Re: Take a look at this security package from the MS Corporation
From: Alan Connor (zzzzzz_at_xxx.yyy)
Date: 10/06/03
- Next message: Mairhtin O'Feannag: "failover web and mail servers???"
- Previous message: Stephan Reihle: "Re: Dialin Server - Connects but no net activity. Any pointers?"
- In reply to: Ed Murphy: "Re: Take a look at this security package from the MS Corporation"
- Next in thread: Ed Murphy: "Re: Take a look at this security package from the MS Corporation"
- Reply: Ed Murphy: "Re: Take a look at this security package from the MS Corporation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 06 Oct 2003 14:59:14 GMT
On Mon, 06 Oct 2003 10:02:26 GMT, Ed Murphy <emurphy42@socal.rr.com> wrote:
>
>
> On Mon, 06 Oct 2003 00:04:53 -0700, Chris wrote:
>
>> I completely agree with all of you. I have seen a leap in spam similar
>> to this one containing the exact same windows virus. My one inbox just
>> keeps getting raped by this same type of spam, no matter what kind of
>> filters I put on it. I'll be getting all the emails/info I needed off of
>> it and dumping it real soon.
>
> I'll reiterate the filter rules that I'm using, in case they help you
> out as well:
>
> 1) My ISP's "I disinfected a virus" text -> /dev/null
> 2) Size >= 256,000 bytes -> $HOME/mail/junk-large
> 3) SpamAssassin score >= 5 -> $HOME/mail/junk-spam
> 4) Various mailing lists -> $HOME/mail/name-of-list
> 5) My address is not in To: or Cc: -> $HOME/mail/junk-bulk
> [Exception: Body contains "Cumulative Patch"
> or "Undeliver(ed|able) (to|mail to|message to)" -> /dev/null]
>
> I use fetchmail to grab mail every 15 minutes, round the clock.
>
> I have SA tweaked with MICROSOFT_EXECUTABLE = 5.000
>
> Estimate of one week's performance:
>
> 1) *shrug*
> 2) One message (ham)
> 3) About ten dozen, no false positives
> 4) Several dozen
> 5) About five dozen, maybe half a dozen false positives
> plus about five dozen false negatives
>
> This system was able to keep up with the Swen flood at its peak, which
> I believe is past by now. Tossing false negatives takes maybe five
> minutes a week; checking for false positives takes maybe another five.
>
> I've just added some more SA tweaks - X_PRIORITY_HIGH, CTYPE_JUST_HTML,
> BASE64_ENC_TEXT, MIME_HTML_NO_CHARSET, MISSING_MIMEOLE = 2.000 each -
> and will collect another week's worth of data.
>
I have fetchmail delete everything over 100k on the server every 10 minutes
and that's the end of Swen. (You are right about the crest being past, I
think)
As for all the rigamarole above, Ed, I just don't get it at all.
You either have friends or business associates that commonly send you enormous
emails or are determined to protect your spam.
If someone regularly sent me mails over 100k I would ask then twice to desist
and then block them.
Different strokes for different folks.
-- Later, Alan C You can find my email address at the website: contact.html take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a
- Next message: Mairhtin O'Feannag: "failover web and mail servers???"
- Previous message: Stephan Reihle: "Re: Dialin Server - Connects but no net activity. Any pointers?"
- In reply to: Ed Murphy: "Re: Take a look at this security package from the MS Corporation"
- Next in thread: Ed Murphy: "Re: Take a look at this security package from the MS Corporation"
- Reply: Ed Murphy: "Re: Take a look at this security package from the MS Corporation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
