Re: Take a look at this security package from the MS Corporation - Programmer

This is a discussion on Re: Take a look at this security package from the MS Corporation - Programmer ; On Sun, 05 Oct 2003 21:59:14 +0000, Alan Connor wrote: > Here the Windoze-Weenies once again demonstrate their functional lack of > intelligence by spamming Linux newsgroups with a virus/worm that may be > deadly to a Windoze box, but ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Re: Take a look at this security package from the MS Corporation

  1. Re: Take a look at this security package from the MS Corporation

    On Sun, 05 Oct 2003 21:59:14 +0000, Alan Connor wrote:

    > Here the Windoze-Weenies once again demonstrate their functional lack of
    > intelligence by spamming Linux newsgroups with a virus/worm that may be
    > deadly to a Windoze box, but is nothing more than a long email to grandma
    > to a Linux box...


    Look at the crossposting, Alan: they're spamming everything in sight,
    most likely. Even a Linux newsgroup will have a handful of people who
    use Windoze to read it, e.g. people still in the weaning-off process.


  2. Re: Take a look at this security package from the MS Corporation

    On Sun, 05 Oct 2003 23:56:54 GMT, Ed Murphy wrote:
    >
    >
    > On Sun, 05 Oct 2003 21:59:14 +0000, Alan Connor wrote:
    >
    >> Here the Windoze-Weenies once again demonstrate their functional lack of
    >> intelligence by spamming Linux newsgroups with a virus/worm that may be
    >> deadly to a Windoze box, but is nothing more than a long email to grandma
    >> to a Linux box...

    >
    > Look at the crossposting, Alan: they're spamming everything in sight,
    > most likely. Even a Linux newsgroup will have a handful of people who
    > use Windoze to read it, e.g. people still in the weaning-off process.
    >


    Well, if they are stupid enough to disregard all the recent talk about the Swen
    virus on these groups, their own probable recent infestation of that virus, a
    subject-line that is a dead-giveaway, and all common sense....

    ....if they still have their newsreader set to execute any scripts anyone
    feels like posting on the Usenet.....(remember: for most of them mail and
    news are integrated)

    .....then they are too stupid to run Linux, so what's the problem?


    (great straight-line, Ed)

    --
    Later, Alan C
    You can find my email address at the website: contact.html
    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a

  3. Re: Take a look at this security package from the MS Corporation

    Alan Connor wrote:

    > On Sun, 05 Oct 2003 23:56:54 GMT, Ed Murphy wrote:
    >
    >>
    >>On Sun, 05 Oct 2003 21:59:14 +0000, Alan Connor wrote:
    >>
    >>
    >>>Here the Windoze-Weenies once again demonstrate their functional lack of
    >>>intelligence by spamming Linux newsgroups with a virus/worm that may be
    >>>deadly to a Windoze box, but is nothing more than a long email to grandma
    >>>to a Linux box...

    >>
    >>Look at the crossposting, Alan: they're spamming everything in sight,
    >>most likely. Even a Linux newsgroup will have a handful of people who
    >>use Windoze to read it, e.g. people still in the weaning-off process.
    >>

    >
    >
    > Well, if they are stupid enough to disregard all the recent talk about the Swen
    > virus on these groups, their own probable recent infestation of that virus, a
    > subject-line that is a dead-giveaway, and all common sense....
    >
    > ...if they still have their newsreader set to execute any scripts anyone
    > feels like posting on the Usenet.....(remember: for most of them mail and
    > news are integrated)
    >
    > ....then they are too stupid to run Linux, so what's the problem?
    >
    >
    > (great straight-line, Ed)
    >


    I completely agree with all of you. I have seen a leap in spam similar
    to this one containing the exact same windows virus. My one inbox just
    keeps getting raped by this same type of spam, no matter what kind of
    filters I put on it. I'll be getting all the emails/info I needed off of
    it and dumping it real soon.


  4. Re: Take a look at this security package from the MS Corporation

    On Mon, 06 Oct 2003 00:04:53 -0700, Chris wrote:

    > I completely agree with all of you. I have seen a leap in spam similar
    > to this one containing the exact same windows virus. My one inbox just
    > keeps getting raped by this same type of spam, no matter what kind of
    > filters I put on it. I'll be getting all the emails/info I needed off of
    > it and dumping it real soon.


