On Tuesday 23 April 2002 06:02 pm, you wrote:
A new emerging worm is out there in windows land. That's bad enough, but
Jeez, chuq, where have you been? I've been dealing with klez for *months*. Our central scanners nail about 1,400 of them *a day*.
This is a new variant, not the old Klez. And it's getting worse.
This is what I have in my "Hold posts with header value matching a specified regexp" field.
I decided about a month ago that I will no longer tolerate attachments going through automatically. It does require me to be more vigilant, but it has stopped everything so far. As you can see, some of these are quite specific from repeat offenders that spam in plain text. But the generic ones are great for stopping virus attachments from going anywhere. I got two of my list regulars, one from Europe and one from the Far East to help me admin the list to let legitimate attachments through in a reasonable period of time. Generally, the delay is less than 30 minutes from the time one is posted until it is released.
I stopped four viruses these from going out today, which means that 300 list members were spared virus attacks 4 times. So, I stopped Klez 1200 times today by having to moderate 4 messages. Pretty good trade, if you ask me.
# Lines that *start* with a '#' are comments. to: friend@public.com message-id: relay.comanche.denmark.eu from: list@listme.com from: .*@uplinkpro.com from: .*@lithesoft.com from: .*@paid4survey.net from: .*@freegift4u.com.* subject: .*@Podtal.* from: .*etoyshop.* from: .*bdavisa.* subject: .*new photos from my party.* Content-type: text/html Content-type: text/enriched Content-type: text/x-vcard Content-type: multipart/alternative Content-type: multipart/related Content-type: multipart/mixed Content-type: application/octet-stream Content-Disposition: attachment from: .*@lehugo.com.br.*