A black list suggestion

[jdow <jd...@earthlink.net>]

I am getting heartily tired of idiots who bounce emails that contain
or supposedly contain viruses and are assuredly Joe-jobs. I propose a
black list for these idiots. That MIGHT be enough to convince me that
black lists drawbacks do not out weigh their benefits.

{+_+}

Re: A black list suggestion

[jdow <jd...@earthlink.net>]

From: "Bob Proulx" <bo...@proulx.com>
> jdow wrote:
> > I am getting heartily tired of idiots who bounce emails that contain
> > or supposedly contain viruses and are assuredly Joe-jobs. I propose a
> > black list for these idiots. That MIGHT be enough to convince me that
> > black lists drawbacks do not out weigh their benefits.
> 
> I have rules and rules and rules in my procmail scrape out that
> backscatter.  But there are so many clueless admins out there setting
> up virus filters that I fear that I will never be able to block them
> all.
> 
> For your amusement I will include my personal procmail rules for
> those.  However they are not organized.  They are not complete.  They
> are bound to be littered with false positive potential for others.
> 
> Bob

Bob, if you had a rule that somehow provided the physical location of
the offending sites and I could scrounge up a Tomahawk fully armed with
a big chunk of high explosive I'd be happy. People who bounce from
MTAs, particularly 'nixoid MTAs, to the addressee of the email without
bothering to check if the email originated from my ISP or from Brazil
should get eliminated with EXTREME prejudice.

My procmail rules for twits who do that are far more direct. I simply
dump that ISP's crap to /dev/null. If I was an actual ISP myself I'd
mark sites that send such mail with a high spam score for my customers.

(Hint, I do the same thing with people on mailinglists who have the
temerity to send me a "challenge" email. If they are that bozoid I
don't want to hear from them. I've about five of those from this list.
Funny thing is I've never heard any replies directed their way.)

{^_^}

Re: A black list suggestion

[Bob Proulx <bo...@proulx.com>]

jdow wrote:
> I am getting heartily tired of idiots who bounce emails that contain
> or supposedly contain viruses and are assuredly Joe-jobs. I propose a
> black list for these idiots. That MIGHT be enough to convince me that
> black lists drawbacks do not out weigh their benefits.

I have rules and rules and rules in my procmail scrape out that
backscatter.  But there are so many clueless admins out there setting
up virus filters that I fear that I will never be able to block them
all.

For your amusement I will include my personal procmail rules for
those.  However they are not organized.  They are not complete.  They
are bound to be littered with false positive potential for others.

Bob

:0 D
* 1^0 ^Subject: \[VIRUS DETRUIT-DESTROYED\]
* 1^0 ^Subject: {Filename\?} {Spam\?}
* 1^0 ^Subject: {Filename\?} {Spam\?} Net Critical Pack
* 1^0 ^Subject: {VIRUS\?}
* 1^0 ^Subject: {VIRUS}
* 1^0 ^Subject: {Virus\?}
* 1^0 ^Subject: {Virus}
* 1^0 ^Subject: .VIRUS.. Announcement
* 1^0 ^Subject: .VIRUS.. Current Microsoft Critical Pack
* 1^0 ^Subject: .VIRUS.. Error Message
* 1^0 ^Subject: .VIRUS.. New Network Upgrade
* 1^0 ^Subject: .VIRUS.. New Patch
* 1^0 ^Subject: .Virus.. Last Internet Security Update
* 1^0 ^Subject: .Virus.. Last Update
* 1^0 ^Subject: .Virus.. Undelivered Mail: Returned To Mailer
* 1^0 ^Subject: Abort Advice
* 1^0 ^Subject: Bug Advice
* 1^0 ^Subject: Current Microsoft Security Patch
* 1^0 ^Subject: Internet Critical Upgrade
* 1^0 ^Subject: Last Internet Security Upgrade
* 1^0 ^Subject: Last Net Security Update
* 1^0 ^Subject: Latest Critical Pack
* 1^0 ^Subject: Latest Internet Critical Patch
* 1^0 ^Subject: Latest Internet Critical Upgrade
* 1^0 ^Subject: Latest Internet Security Pack
* 1^0 ^Subject: Latest Internet Upgrade
* 1^0 ^Subject: Latest Microsoft Patch
* 1^0 ^Subject: Latest Network Upgrade
* 1^0 ^Subject: Microsoft Pack
* 1^0 ^Subject: Network Security Patch
* 1^0 ^Subject: New Internet Critical Update
* 1^0 ^Subject: New Net Security Update
* 1^0 ^Subject: Newest Critical Upgrade
* 1^0 ^Subject: Newest Network Security Update
* 1^0 ^Subject: Quarantined mail:
virus/stripped

