VIRUS ALERT!!! (Your details)

watch out guys, im getting like 10 emails a minute that's all virus, called soBig I guess its flying around like crazy.... plus another one just came from security@microsoft.com called patch.exe not nice. good luck all. tony weeg uncertified advanced cold fusion developer tony at navtrak dot net www.navtrak.net office 410.548.2337 fax 410.860.2337 Please see the attached file for details.

I've modified the list spam code to catch these. As normal for the lists, we're safe from all attachments but a list member or two MAY be infected and the new code will keep the messages away so to avoid the annoyance. Note that these viruses are using email addresses OTHER than the true sender. I've had a number sending as bh@houseoffusion.com and this is an address that only exists hidden on web pages as a black hole. ----- Excess quoted text cut - see Original Post for more -----

mike....what did you do to block those?  with self modifying senders....by subject? tony weeg uncertified advanced cold fusion developer tony at navtrak dot net www.navtrak.net office 410.548.2337 fax 410.860.2337 I've modified the list spam code to catch these. As normal for the lists, we're safe from all attachments but a list member or two MAY be infected and the new code will keep the messages away so to avoid the annoyance. Note that these viruses are using email addresses OTHER than the true sender. I've had a number sending as bh@houseoffusion.com and this is an address that only exists hidden on web pages as a black hole. ----- Excess quoted text cut - see Original Post for more -----

I've been using CF to process the list mail for years now and the anti-spam stuff has come out of it. I just added in a new piece that first looks at the subject like so: REFindNoCase('Thank you|Your details|Approved|Details|Wicked screensaver|That movie|Your application', modsubject) and if this is true, does another REFindNoCase on the body (i.e. CFIF x AND y). Due to the wonders of short circut boolean evaluation, the body search doesn't go off unless the subject search returns true, saving a lot of processing. I'm looking at the raw posts to see if there's something even more efficient. If there is, I'll put it in. Have I mentioned that I love my mail system. :) >mike....what did you do to block those?  with self modifying >senders....by subject?

And the answer it yes, there is something more efficient I can do for the mail system. REFindNoCase('\.(pif|scr)$', odsmime_query.filename) Will return true (i.e. not 0) if there's a .pif or .scr extension on an attachment in the post. I love my system. :) > I've been using CF to process the list mail for years now and the anti-spam stuff has come out of it. I just added in a new piece that first looks at the subject like so: > REFindNoCase('Thank you|Your details|Approved|Details|Wicked screensaver|That movie|Your application', modsubject) > and if this is true, does another REFindNoCase on the body (i.e. CFIF x AND y). > Due to the wonders of short circut boolean evaluation, the body search doesn't go off unless the subject search returns true, saving a lot of processing. > I'm looking at the raw posts to see if there's something even more efficient. If there is, I'll put it in. > Have I mentioned that I love my mail system. :) > >mike....what did you do to block those?  with self modifying > >senders....by subject?

You da man! I've been on a PHP list for a bit as I'm trying to learn some (kind of forced into it through work...) and I've seen multiple posts that appear to contain viruses in the last couple of days. Yves Arsenault Carrefour Infotech 5, Acadian Dr. Charlottetown, PEI C1C 1M2 yves@carrefour.peicaps.org (902)368-1895 ext.242 ICQ #117650823 And the answer it yes, there is something more efficient I can do for the mail system. REFindNoCase('\.(pif|scr)$', odsmime_query.filename) Will return true (i.e. not 0) if there's a .pif or .scr extension on an attachment in the post. I love my system. :) > I've been using CF to process the list mail for years now and the anti-spam stuff has come out of it. I just added in a new piece that first looks at the subject like so: > REFindNoCase('Thank you|Your details|Approved|Details|Wicked screensaver|That movie|Your application', modsubject) > and if this is true, does another REFindNoCase on the body (i.e. CFIF x AND y). > Due to the wonders of short circut boolean evaluation, the body search doesn't go off unless the subject search returns true, saving a lot of processing. > I'm looking at the raw posts to see if there's something even more efficient. If there is, I'll put it in. > Have I mentioned that I love my mail system. :) > >mike....what did you do to block those?  with self modifying > >senders....by subject? >