[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Re: POP3Filter for SoBig.F Virus:

Austin Ziegler

9/20/2003 6:46:00 AM

On Sat, 20 Sep 2003 10:14:39 +0900, Austin Ziegler wrote:
> http://www.rubygarden.org/ruby?S...

Gavin made a nice improvement that I have incorporated on the main page; I
have also fixed a couple of bugs with the detection code. Thanks, Gavin.

-austin
--
austin ziegler * austin@halostatue.ca * Toronto, ON, Canada
software designer * pragmatic programmer * 2003.09.20
* 02.44.54
3 Answers

Shashank Date

9/20/2003 10:47:00 AM

0


"Austin Ziegler" <austin@halostatue.ca> wrote in message
> On Sat, 20 Sep 2003 10:14:39 +0900, Austin Ziegler wrote:
> > http://www.rubygarden.org/ruby?S...
>
> Gavin made a nice improvement that I have incorporated on the main page; I
> have also fixed a couple of bugs with the detection code. Thanks, Gavin.

Thank you very Austin and Gavin.

I have been inundated with spam in the last few hours and this nice little
utility has helped me a lot.

I have a question though: the size of email defaults to 120_000. Is there
some significance to this number or is it just an arbitrary number you
picked. I have been getting some spam with attachments which are 106K or in
that range. Of course, I have changed my version to catch them too but was
curious to find out.

Also, would it possible for you to add something like the "kill file"
support so that I can keep adding new patterns to it instead of modifying
the source code.

Thanks a lot.
-- shanko

Gavin Sinclair

9/20/2003 1:16:00 PM

0

On Saturday, September 20, 2003, 9:03:18 PM, Shashank wrote:


> "Austin Ziegler" <austin@halostatue.ca> wrote in message
>> On Sat, 20 Sep 2003 10:14:39 +0900, Austin Ziegler wrote:
>> > http://www.rubygarden.org/ruby?S...
>>
>> Gavin made a nice improvement that I have incorporated on the main page; I
>> have also fixed a couple of bugs with the detection code. Thanks, Gavin.

> Thank you very Austin and Gavin.

> I have been inundated with spam in the last few hours and this nice little
> utility has helped me a lot.

> I have a question though: the size of email defaults to 120_000. Is there
> some significance to this number or is it just an arbitrary number you
> picked. I have been getting some spam with attachments which are 106K or in
> that range. Of course, I have changed my version to catch them too but was
> curious to find out.

All of my virus-spam messages have been around 140Kb. One exception
was about 15Kb.

> Also, would it possible for you to add something like the "kill file"
> support so that I can keep adding new patterns to it instead of modifying
> the source code.

No need really, and I don''t have the time. But you can go for it and
change the Wiki code if you like. Or if your version is significantly
different then offer it as a separate implementation.

The easiest and quickest thing to do would be to add filters to the
source code on the Wiki. If you need different filters, then someone
else probably will too.

I think a lot of people have learned about Net::POP3 today, especially
me.

Gavin

Josef 'Jupp' Schugt

9/21/2003 2:53:00 PM

0

Saluton!

* Gavin Sinclair; 2003-09-20, 18:24 UTC:
> All of my virus-spam messages have been around 140Kb. One exception
> was about 15Kb.

Concerning 15 KB messages: Notify maintainer of mail server that
sends them about the misconfiguration. A mail server must not
identify an infected message, remove the infected part and deliver
the rest.

Even though most people are not aware of it: Besides the given high
probability that the message was sent unintentionally doing so can be
a crime in some countries (Germany for example).

As long as it is done to correctly deliver the message it is
acceptable that a mail server manipulates e-mails but as soon as
manipulation is done to change the information transmitted you are
possibly comitting a crime because

- you may be suppressing information that *should* be send (e.g.
forwarding some program that happens to result in a false alert)

- you are creating a derived work of some copyrighted work without
permission of the copyright holder.

etc. Of course this is only what you officially say. More annoying is
that the removal of the attachment breaks any worm defense that makes
use of the fact that you rarely receive messages of more than 100 KB
that you actually want to recieve.

Note: On 2003-09-24 the European Parliament is going to decide on a
software patent directive. To protest against this my web pages
will offline until (and including) 2003-09-24 (UTC). This
includes but is not limited to the extmath, rcalc, and tldlib
homepage.

Gis,

Josef ''Jupp'' Schugt
--
Warning to Outlook, Outlook Express and Windows users: In the 9/11
aftermath many countries decided on new anti-terror laws. If you put
web sites or mailboxes under fire this may be seen as a terroristic
act that potentially may buy you a one-way ticket to Guantanamo Bay.