Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Script to remove SoBig/F virus from POP3 mailbox

Reply
Thread Tools

Script to remove SoBig/F virus from POP3 mailbox

 
 
Alex
Guest
Posts: n/a
 
      08-22-2003
Under the gun, I've written a Python script to delete emails containing this
latest virus/worm (Sobig-F) from a POP3 mailbox.

http://www.tranzoa.com/extras.htm#remove_email_virus

The script is a quick-and-dirty, no question, but it's sure doing the job on
megabytes of garbage without too much bandwidth use (it gets the top 150 text
lines of the emails).

Interestingly enough, it shows that most of the bad email we're getting can be
traced back to a few IP addresses. (Are you listening, 206.228.159.186 and
212.234.58.156 and 81.96.121.126?) That fact indicates that if an ISP or net
admin were to pull the plug on a just a few connections, the net would lose a
lot of wasted bytes and traffic.

Alex

 
Reply With Quote
 
 
 
 
Skip Montanaro
Guest
Posts: n/a
 
      08-22-2003

Alex> Under the gun, I've written a Python script to delete emails
Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

...

I wrote something similar today for scrubbing Mailman 2.1 pending
administrative requests. I've killed over a thousand messages for the
python-help mailing list so far. It's crude, but saves a huge amount of
pointing and clicking. If you'd like a copy, drop me a note. If enough
people are interested and it seems like there's no other easy way to
accomplish this with the usual Mailman means, I'll place a copy on my
website.

Skip

 
Reply With Quote
 
 
 
 
Neil Hodgson
Guest
Posts: n/a
 
      08-23-2003
Skip:

> I wrote something similar today for scrubbing Mailman 2.1 pending
> administrative requests.


I have created a similar script. It requires ClientCookie and ClientForm
(URLs in the script) and blindly discards all moderation requests.
http://www.scintilla.org/DiscardModeration.py
Modify the script to point to your host, lists and password and then run.
If your admin URL looks like "http://mailman.XXX/mailman/admindb/YYY" then
YYY is the mailing list name and "http://mailman.XXX/mailman/admindb/" the
host. Tested with Mailman 2.1.2 and client side Python 2.3.

Neil


 
Reply With Quote
 
Alex
Guest
Posts: n/a
 
      08-23-2003
Skip Montanaro wrote:
> Alex> Under the gun, I've written a Python script to delete emails
> Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.
>
> ...
>
> I wrote something similar today for scrubbing Mailman 2.1 pending
> administrative requests. I've killed over a thousand messages for the
> python-help mailing list so far. It's crude, but saves a huge amount of
> pointing and clicking. If you'd like a copy, drop me a note. If enough
> people are interested and it seems like there's no other easy way to
> accomplish this with the usual Mailman means, I'll place a copy on my
> website.
>
> Skip
>


Heck, why not post? "When in doubt, ship it out."

Actually, my script was small enough to simply include in the newsgroup posting.
But, it's usually handier for people to get things from the web site than trying
to sort through old news messages.

As indicated in the private email, I solved two particular problems we had:

1) Used TOP to read just the start of the emails so that our bandwidth wasn't
saturated by full, virus emails.

2) Deleted virus scanner bounces that contained the whole, danged virus file
attachment.

Alex

 
Reply With Quote
 
Skip Montanaro
Guest
Posts: n/a
 
      08-25-2003

Alex> Under the gun, I've written a Python script to delete emails
Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

>> I wrote something similar today for scrubbing Mailman 2.1 pending
>> administrative requests.


Alex> Heck, why not post? "When in doubt, ship it out."

It's available as

http://manatee.mojam.com/~skip/python/mmdiscard.py

Alex> Actually, my script was small enough to simply include in the
Alex> newsgroup posting.

Mine too. I just wasn't sure if that was the right way to do things in a
Mailman environment. Clearly, if you have direct access to the machine
there are going to be faster ways to clear the backlog.

Skip

 
Reply With Quote
 
Kevin Altis
Guest
Posts: n/a
 
      08-25-2003
Like Alex I wrote a script last week to auto-delete potential virus
attachments from my POP account. The code uses the poplib module and email
package and downloads the full message to completely parse the attachments
before deciding whether to delete the message or not. The latest version is
sitting in cvs. No warranties implied, but I've been using it without
problems since Friday.


http://cvs.sourceforge.net/cgi-bin/v...onCardPrototyp
e/samples/fpop/emailfilter.py

ka

"Alex" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Skip Montanaro wrote:
> > Alex> Under the gun, I've written a Python script to delete emails
> > Alex> containing this latest virus/worm (Sobig-F) from a POP3

mailbox.
> >
> > ...
> >
> > I wrote something similar today for scrubbing Mailman 2.1 pending
> > administrative requests. I've killed over a thousand messages for the
> > python-help mailing list so far. It's crude, but saves a huge amount of
> > pointing and clicking. If you'd like a copy, drop me a note. If enough
> > people are interested and it seems like there's no other easy way to
> > accomplish this with the usual Mailman means, I'll place a copy on my
> > website.
> >
> > Skip
> >

>
> Heck, why not post? "When in doubt, ship it out."
>
> Actually, my script was small enough to simply include in the newsgroup

posting.
> But, it's usually handier for people to get things from the web site than

trying
> to sort through old news messages.
>
> As indicated in the private email, I solved two particular problems we

had:
>
> 1) Used TOP to read just the start of the emails so that our bandwidth

wasn't
> saturated by full, virus emails.
>
> 2) Deleted virus scanner bounces that contained the whole, danged virus

file
> attachment.
>
> Alex
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Script to Remove Attachments in Exchange Mailbox KDawg44 Python 4 10-12-2007 10:38 AM
remove mail from exchange mailbox XPD NZ Computing 10 08-09-2006 08:37 AM
pOP3 mAILBOX Robert Richmond Computer Support 4 10-25-2003 02:17 AM
python script as an emergency mailbox cleaner Alex Martelli Python 9 09-23-2003 05:02 PM
Anyway to Kill virus email on my Host Mailbox automatically? Dennis@NoSpam.com Perl Misc 2 08-22-2003 03:38 AM



Advertisments