Can bogofilter filter Swen

Wed Sep 24 06:43:17 CEST 2003

Hi,

Thanks for your advice.

Where shall I copy your recipe to.  Which file and under which folder?

Another problem is procmail is not running on my OS, I doubt.  Although
it is a standard installation on RH9

# ntsysv
Could not find procmail

# /etc/rc.d/init.d/procmail status
-bash: /etc/rc.d/init.d/procmail: No such file or directory

# rpm -q procmail
procmail-3.22-9

Evolution only downloads emails from ISP server via POP3 a/c

B.R.
Stephen

On Wed, 2003-09-24 at 01:51, p at dirac.org wrote:
> hi stephen,
> 
> i have a procmail solution.  it works perfectly, for all win32
> executable viruses:
> 
> 
> 
> # Broad antivirus recipe:
> #
> # Look at attachment content.  The 2nd condition is the header of a
> # win32 exe encoded with base64.  No matter how the virus is named,
> # that header MUST have this specific form, or it won't be recognized
> # by Windows as an exe.  So every # attachment that starts with
> # TVqQAAMAAAAEAAAA//8AALg is a win32 program: a # potential virus.
> # The 3rd condition is the string "this program cannot be run in
> # MS-DOS mode" encoded in base64.  It's helps avoid false positives.
> #
> # Thank you Roland Smith <rsmith at xs4all.nl>
> #
> :0 B
> * ^Content-Transfer-Encoding:.*base64
> * ^TVqQAAMAAAAEAAAA//8AALg
> * 4fug4AtAnNIbg
> {
>    LOG="[virus: win32 exe]     "
> 
>    :0
>    /dev/null
> }
> 
> 
> 
> this recipe works perfectly.  i haven't gotten a single win32 virus in
> my inbox.  nothing.  not klez, not yaha, not sobig, not swen.  nada.
> zip.  zero.
> 
> the only thing i DO get in my inbox are those stupid messages by RAV
> antivirus telling me that it removed an executable that was probably a
> virus but still delivered the text portion "dear microsoft customer...".
> 
> hopefully, bogofilter will help filter THOSE messages...  ;)
> 
> pete
> 
> 
> 
> On Wed 24 Sep 03,  1:31 AM, Stephen Liu <satimis at icare.com.hk> said:
> > Hi all folks,
> > 
> > 
> > RH9
> > Evolution 1.4
> > =============
> > 
> > I just join this list.
> > 
> > W32/Swen has been attacking my PC for more than 3 days.  It disguised as
> > M$ support mail, junk mails, and transform rapidly, changing Sender and
> > Recipient Addresses, Subject, etc.  Although it causes no damage to my
> > PC but a lot of deleting work was faced.  It also occupied band width. 
> > The M$ junk mails were downloaded from ISP server via POP3 on Evolution
> > email folder.  Filter on Evolution could not filter them.  
> > 
> > I am searching hard for a solution.  Kindly advise can bogofilter do the
> > job?
> > 
> > Thanks in advance.
> > 
> > B.R.
> > Stephen Liu

To Get Your Own iCareHK.com Email Address?  Go To www.iCareHK.com.