spam killing with poplib
Donn Cave
donn at drizzle.com
Sat Sep 20 21:01:30 EDT 2003
Quoth "Phil Weldon" <pweldon at mindspring.com>:
| At best that will identify less than a third of the messages produced by
| this worm. A permutating and mutating bogus 'Undeliverable e-mail' message
| carrying the infection package is more common than the HTML message. Either
| type is over 100 KBytes, and will quickly clog a mailbox.
|
| Expect the HTML message body, FROM and SUBJECT to mutate also.
I've been getting one every two minutes or so for the last couple of
days, so I had to do something this morning. Luckily I have shell
access and fairly conventional UNIX mail delivery, so I put in a
filter on delivery. My criterion is nowhere near as complicated as
the rest of you folks, but after about 6 hours it caught 157 and
missed no more than a dozen. I just look for 'boundary="[a-z]' in
the header. Of course that could easily turn out to catch a legitimate
email ... but of course, with an attachment, and I don't want your
stupid Word document anyway.
The filter is 38 lines of awk (with comments), and a C program to
lock the folder and invoke the awk program.
Donn Cave, donn at drizzle.com
More information about the Python-list
mailing list