[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: virus warning message spam



If you're using SpamAssassin, there's a set of rules
http://www.timj.co.uk/linux/bogus-virus-warnings.cf that might be of
use.  They mostly default to 20 points so if you're already deleting
spam, it usually puts messages above the threshold.


On Fri, Mar 26, 2004 at 11:40:07AM -0600, Steven Pritchard wrote:
> So given that a) we don't run Windows, and b) every one of the Windows
> email viruses going around spoofs the sender address, I'm *really*
> sick of receiving warning messages from other people's poorly
> configured virus filters.  I dug through my procmail log and found as
> many of the subject lines from those messages as I could in order to
> set up header_checks rules to block the damn messages.  I feel like
> sharing, so the results are below.  :-)
> 
> Oh, and on this subject, I used to feel bad that majordomo replied
> with a message whenever email was held for moderation, since it ended
> up replying to the wrong person when it received virus messages, but
> I'm doing virus filtering with amavis now, so I don't think those
> messages are necessarily a bad thing anymore.
> 
> Add this to your header_checks pcre map (Postfix users only):
> 
> /^Subject:.*A mail message with subject .* contained a virus$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Antigen found VIRUS=/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Attachments not Delivered by MailScan\!$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*A virus  *was detected in the message$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Email was scanned, virus was removed:/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Failed to clean virus file/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*GateLock Virus Notification\.$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Important Notice: VIRUS GEFUNDEN\!$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*InterScan_Virus_Alert/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Mail Cleaner Virus Alert$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*MAIL GATEWAY ALERT$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*\[MailServer Notification\] ?To (Sender|Recipient) virus found and action taken\.$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*MDaemon Warning - Virus Found$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*moscas \(infecciones\)/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*NAV detected a virus in a document you authored\.$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Net Integrator Virus Alert$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Non delivery report: .*\(Virus infection\)$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Norton AntiVirus detected (and quarantined )?a virus in a message you sent/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Norton AntiVirus failed to scan an attachment in a message you sent\./	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Norton Antivirus ha rilevato un virus nel documento/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Returned due to virus;/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Returned mail: Possible Virus Infection$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*re\..*\{VIRUS\}/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*ScanMail Message: To .* virus found and action taken\.$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Symantec AntiVirus\/Filtering for Domino$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Symantec AVF detected a.*virus in a message you sent/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:Symantec Mail Security detected a.*virus/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Undelivered \(Virus\)$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject: Virus Alert$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Alert - ScanMail for Lotus Notes/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Check Alert/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*VIRUS.*dans votre courrier$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Detected by Network Associates, Inc\. Webshield/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus detected in attachment$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Detected in Email you sent\.$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus detected in mail/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus detected in ".*"$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus detected$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Detected$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Discarded$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*VIRUS en su e-mail/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus(es)? incident$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus(es)? picked up by Virex$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus found in a message you sent$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus found in (message|mail) from you\!$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus found in sent message/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus found in sent message$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus found in (sent|the) message/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus incident$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Infection Alert\!/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*VIRUS INFECTION ALERT/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*VIRUS.*IN MAIL FROM YOU$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus intercepted$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*VIRUS IN YOUR MAIL/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus n\xe1jden\xfd vo Va\xb9ej po\xb9te/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*\[VIRUS REMOVED\]/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Virus Scan detected a virus in an email you sent\.$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus trouve dans le message envoye/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*virus trovato in un messaggio inviato/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Warning: antivirus system report$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Warning: E-mail virus(es)? detected$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Warning: E-mail virus(es)? detected$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*Warning: E-mail Virus \(virii\) Detected$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*WARNING: YOU MAY HAVE A VIRUS$/	REJECT We didn't send you a virus so don't send us your spam.
> /^Subject:.*WARNING: You tried to send a potential virus or unauthorised code$/	REJECT We didn't send you a virus so don't send us your spam.
> 
> Steve
> -- 
> steve@silug.org           | Southern Illinois Linux Users Group
> (618)398-7360             | See web site for meeting details.
> Steven Pritchard          | http://www.silug.org/
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.