Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Sep 2003 21:58:37 -0500
From:      Kirk Strauser <kirk@strauser.com>
To:        kirk@strauser.com
Subject:   Sieve script to filter today's MS annoyances
Message-ID:  <87oexhqyaq.fsf@strauser.com>
next in thread | raw e-mail | index | archive | help 
--=-=-=
Content-Transfer-Encoding: quoted-printable

I don't know what's going on, but I've been getting literally hundreds of
virus/worm-looking emails per hour all day today.  I grew tired of it and
wrote the following Sieve script to filter my mail on the server.

The pseudo-bounce messages were particularly annoying; they're close enough
to the real bounce messages that I *want* to keep that they justified a
little closer examination.  I'll probably tighten the other message type to
also examine the sender, but I doubt I'll be getting any legitimate mails
that look like:

    Subject: latest security patch

in the near future.  Anyway, enjoy as you see fit.


############################################################

#### Virus detection
# 2003-09-18: Something stupid and Microsofty
if anyof(
    # This one is super-annoying; it mimics real bounce messages
    allof(
	header :matches "From" [
	    "email*",
	    "internet*",
	    "microsoft*",
	    "ms*" ],
	header :matches "From" [
	    "*service",
	    "*system"
	    ],
	header :is "Subject" [
	    "abort advice",
	    "abort letter",
	    "Error Notice",
	    "mail: user unknown",
	    "Returned Mail",
	    "returned message" ]
	),
    # "Current Security Pack", "New Security Update", etc.
    allof(
	header :matches "Subject" [
	    "current*",
	    "last*",
	    "latest*",
	    "microsoft*",
	    "new*",
	    "newest*" ],
	header :matches "Subject" [
	    "*upgrade",
	    "*update",
	    "*pack",
	    "*patch" ]
	)
    )
{
    fileinto "INBOX.virus.2003-09-18";
}

############################################################


=2D-=20
Kirk Strauser
The Strauser Group
Open. Solutions. Simple.
http://www.strausergroup.com/

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/anDd5sRg+Y0CpvERAtuRAJ9VNauDNoIYQ2RuTy2LDRuRNnahbwCfa1ie
ltsfmM3QXpJ1TOw9RaS8Bos=
=n2uI
-----END PGP SIGNATURE-----
--=-=-=--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87oexhqyaq.fsf>