[prev in list] [next in list] [prev in thread] [next in thread]
List: sylpheed
Subject: [sylpheed:21660] Fw: [Mailfilter-users] for older version mailfilter - ms virus
From: JoeHill <joehill () sympatico ! ca>
Date: 2003-09-25 10:12:29
[Download RAW message or body]
This is from the Mailfilter list, a user-contributed set of filters for
the various MS Patch mails. Would work better with scoring (the devel
version of Mailfilter) IMHO, but nonetheless some good examples of
RegExp.
Begin forwarded message:
Date: Wed, 24 Sep 2003 22:56:49 -0700
From: tim <mailfilter@nsr500.net>
To: mailfilter <mailfilter-users@lists.sourceforge.net>
Subject: [Mailfilter-users] for older version mailfilter - ms virus
From: & Subject: filters
# microsoft virii
# requires REG_CASE=no, REG_TYPE=extended
DENY=^From: "admin(istrator)"
DENY=^From: "customer assistance"
DENY=^From: "(net(work) |)email (service|system)"
DENY=^From: "inet (e|)mail (service|storage|system)"
DENY=^From: "inet message (delivery|storage) (service|system)"
DENY=^From: "internet delivery service"
DENY=^From: "( |)internet (e|)mail delivery(|( service| system)"
DENY=^From: "internet (e|)mail system"
DENY=^From: "internet message storage service"
DENY=^From: "internet (security|storage) (department|section|service)"
DENY=^From: "(mail|message) storage (service|system)"
DENY=^From: "microsoft"
DENY=^From: "(ms|microsoft|net(work))
(corporation|customer|(e|)mail|message|inet|internet)
DENY=^From: "(ms|microsoft|net(work))
(net(work)|program|public|security|technical|storage)
DENY=^From: "(ms|microsoft|net(work)) .*
(support|system|customer|(e|)mail|message|inet|internet)
DENY=^From: "(ms|microsoft|net(work)) .*
(net(work)|program|public|security|technical|storage)
DENY=^From: "(security|technical) (division|services)
DENY=^Subject: (abort|bug|error|failure)
(announcement|message|letter|notice|advice|report)
DENY=^Subject: (advice|announcement)
DENY=^Subject: critical (pack|upgrade)
DENY=^Subject: .* (critical|internet|microsoft|net(work)|security)
(upgrade|patch|security|update|pack)
DENY=^Subject: internet (pack|security|update)
DENY=^Subject: (last|latest|new(est)|net(work))
(internet|microsoft|net(work)|pack|security|update)
# end microsoft virii
Short primer on how to test your filter by using your log file
--------------------------------------------------------------
[22:53] abit:~ > tail -10000 log/mailfilter.log | egrep -i '^From:
"(ms|microsoft|net(work))
(corporation|customer|(e|)mail|message|inet|internet)'
FROM: "Microsoft Corporation Public Services"
<zqlciuyovhhscv_hukhbl@newsletters.net>
FROM: "MS Email Delivery System" <mailroutine@puremail.com>
FROM: "Network Email Storage Service" < >
From: "MS Corporation Program Security Division"
<xhoonbx_lkecfzxa@support.com>
FROM: "Microsoft Email Storage System" <postbot@rocketmail.com>
[22:54] abit:~ > tail -10000 log/mailfilter.log | egrep -i '^Subject: .*
(critical|internet|microsoft|net(work)|security)
(upgrade|patch|security|update|pack)'
SUBJECT: Network Security Update
SUBJECT: Current Net Critical Upgrade
SUBJECT: new network security patch
SUBJECT: Latest Network Critical Pack
Of course, bigger sample size will increase satisfaction.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Mailfilter-users mailing list
Mailfilter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mailfilter-users
--
JoeHill
Registered Linux user #282046
Homepage: www.orderinchaos.org
+++++++++++++++++++++++++++
It is said that the lonely eagle flies to the mountain peaks while the
lowly
ant crawls the ground, but cannot the soul of the ant soar as high as
the eagle?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic