A different kind of bad week [LWN.net]

A different kind of bad week

Posted Sep 25, 2003 3:00 UTC (Thu) by StevenCole (guest, #3068)
Parent article: A different kind of bad week

If you're the type who likes to start campfires by rubbing two sticks together, here is a way to pre-filter your email:

[billg@buxnmorbux billg]$ telnet mail.microsoft.com 110
Trying 131.107.34.141...
Connected to mail.microsoft.com (131.107.34.141)
Escape character is '^]'.
+OK <85934.1064457736@microsoft.com>
USER whgates3
+OK
PASS crushm$all
+OK
LIST
+OK
1 157888
2 145219
3 145139
4 6964
.
DELE 1
+OK
DELE 2
+OK
DELE 3
+OK
LIST
+OK
4 6964
.
QUIT
+OK
Connection closed by foreign host.

Then, quickly download your mail before another one comes in. Of course, slightly more sophisticated tools exist for this, but that would be like using matches or a lighter, right?

(Log in to post comments)

A different kind of bad week

Posted Sep 25, 2003 5:09 UTC (Thu) by ghane (guest, #1805) [Link]

I have seen these suggestions, but this is overkill. You are getting rid of all mail between 14k & 15k.

--
Sanjeev

A different kind of bad week

Posted Sep 25, 2003 6:51 UTC (Thu) by StevenCole (guest, #3068) [Link]

Bzzzt. Off by ten. That example got rid of messages 145K or so, which is exactly the size of the swen worms. In actual practice, I use a mail previewer, which allows me to choose to download the odd large, but desireable email. My cutoff is at 50K, which results in very few false positives, and those few can be selected out. Thanks for participating.

Swendeleter - works for me...

Posted Sep 25, 2003 6:47 UTC (Thu) by seanpor (guest, #2564) [Link]

http://www.hashref.com/prj/swendeleter/index.html

"SwenDeleter tries to identify email messages infected with the Swen.A worm in POP3 mailboxes and delete them on the server. It applies some heuristics to the headers and size of the messages, in order to avoid downloading the actual email, thus making retrievals less taxing. It has both interactive and nonstop modes."