:0 D
* 1^0 ^From: .*DrWeb-DAEMON
* 1^0 ^Subject: !! You just sent a Virus !!$
* 1^0 ^Subject: .MailServer Notification.To Sender file
* 1^0 ^Subject: A virus was detected in your mail
* 1^0 ^Subject: A virus was detected on your message\*
* 1^0 ^Subject: ALCATEL POLICY : your message has been refused
* 1^0 ^Subject: ATI Network: avviso Antivirus - AntiVirus scan results
* 1^0 ^Subject: An executable attachment was found in a document
* 1^0 ^Subject: AntiVirus Alert!
* 1^0 ^Subject: AntiVirus detected and quarantined
* 1^0 ^Subject: Antigen found VIRUS=
* 1^0 ^Subject: Content violation
* 1^0 ^Subject: E-mail Antivirus scan results
* 1^0 ^Subject: Email Content Rejection Notice
* 1^0 ^Subject: Entrega Anulada
* 1^0 ^Subject: Inflex scan report
* 1^0 ^Subject: InoculateIT detected.*virus in Mailbox
* 1^0 ^Subject: MDaemon Warning - Virus Found
* 1^0 ^Subject: Mail rejected - Automatically generated mail, please do not reply
* 1^0 ^Subject: Mailscanner warning notification!
* 1^0 ^Subject: NAV detected a virus in a document
* 1^0 ^Subject: NAV hat einen Virus in einem
* 1^0 ^Subject: NAV hat einen Virus oder nicht erlaubten Inhalt
* 1^0 ^Subject: Norton AntiVirus detected a virus in a message you sent
* 1^0 ^Subject: Norton AntiVirus detected and quarantined
* 1^0 ^Subject: Notification - Attachment Removal
* 1^0 ^Subject: Posta Sicura Elitel
* 1^0 ^Subject: RAV AntiVirus scan results
* 1^0 ^Subject: SAV detected a violation
* 1^0 ^Subject: SE ENCONTRO UN VIRUS EN SU MENSAJE
* 1^0 ^Subject: ScanMail Message: To Sender virus found or matched
* 1^0 ^Subject: ScanMail Message: To Sender, virus found and action taken.
* 1^0 ^Subject: Symantec AVF detected
* 1^0 ^Subject: Symantec Mail Security detected
* 1^0 ^Subject: Towers Perrin Virus Scanning Report to Sender
* 1^0 ^Subject: Unsafe Attachment Notification
* 1^0 ^Subject: VIRUS EN SU CORREO
* 1^0 ^Subject: VIRUS IN IHRER NACHRICHT
* 1^0 ^Subject: VIRUS IN YOUR MAIL
* 1^0 ^Subject: VIRUS NOTIFICATION
* 1^0 ^Subject: VIRUS RE: 
* 1^0 ^Subject: VIRUS WARNING : 
* 1^0 ^Subject: Virenchecker Information
* 1^0 ^Subject: Virenwarnung von Autozentrum WEST
* 1^0 ^Subject: Virus Alert$
* 1^0 ^Subject: Virus Alert - ScanMail for Lotus Notes
* 1^0 ^Subject: Virus Check Alert .Type-F.$
* 1^0 ^Subject: Virus Detected by
* 1^0 ^Subject: Virus Found in message
* 1^0 ^Subject: Virus Notification: A virus has been detected
* 1^0 ^Subject: Virus Warning$
* 1^0 ^Subject: Virus dans le message
* 1^0 ^Subject: Virus detected in your e-mail
* 1^0 ^Subject: Virus found in the message
* 1^0 ^Subject: Virus notification
* 1^0 ^Subject: Virus protection system found VIRUS
* 1^0 ^Subject: Votre courrier est rejeté
* 1^0 ^Subject: WARNING! Virus detected
* 1^0 ^Subject: WARNING: YOU ATTEMPTED TO SEND A VIRUS
* 1^0 ^Subject: WARNING: YOU MAY HAVE A VIRUS
* 1^0 ^Subject: WARNING: You may have or sending out VIRUSES
* 1^0 ^Subject: Warning: E-mail viruses detected
* 1^0 ^Subject: Warning: Possible Virus Infection
* 1^0 ^Subject: You have sent a virus
* 1^0 ^Subject: Your email message was blocked
* 1^0 ^Subject: \*\*\* You have sent a virus !
* 1^0 ^Subject: DETEKTOVAN VIRUS U PORUCI ZA VAS / VIRUS DETECTED IN MAIL FOR YOU
* 1^0 ^Subject: MailMonitor for Exchange has processed a suspicious mail
virus/autoresponder

# The following scan the message body.
# UkFWIEFudGlWaXJ1cyBoYXMgZGVsZXRlZCB0aGlzIGZpbGUNC is base64
# for RAV AntiVirus has deleted this file
:0HB
* 1^0 ^A virus has been detected in an email attachment that you sent
* 1^0 ^RAV AntiVirus has deleted this file
* 1^0 ^UkFWIEFudGlWaXJ1cyBoYXMgZGVsZXRlZCB0aGlzIGZpbGUNC
* 1^0 ^Content-Type: *text/plain;.*name="DELETED0.TXT"
* 1^0 ^The file attached to this email was removed because it is infected
* 1^0 ^Subject: Current Internet Critical Pack
* 1^0 ^Xtra.s anti-virus email filter found a virus in an attachment
* 1^0 ^.ANTIVIRUS DE CORREO TERRA
* 1^0 ^possibly was sending virus:
* 1^0 ^The following message attachments were flagged by the antivirus scanner
* 1^0 ^------------------  Virus Warning Message
* 1^0 ^A mail sent by you has been identified as suspicious by MailMonitor
virus/autoresponder