From: Robert <ro...@dr...> - 2004-01-28 15:11:55
|
Hi Don, and the rest...=20 I don't know if my previous post made it to the list, so I'm reposting = it again to give everyone what I tried, and so far it's working flawlessly. = I switched to Test Mode to track this for a bit, and all the Emails so far with Novarg are being correctly tagged. Here's the repost with my original thinking... =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D I was wondering the same thing, but unfortunately, most of those Subject lines are very common (and quite valid)... But the Email contents are rather unique in my experience... According = to SARC's writeup on the bug, the only 3 messages that are sent are: Message: (one of the following)=20 - Mail transaction failed. Partial message is available.=20 - The message contains Unicode characters and has been sent as a binary attachment.=20 - The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. Think about this for a sec... When was the last time you only got back a partial message on a failed transaction? Or since when did MTA's start converting messages into BINARY? Sorry folks, I'm pretty sure that's = the gotcha in this... If we can code these Messages into the "Expression to Identify Spam" verbatim, I think we'd have this one beat cleanly. Opinions? Robert =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D In the Expression to Identify Spam, I inserted exactly this: "Mail transaction failed. Partial message is available|The message = contains Unicode characters and has been sent as a binary attachment|The message cannot be represented in 7-bit ASCII encoding and has been sent as a = binary attachment" All one long expression, removing the periods at the end of each = sentence as listed from SARC, and don't include the quotes. I presume you can = simply add this expression at the end of any existing one(s) you may have = setup. Give it a go, see how it works for you. Robert -----Original Message----- From: ass...@li... [mailto:ass...@li...] On Behalf Of Donpro Sent: January 28, 2004 10:02 AM To: ass...@li... Subject: RE: [Assp-user] Attachments. What was the expression you used? > -----Original Message----- > From: ass...@li... > [mailto:ass...@li...] On Behalf Of=20 > Matthyw Thomas > Sent: Wednesday, January 28, 2004 9:53 AM > To: ass...@li... > Subject: Re: [Assp-user] Attachments. >=20 >=20 > Does the whitelist supercede this? I've tried this out but > it looks like whitelisted users can send messages anyhow. >=20 > Matthyw Thomas BSc.Eng > Project Engineer > BMT Fleet Technology Limited > 311 Legget Drive > Kanata, Ontario, Canada > K2K 1Z8 > Tel: +1 613 592-2830 ext. 341 > Fax: +1 613 592-4950 > mt...@fl... >=20 > >>> jh...@cp... 01/27/04 09:33PM >>> > I'd put something to identify the virus in the "expression to > identify mailbombs" and change the mailbomb message to be=20 > "appears to be infected with a virus" >=20 > j > ----- Original Message ----- > From: "Wil McGilvery" <wmc...@ly...> > To: <ass...@li...> > Sent: Tuesday, January 27, 2004 7:09 AM > Subject: [Assp-user] Attachments. >=20 >=20 > We are starting to see zip files arriving with viruses > inside. I want to block these, but It appears that it doesn't=20 > work this way. I tried to put readme.zip in the list with the=20 > rest of the attachments, but any test message I sent made it through. >=20 > Is there a way to use entire file names so I can block > certain zip files and not others? >=20 > Regards, >=20 > Wil McGilvery > Manager > Lynch Digital Media Inc >=20 >=20 >=20 > 416-744-7949 > 416-716-3964 (cell) > 1-866-314-4678 > 416-744-0406 FAX > www.LynchDigital.com >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim,=20 > CA. http://www.eclipsecon.org/osdn=20 > _______________________________________________ > Assp-user mailing list > Ass...@li...=20 > https://lists.sourceforge.net/lists/listinfo/assp-user=20 >=20 >=20 >=20 > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim,=20 > CA. http://www.eclipsecon.org/osdn=20 > _______________________________________________ > Assp-user mailing list > Ass...@li...=20 > https://lists.sourceforge.net/lists/listinfo/assp-user >=20 >=20 >=20 > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim,=20 > CA. http://www.eclipsecon.org/osdn=20 > _______________________________________________ > Assp-user mailing list > Ass...@li...=20 > https://lists.sourceforge.net/lists/listinfo/a> ssp-user >=20 ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user |