On Thu, Sep 25, 2003 at 01:14:04AM -0400, [EMAIL PROTECTED] wrote: > > > On Wed, 24 Sep 2003, Ross Boylan wrote: > > > I have been getting over 100 of these stupid MS virus emails a day. > > Some are the "install this patch from MS" variety, while some are > > embedded in returns of mail I didn't send. > > > > This is driving me nuts, and certainly proves that Windows viruses can > > be very harmful to Linux users, even if they can't replicate on Linux. > > What do I need to take care of this (i.e., automatically delete the > > junk)? In particular, will anti-spam software (e.g., spamassassin) > > take it out, or do I need anti-virus software (e.g., amavis)? > > > > Is there a clear dividing line between anti-spam and anti-virus > > anymore? And do people have recommendations other than spamassassin > > and amavis? > Hi Ross, > I have earthlink too! And I've tried to email them so far about this > issue. No reply so far. I am using procmail to delete the MS VIRUS emails > but am still downloading them. > So, I have: > earthlink ->dialup->fetchmail->sendmail->procmail->mboxs > I am really pissed. they dont have encrypted pop and they have some lame > spam filtering. And they cant take care of obvious virus email that is > clogging up my mailbox. How they can claim that me losing emails because > of this virus is not their problem? When I switch ISP's will it be then? > -Kevin
To reduce your downloads, it looks as if you can either use fetchmail's size limit (limit keyword, but it doesn't delete the message unless you use the somewhat dangerous flush option) or mailfilter for a somewhat more refined tool (use fetchmail's preconnect option to invoke it automatically). I'm looking into installing mailfilter now. Oh, the other thing I notice is that fetchmail responds to various spam codes if you enable "antispam" option, and so could delete the message as soon as your MTA determines it's spam. I think exim4, at least, has some options for making decisions before accepting the whole message. I'm a little worried that whatever test I put in is going to zap something real, and most likely it will also still let a lot of stuff through (e.g., bounce messages for which the attachment has been stripped). I'm ready to switch ISP's too, but I don't know who's better. I did finally have an intelligent conversation with someone at earthlink today. She said their numbers showed Swen had much lower penetration than Sobig (like 0.2% of all earthlink's mails), and they had made a policy decision not to filter it out. She wasn't familiar with all the reasons for the decision, but thought the resources required to filter (since it requires looking at message content, rather than just headers, to do it reliably) may have been a factor. I asked her to relay my dissatisfaction with the situation, and suggested that their numbers might be missing lots of the mails, since I've seen several reporrts that Swen is the biggest viral worm yet. It certainly the biggest one I've been hit with, but maybe I'm just lucky. That I found this satisfying is a sad commentary on their support, which previously included mostly people not responding or telling me that they "couldn't" filter out the virus. I get very annoyed when people make obviously false statements to justify inaction. Maybe I should point earthlink at Karsten Self's reasons to avoid challenge-response systems, since earthlink's "strong" spam protection feature is basically C-R for anyone not on your whitelist. I have a feeling other ISPs (e.g. AOL?) are doing the same. I use their medium setting, which does filter out some stuff. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
