SWEN virus.

"Shashank Khanvilkar" <(E-Mail Removed)> wrote in
news:boon2m$7oo$(E-Mail Removed):

> Hi,
>
> I am receiving these annoying mails containing swen virus. My PC is
> not infected with it, and I don't even know where it is coming from..
> I could setup filters but i was more concerned about the BW that it
> eats up, when i download my mails from the server on a dial-up
> connection.
>
> Is there any way in which i can configure my SMTP server to stop
> receiving mails that contain this virus.
> How do i attack this problem.??
>
>
>

Use a mail client that only downloads the headers, then allows you to
delete the mail from the server without downloading the body and
attachments, if any.

I doubt you will be able to stop the mail from being sent to your email
server but you can stop it from being sent from your server to you.

And like the other response said, get your mail provider to use a virus
filter acceptable to you.

Hi,

I am receiving these annoying mails containing swen virus. My PC is not
infected with it, and I don't even know where it is coming from.. I could
setup filters but i was more concerned about the BW that it eats up, when i
download my mails from the server on a dial-up connection.

Is there any way in which i can configure my SMTP server to stop receiving
mails that contain this virus.
How do i attack this problem.??



--
Regards
Shashank
http://mia.ece.uic.edu/~papers

"Shashank Khanvilkar" <(E-Mail Removed)> wrote in
news:boon2m$7oo$(E-Mail Removed):

> Hi,
>
> I am receiving these annoying mails containing swen virus. My PC is
> not infected with it, and I don't even know where it is coming from..
> I could setup filters but i was more concerned about the BW that it
> eats up, when i download my mails from the server on a dial-up
> connection.
>
> Is there any way in which i can configure my SMTP server to stop
> receiving mails that contain this virus.
> How do i attack this problem.??
>
Do you have administrative access to the server? If not, contact your ISP,
and give them hell for not using anti-virus software on their server. (And
if they decide to install such, threaten them with cattle prods if they
configure it to send a notice to _anyone_ about detecting a virus. Sending
a notice to the "sender" is a form of abuse, becaus the only sender they
can identify at that point is forged.)

If you do, install anti-virus software.

--
Terry Austin
(E-Mail Removed)
www.hyperbooks.com
Roleplaying Stuff

> >
> Do you have administrative access to the server? If not, contact your ISP,

I have administrative access to one of my servers... but the other is
controlled by someone esle.. and unfortunataly i am receiving such mails on
both mail accounts.

> and give them hell for not using anti-virus software on their server. (And
> if they decide to install such, threaten them with cattle prods if they
> configure it to send a notice to _anyone_ about detecting a virus. Sending
> a notice to the "sender" is a form of abuse, becaus the only sender they
> can identify at that point is forged.)
>
> If you do, install anti-virus software.

I already have spam-assasin, which is not doing a very good job..
But that is not of concern, as i may have misconfigured it.

My real concern is how can one remedy this problem at the root.. Even if i
install anti-virus software, my server is still receiving those bloody
emails, wasting a lot of BW. Isn't there any current mechanism built into
SMTP, which will automatically stop relaying messages from the culprit,
right at the first hop, and if not what can be done about it.

All Comments appreciated.

Shashank Khanvilkar wrote:

>> >
>> Do you have administrative access to the server? If not, contact your
>> ISP,
>
> I have administrative access to one of my servers... but the other is
> controlled by someone esle.. and unfortunataly i am receiving such mails
> on both mail accounts.
>
>> and give them hell for not using anti-virus software on their server.
>> (And if they decide to install such, threaten them with cattle prods if
>> they configure it to send a notice to _anyone_ about detecting a virus.
>> Sending a notice to the "sender" is a form of abuse, becaus the only
>> sender they can identify at that point is forged.)
>>
>> If you do, install anti-virus software.
>
> I already have spam-assasin, which is not doing a very good job..
> But that is not of concern, as i may have misconfigured it.
>

Probably

> My real concern is how can one remedy this problem at the root.. Even if i
> install anti-virus software, my server is still receiving those bloody
> emails, wasting a lot of BW. Isn't there any current mechanism built into
> SMTP, which will automatically stop relaying messages from the culprit,
> right at the first hop,

Nope. Not possible with current SMTP

> and if not what can be done about it.
>
> All Comments appreciated.

Well, the easiest remedy would be to permanently ban all MS software from
internet access.
--
Microsoft's Guide To System Design:
Let it get in YOUR way. The problem for your problem.

"Shashank Khanvilkar" <(E-Mail Removed)> wrote in
news:boophr$7rn$(E-Mail Removed):

>> >
>> Do you have administrative access to the server? If not, contact your
>> ISP,
>
> I have administrative access to one of my servers... but the other is
> controlled by someone esle.. and unfortunataly i am receiving such
> mails on both mail accounts.
>
>> and give them hell for not using anti-virus software on their server.
>> (And if they decide to install such, threaten them with cattle prods
>> if they configure it to send a notice to _anyone_ about detecting a
>> virus. Sending a notice to the "sender" is a form of abuse, becaus
>> the only sender they can identify at that point is forged.)
>>
>> If you do, install anti-virus software.
>
> I already have spam-assasin, which is not doing a very good job..
> But that is not of concern, as i may have misconfigured it.
>
> My real concern is how can one remedy this problem at the root.. Even
> if i install anti-virus software, my server is still receiving those
> bloody emails, wasting a lot of BW. Isn't there any current mechanism
> built into SMTP, which will automatically stop relaying messages from
> the culprit, right at the first hop, and if not what can be done about
> it.

