spam killing with poplib

Phil Weldon pweldon at mindspring.com
Sat Sep 20 21:38:26 CEST 2003


At best that will identify less than a third of the messages produced by
this worm.  A permutating and mutating bogus 'Undeliverable e-mail' message
carrying the infection package is more common than the HTML message.  Either
type is over 100 KBytes, and will quickly clog a mailbox.

Expect the HTML message body, FROM and SUBJECT  to mutate also.

Phil Weldon, pweldon at mindspring.com

"Simon Burton" <simonb at webone.com.au> wrote in message
news:pan.2003.09.20.06.52.21.266409 at webone.com.au...
>
> This was so easy :)
>
> Simon Burton.
>
>
> #!/usr/bin/env  python
>
> import sys
> from time import sleep
> from poplib import *
>
> canit = """Newest Internet Critical Pack
> New Internet Upgrade
> Message: User unknown
> Last Net Critical Patch
> last pack
> error notice
> Failure Advice
> failure message
> Bug Message
> Newest Internet Critical Pack
> Advice
> last net security pack
> Latest Microsoft Security Upgrade
> Latest Upgrade
> Last Network Critical Update
> Current Net Security Pack
> new net pack
> Last Network Security Pack
> Security Pack
> Security Update
> Critical Upgrade
> Undelivered Message
> Security Upgrade
> Net Update
> security pack
> Bug Letter
> Network Pack
> New Net Update
> """.split("\n")[:-1]
> #print canit
> #sys.exit(0)
>
>
> def doit():
>   mbox = POP3( "pop.webone.com.au" )
>
>   mbox.user( "XXX" )
>   mbox.pass_( "XXX" )
>
>   stat = mbox.stat()
>   print "stat",stat
>
>   ilist = mbox.list()
>   olist = []
>   for info in ilist[1]:
>     info = str.split( info )
>     i, sz = int(info[0]), int(info[1])
>     spam = 0
>     print "msg #%.3d\t%d"%( i, sz )
>     header = mbox.top( i, 0 )[1]
>     subject = ""
>     sender = ""
>     for line in header:
>       #print "\t",line
>       if line.startswith( "From:" ):
>         sender = line
>       if line.startswith( "Subject:" ):
>         subject = line
>       if line.startswith( "SUBJECT:" ):
>         subject = line
>       if line.startswith( "X-Spam-Level" ):
>         spam = line.count( "*" )
>     if subject:
>       print "  "+subject
>     if sender:
>       print "  ", sender
>     print "  spam", spam
>     sz_chk = 140000<sz<170000 # check for this size range
>     if sz_chk:
>       print "  sz_chk"
>       spam += 1
>     for can in canit:
>       if subject.count(can):
>         print "  can it: '%s'"%can
>         spam += 1
>     print "  spam", spam
>     if spam > 2: # life is harsh
>       print "  dele"
>       #mbox.dele( i ) # uncomment when you are ready
>
>   print "quit"
>   mbox.quit()
>
>
> while 1:
>   print
>   doit()
>   sleep(90)
>






More information about the Python-list mailing list