DCPM: De-SWENing
Simon Waters
Simon at wretched.demon.co.uk
Sun Sep 21 04:06:49 CDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Browning wrote:
>
> If it works for you then it is right ;) What happens if I send you a
> genuine email with an uppercase subject for some convoluted but
> legitimate reason?
Well if its size is between "min" and "max" in size it stands a fair
chance of being zapped.
I did ponder trying to trap subject lines, but SWEN is generating them
by putting phrases together, so I'd have to reverse engineer it into
some wonderful regular expression. Almost all the subject lines I
examied were unique!
Something like, but much longer than......
/(New|Newest|Latest) (MS|Microsoft|Outlook|Microsoft Security)
(Patch|Update)/
Any such regexp stands a fair chance of matching genuine email.
A quick grep suggests
^SUBJECT: 2
^Subject: 37157
The two are both from "Top Jobs on the Net", so probably rejecting all
uppercase "^SUBJECT:" message is sufficient to bounce the virus early,
indeed I might go with this as it'll sure speed up my mail delivery.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/bWonGFXfHI9FVgYRAvEHAKCnfAcRCyGMeU3YzJXUttjPJhBzjACfYxQP
ygTzSDR0kWLpgxKxPchqMuw=
=4bRx
-----END PGP SIGNATURE-----
More information about the Devoncornwall-pm
mailing list