    I'll reiterate the filter rules that I'm using, in case they help you
    out as well:

    1) My ISP's "I disinfected a virus" text -> /dev/null
    2) Size >= 256,000 bytes -> $HOME/mail/junk-large
    3) SpamAssassin score >= 5 -> $HOME/mail/junk-spam
    4) Various mailing lists -> $HOME/mail/name-of-list
    5) My address is not in To: or Cc: -> $HOME/mail/junk-bulk
    [Exception: Body contains "Cumulative Patch"
    or "Undeliver(ed|able) (to|mail to|message to)" -> /dev/null]

    I use fetchmail to grab mail every 15 minutes, round the clock.

    I have SA tweaked with MICROSOFT_EXECUTABLE = 5.000

    Estimate of one week's performance:

    1) *shrug*
    2) One message (ham)
    3) About ten dozen, no false positives
    4) Several dozen
    5) About five dozen, maybe half a dozen false positives
    plus about five dozen false negatives

    This system was able to keep up with the Swen flood at its peak, which
    I believe is past by now. Tossing false negatives takes maybe five
    minutes a week; checking for false positives takes maybe another five.

    I've just added some more SA tweaks - X_PRIORITY_HIGH, CTYPE_JUST_HTML,
    BASE64_ENC_TEXT, MIME_HTML_NO_CHARSET, MISSING_MIMEOLE = 2.000 each -
    and will collect another week's worth of data.


  5. Re: Take a look at this security package from the MS Corporation

    On Mon, 06 Oct 2003 10:02:26 GMT, Ed Murphy wrote:
    >
    >
    > On Mon, 06 Oct 2003 00:04:53 -0700, Chris wrote:
    >
    >> I completely agree with all of you. I have seen a leap in spam similar
    >> to this one containing the exact same windows virus. My one inbox just
    >> keeps getting raped by this same type of spam, no matter what kind of
    >> filters I put on it. I'll be getting all the emails/info I needed off of
    >> it and dumping it real soon.

    >
    > I'll reiterate the filter rules that I'm using, in case they help you
    > out as well:
    >
    > 1) My ISP's "I disinfected a virus" text -> /dev/null
    > 2) Size >= 256,000 bytes -> $HOME/mail/junk-large
    > 3) SpamAssassin score >= 5 -> $HOME/mail/junk-spam
    > 4) Various mailing lists -> $HOME/mail/name-of-list
    > 5) My address is not in To: or Cc: -> $HOME/mail/junk-bulk
    > [Exception: Body contains "Cumulative Patch"
    > or "Undeliver(ed|able) (to|mail to|message to)" -> /dev/null]
    >
    > I use fetchmail to grab mail every 15 minutes, round the clock.
    >
    > I have SA tweaked with MICROSOFT_EXECUTABLE = 5.000
    >
    > Estimate of one week's performance:
    >
    > 1) *shrug*
    > 2) One message (ham)
    > 3) About ten dozen, no false positives
    > 4) Several dozen
    > 5) About five dozen, maybe half a dozen false positives
    > plus about five dozen false negatives
    >
    > This system was able to keep up with the Swen flood at its peak, which
    > I believe is past by now. Tossing false negatives takes maybe five
    > minutes a week; checking for false positives takes maybe another five.
    >
    > I've just added some more SA tweaks - X_PRIORITY_HIGH, CTYPE_JUST_HTML,
    > BASE64_ENC_TEXT, MIME_HTML_NO_CHARSET, MISSING_MIMEOLE = 2.000 each -
    > and will collect another week's worth of data.
    >



    I have fetchmail delete everything over 100k on the server every 10 minutes
    and that's the end of Swen. (You are right about the crest being past, I
    think)

    As for all the rigamarole above, Ed, I just don't get it at all.
    You either have friends or business associates that commonly send you enormous
    emails or are determined to protect your spam.

    If someone regularly sent me mails over 100k I would ask then twice to desist
    and then block them.

    Different strokes for different folks.

    --
    Later, Alan C
    You can find my email address at the website: contact.html
    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a

  6. Re: Take a look at this security package from the MS Corporation

    Alan Connor wrote in
    news:lq3gb.3854$Qy2.3705@newsread4.news.pas.earthl ink.net:

    > On Sun, 05 Oct 2003 23:56:54 GMT, Ed Murphy
    > wrote:
    >>> Here the Windoze-Weenies once again demonstrate their functional
    >>> lack of intelligence by spamming Linux newsgroups with a virus/worm
    >>> that may be deadly to a Windoze box, but is nothing more than a
    >>> long email to grandma to a Linux box...


