Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My PC has been invaded by M$ junk mails for 2 days. The filter on Evolution 1.4 can't stop them. They are bouncing all the tme.
I hava MailScanner and H+ BEDV AntiVir running but with no effect. I think they are not built for filtering emails downloaded by email software via POP/POP3
Kindly advise where can I find an AntiVirus software from Open Source similar to Norton on M$
spam:
- I create my filters to kick out all emails from my ISP, bulk emails and from email that is not in my list (extremely effective)
- spamassasin may help
- use a email with antispam may help you to remove about 50% of spams
I'm not sure how your evolution mail works. I use a completely different approach to process my e-mail, and one steps involves "maildrop". (to drop the mail in my ~/Mailbox/)
In my ~/.mailfilter file, I've added a few filters. They use regular expressions. I hope there is something in there you can use Most virus e-mails abuse the <iframe> tag in an html-email, to load/execute an attachment directly. It's the first thing you might want to filter.
Code:
# email up to 50 kb
if($SIZE < 50000)
{
# Match the <iframe> exploit of outlook express, that causes execution
# of programs, loaded my the iframe, because on an mangled content type.
#
if( /<iframe src=3D"?cid:/:b )
{
log "*SPAM* outlook <iframe> exploit"
to "Maildir/.Spam"
}
## TODO: 2 step filtering: name, then extension2
# Remove attachments with unwanted file extensions
# It seams another nasty trick is also popular:
# A lot of spaces between the .ext and .pif extension.
#
# Content-Type: audio/x-midi
# <tab> name=file.ext .pif
#
if( /[\n\r]Content\-Type: [a-zA-Z\-\/]+;[\n\r]*[:space:]+name=.*\.(bat|pif|scr)"?[\n\r]/:bw )
{
log "*SPAM* unwanted extensions in content-type"
to "Maildir/.Spam"
}
# Content-Disposition: attachment; filename=file.src
if( /[\n\r]Content\-Disposition: attachment;[\n\r]*[:space:]+filename=.*\.(bat|pif|scr|exe)"?[\n\r]/:bw )
{
log "*SPAM* unwanted extensions in content-disposition"
to "Maildir/.Spam"
}
}
Originally posted by yapp I'm not sure how your evolution mail works. I use a completely different approach to process my e-mail, and one steps involves "maildrop". (to drop the mail in my ~/Mailbox/)
In my ~/.mailfilter file, I've added a few filters. They use regular expressions. I hope there is something in there you can use Most virus e-mails abuse the <iframe> tag in an html-email, to load/execute an attachment directly. It's the first thing you might want to filter.
Code:
# email up to 50 kb
if($SIZE < 50000)
{
# Match the <iframe> exploit of outlook express, that causes execution
# of programs, loaded my the iframe, because on an mangled content type.
#
if( /<iframe src=3D"?cid:/:b )
{
log "*SPAM* outlook <iframe> exploit"
to "Maildir/.Spam"
}
## TODO: 2 step filtering: name, then extension2
# Remove attachments with unwanted file extensions
# It seams another nasty trick is also popular:
# A lot of spaces between the .ext and .pif extension.
#
# Content-Type: audio/x-midi
# <tab> name=file.ext .pif
#
if( /[\n\r]Content\-Type: [a-zA-Z\-\/]+;[\n\r]*[:space:]+name=.*\.(bat|pif|scr)"?[\n\r]/:bw )
{
log "*SPAM* unwanted extensions in content-type"
to "Maildir/.Spam"
}
# Content-Disposition: attachment; filename=file.src
if( /[\n\r]Content\-Disposition: attachment;[\n\r]*[:space:]+filename=.*\.(bat|pif|scr|exe)"?[\n\r]/:bw )
{
log "*SPAM* unwanted extensions in content-disposition"
to "Maildir/.Spam"
}
}
Hi,
Thanks for your response.
On clicking 'Send/Receive' Evolution will drop emails via POP3 from ISP to inbox under;
As USER
/home/satimis/evolution/local/inbox
As ROOT
/root/evolution/local/inbox
I could locat 'mailfilter' file in my OS. 'locate' and 'find' could not found it.
Originally posted by codec spam:
- I create my filters to kick out all emails from my ISP, bulk emails and from email that is not in my list (extremely effective)
- spamassasin may help
- use a email with antispam may help you to remove about 50% of spams
antivirus:
- login as users and it would be fine.
Hi,
Thanks for your advice.
- I created fillters on Evolution but they could not work because M$ bouncing junk mails transform rapidly, changing Sender and Recepient address, Subject, etc.
- I have no experience on spamassasin, please give me some advice. Thanks.
antivirus:
Whether you meant 'H+ BEDV AntiVir'? It is already running on my PC
You can create a filter that pipes every mail thats - lets say smaller that 20000 thru spamassin and have it mark the mails it thinks are spam with 'whateveryouwant'.Then you'll need another filter that sorts messages marked as 'whateveryouwant' in a spam folder.Be careful what you use there - if you have them marked as 'linux' everything Linux goes to the spam folder.
There is a nice configuration tool for spamassasin at http://www.yrex.com/spam/spamconfig.php
If you are referring to the lately rampant emails with W32/Swen you will be disapointed because I don't think you can filter those efficient with spamassasin with out triggering a lot of false positives.
Originally posted by crashmeister You can create a filter that pipes every mail thats - lets say smaller that 20000 thru spamassin and have it mark the mails it thinks are spam with 'whateveryouwant'.Then you'll need another filter that sorts messages marked as 'whateveryouwant' in a spam folder.Be careful what you use there - if you have them marked as 'linux' everything Linux goes to the spam folder.
There is a nice configuration tool for spamassasin at http://www.yrex.com/spam/spamconfig.php
If you are referring to the lately rampant emails with W32/Swen you will be disapointed because I don't think you can filter those efficient with spamassasin with out triggering a lot of false positives.
Hi,
I think I'm being invaded by W32/Swen. Although it did not cause damage to my OS but lots of deleting work are required. I am now searching for a solution to keep them out.
Easiest way to deal with something like that - get an email provider that does scan for viruses and use the line they put in the mail to filter it.Other than that you'd need to put your own virus scanner in there to filter it.
Originally posted by yapp In my ~/.mailfilter file, I've added a few filters. They use regular expressions. I hope there is something in there you can use Most virus e-mails abuse the <iframe> tag in an html-email, to load/execute an attachment directly. It's the first thing you might want to filter.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Most virus e-mails abuse the <iframe> tag in an html-email, to load/execute an attachment directly. It's the first thing you might want to filter.
I'd given you some hints for regular expression parsing. 
