxx at microsoft.com etc.
>
>Is your e-mail client actually set up to send a RESPONSE when you receive a
>virus attachment? If so, can you please STOP IT AT ONCE?
>
I have no virus detection in the client and am deliberately not
rejecting. That was the whole point of my question I wanted to do
better.
As a point of fact with this SWEN worm, it does seem possible to kill by
a combination of the subject, from address and attachment size. The
spambayes approach would certainly work, but it wouldn't improve my
download times. I estimate I had about 50Mb of these things to download
yesterday (ie 3-4 hours @ 56k). By employing a kill script I could keep
up fairy easily.
I'm certainly not sending any response or rejecting, I'm using DELE
which should be a sink.
>ALL viruses released in the last 3 years choose random names for both the
>sender AND recipient. It is not possible to automatically extract the
>infected individual's e-mail address from a virus message. You can find
>the address of their e-mail server, but that's all.
>
>By sending a polite "you sent me a virus" message, you are doing NOTHING to
>stop the viruses, you are ANNOYING an innocent person, and you are DOUBLING
>the e-mail volume damage caused by the virus script kiddies.
>
>I got close to 10,000 helpful and completely bogus "you sent my a virus"
>messages during the "SoBig" fiasco.
--
Robin Becker
More information about the Python-list
mailing list