    > Well, if they are stupid enough to disregard all the recent talk about
    > the Swen virus on these groups, their own probable recent infestation
    > of that virus, a subject-line that is a dead-giveaway, and all common
    > sense....
    >
    > ...if they still have their newsreader set to execute any scripts
    > anyone feels like posting on the Usenet.....(remember: for most of
    > them mail and news are integrated)
    >
    > ....then they are too stupid to run Linux, so what's the problem?


    Impressive! That's why I never install OE anymore... In fact, I get so
    little actual mail that I don't even bother setting up POP3 accounts
    anymore... I use Hotmail and let Billy store all this crap!

    Gotta love Xnews for Windows...

    BTW, this is the last functioning Win32 box in here... all others are now
    proud owners of MDK 9.1. This one's next, but I gotta keep W2kPro on it
    for a while for a couple stupid w32 apps that have no Linux
    counterparts... yet!

  7. Re: Take a look at this security package from the MS Corporation

    On Mon, 06 Oct 2003 14:59:14 +0000, Alan Connor wrote:

    > As for all the rigamarole above, Ed, I just don't get it at all.
    > You either have friends or business associates that commonly send you enormous
    > emails or are determined to protect your spam.


    I am convinced that your system drops messages that any reasonable
    person would consider to be ham. I am not about to risk delay (and
    possible loss) of ham just to save ten minutes a week.

    > If someone regularly sent me mails over 100k I would ask then twice to desist
    > and then block them.


    I get two large mails (one weekly, one monthly) that I'm specifically
    interested in, but they're exempted from the large-mail filter.


  8. Re: Take a look at this security package from the MS Corporation

    On Tue, 07 Oct 2003 04:15:52 GMT, Ed Murphy wrote:
    >
    >
    > On Mon, 06 Oct 2003 14:59:14 +0000, Alan Connor wrote:
    >
    >> As for all the rigamarole above, Ed, I just don't get it at all.
    >> You either have friends or business associates that commonly send you enormous
    >> emails or are determined to protect your spam.

    >
    > I am convinced that your system drops messages that any reasonable
    > person would consider to be ham.



    And you base this conclusion on what? Were you there for over a month
    of pouring over the logs and quarantined mail and backup mail for hours a day?
    No.

    > I am not about to risk delay (and
    > possible loss) of ham just to save ten minutes a week.
    >


    That's what backup mail is about, Ed. You keep a copy of all the mail
    until you are confident that your program/recipe/script is working correctly.

    Put this in your .procmailrc, at the top:

    :0:
    backup

    If you want to keep just the headers, then:

    :0h:
    backup


    Elrav1 is VERY configurable. You speak as if it were cast in stone with
    a few limited options. It can also be used in conjunction with SA or
    procmail (put the recipes before the elrav1 part.


    But I don't think that my program is for you, Ed. It's for people who
    have zero-tolerance for spam and any anonymous mail.

    90% of the mail that comes to my server is deleted there, sight unseen.



    --
    Later, Alan C
    You can find my email address at the website: contact.html
    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a

  9. Re: Take a look at this security package from the MS Corporation

    On Tue, 07 Oct 2003 04:59:13 +0000, Alan Connor wrote:

    >> I am convinced that your system drops messages that any reasonable
    >> person would consider to be ham.


    > And you base this conclusion on what? Were you there for over a month
    > of pouring over the logs and quarantined mail and backup mail for hours a day?
    > No.


    A couple weeks ago, someone sent you a mail. It was lost in the ether:
    no bounce message, no RAV. They said so (on the newsgroup). You failed
    to account for the loss.

    Furthermore, I can describe a likely situation that fits: Let's say
    you put a time limit of three days on RAVs. Someone who only checks
    their mail every five days, tries to mail you. By the time they get
    your RAV and respond to it, it's too late! Their original message
    is just *gone*.

    >> I am not about to risk delay (and
    >> possible loss) of ham just to save ten minutes a week.


    > That's what backup mail is about, Ed. You keep a copy of all the mail
    > until you are confident that your program/recipe/script is working correctly.


    I'm sending *just* the likely-spam to a backup folder (well, a set of
    backup folders). Even better.

    The only stuff that goes straight to /dev/null is

    1) messages with my ISP's "I disinfected a virus" text
    2) bcc:ed mail with "Cumulative Patch" or "Undelivered message to" (or
    certain variants of the latter)

    I consider the chance of a false positive from either of *these* rules
    to be so low as to not be worth worrying about.


+ Reply to Thread