The email package and KLEZ mails
Oleg Broytmann
phd at phd.pp.ru
Tue May 28 05:15:05 EDT 2002
On Tue, May 28, 2002 at 11:08:26AM +0200, Gerhard HДring wrote:
> * Oleg Broytmann <phd at phd.pp.ru> [2002-05-28 12:31 +0400]:
> > On Tue, May 28, 2002 at 08:21:56AM +0000, Gerson Kurz wrote:
> > > I'm using the email module (new in Python 2.2) to analyze messages for
> > > spam and HTML content. However, I get exceptions when analyzing KLEZ
> > > generated mails, which is disappointing since I'm trying to filter
> > > them in the first place.
> >
> > Klez is a carefully created virus. It sends mail that specifically
> > targets Outofluck holes. Those mail messages are constracted in violation
> > of RFCs, so you really cannot parse them with RFC-compliant tools :)
>
> Which is good, because it's a certain sign that you can just throw the
> message away because all the interesting email you'll get will be RFC
> compliant >:-)
At least they should, though it is not always true. RFC 2047 is violated
very often :(
> You could send an auto-reply in case somebody's MUA or mail system was
> fscked up.
You cannot. Klez is *really* very clever virus. It inserts bogus
Reply-To/Return-path headers and envelope headers :(
Oleg.
--
Oleg Broytmann http://phd.pp.ru/ phd at phd.pp.ru
Programmers don't die, they just GOSUB without RETURN.
More information about the Python-list
mailing list