You can only control what is under your control. The way that SMTP works,
there is no way to receive enough of the message to identify is as a virus
without receiving the entire message. A mail server with properly
configured AV software will then delete it silently. That is,
unfortunately, the best you can really hope for, unless you can find a
broken mail server. And, unfortunately, the vast majority of Swen viruses
are sent through the sender's ISPs mail server, rather than direct, so you
can't afford to just block the sender (which would prevent _any_ connection
at all, if done properly), or you'll be blocking a lot of legitimate email
from large ISPs.
>
> All Comments appreciated.
>
The best I've managed is to delete them silently as soon as they are
received. It seems that all Windows executables start with
TVqQAAMAAAAEAAAA//, so if you're will to simply refuse all executables (and
you should, since legitimate email with executable attachments can be re-
sent zipped), you can just kill on that string.

--
Terry Austin
(E-Mail Removed)
www.hyperbooks.com
Roleplaying Stuff

"Shashank Khanvilkar" <(E-Mail Removed)> wrote in message
news:boophr$7rn$(E-Mail Removed)...
> > >

> My real concern is how can one remedy this problem at the root.. Even if i
> install anti-virus software, my server is still receiving those bloody
> emails, wasting a lot of BW. Isn't there any current mechanism built into
> SMTP, which will automatically stop relaying messages from the culprit,
> right at the first hop, and if not what can be done about it.
>
> All Comments appreciated.
>

STOP posting with a valid email address!!!! Munge your address
(like mine) and they will stop, eventually.

I was getting 40-50 of these emails when I munged my email
3 weeks ago, now I'm getting 8-9 per week and that rate is
dropping fast.

You see, Swen infected computers look in the newsserver for
posts with a valid email address, those that it finds get pounded.

Munge your email, then, as the posts you made with a valid email
expire, your swen emails will naturally drop off.....

Ken

Ken Bessler wrote:
> "Shashank Khanvilkar" <(E-Mail Removed)> wrote in message
> news:boophr$7rn$(E-Mail Removed)...
>
>
>> My real concern is how can one remedy this problem at the root..
>> Even if i install anti-virus software, my server is still receiving
>> those bloody emails, wasting a lot of BW. Isn't there any current
>> mechanism built into SMTP, which will automatically stop relaying
>> messages from the culprit, right at the first hop, and if not what
>> can be done about it.
>>
>> All Comments appreciated.
>>
>
>
> STOP posting with a valid email address!!!! Munge your address (like
> mine) and they will stop, eventually.
>
> I was getting 40-50 of these emails when I munged my email 3 weeks
> ago, now I'm getting 8-9 per week and that rate is dropping fast.
>
> You see, Swen infected computers look in the newsserver for posts
> with a valid email address, those that it finds get pounded.
>
> Munge your email, then, as the posts you made with a valid email
> expire, your swen emails will naturally drop off.....
>
That is not the whole story. It is pretty clear that spammers harvest
other victims' e-mail boxes and send stuff to everyone in them. So
unless you have no one in the world with you in their address books, or
at least no Microsoft users, you are doomed.

And even were you so lucky, I observe from the Cc: headers that some of
these bastards have 1,000,000 monkeys on the payroll typing out all
possible e-mail addresses on every e-mail server they can find. And it
is not too hard to find out the mail servers by rummaging around in the DNS.


--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 3:50pm up 16 days, 14:26, 3 users, load average: 2.22, 2.16, 2.16

On Mon, 10 Nov 2003 12:52:40 -0600, Shashank Khanvilkar wrote:

I use mailfilter. My .mailfilterrc is at dotfiles.com. I never recieve
SWEN. You may want to edit it.
--
(E-Mail Removed) - > (remove capital letters: SPAM)

"Shashank Khanvilkar" <(E-Mail Removed)> wrote in message news:boon2m$7oo$(E-Mail Removed)...
> Hi,
>
> I am receiving these annoying mails containing swen virus. My PC is not
> infected with it, and I don't even know where it is coming from.. I could
> setup filters but i was more concerned about the BW that it eats up, when i
> download my mails from the server on a dial-up connection.
>
> Is there any way in which i can configure my SMTP server to stop receiving
> mails that contain this virus.
> How do i attack this problem.??> --
> Regards
> Shashank
> http://mia.ece.uic.edu/~papers

*** I was getting about a hundred a day until I limited the size to 20k, above
this - delete from sever. Most of all the MS ones were 150k and I think they
still are. Though I still get 50 - 100 normal spam cr*p
John.