Script to remove SoBig/F virus from POP3 mailbox

Discussion in 'Python' started by Alex, Aug 22, 2003.

  1. Alex

    Alex Guest

    Under the gun, I've written a Python script to delete emails containing this
    latest virus/worm (Sobig-F) from a POP3 mailbox.

    http://www.tranzoa.com/extras.htm#remove_email_virus

    The script is a quick-and-dirty, no question, but it's sure doing the job on
    megabytes of garbage without too much bandwidth use (it gets the top 150 text
    lines of the emails).

    Interestingly enough, it shows that most of the bad email we're getting can be
    traced back to a few IP addresses. (Are you listening, 206.228.159.186 and
    212.234.58.156 and 81.96.121.126?) That fact indicates that if an ISP or net
    admin were to pull the plug on a just a few connections, the net would lose a
    lot of wasted bytes and traffic.

    Alex
     
    Alex, Aug 22, 2003
    #1
    1. Advertising

  2. Alex> Under the gun, I've written a Python script to delete emails
    Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

    ...

    I wrote something similar today for scrubbing Mailman 2.1 pending
    administrative requests. I've killed over a thousand messages for the
    python-help mailing list so far. It's crude, but saves a huge amount of
    pointing and clicking. If you'd like a copy, drop me a note. If enough
    people are interested and it seems like there's no other easy way to
    accomplish this with the usual Mailman means, I'll place a copy on my
    website.

    Skip
     
    Skip Montanaro, Aug 22, 2003
    #2
    1. Advertising

  3. Alex

    Neil Hodgson Guest

    Skip:

    > I wrote something similar today for scrubbing Mailman 2.1 pending
    > administrative requests.


    I have created a similar script. It requires ClientCookie and ClientForm
    (URLs in the script) and blindly discards all moderation requests.
    http://www.scintilla.org/DiscardModeration.py
    Modify the script to point to your host, lists and password and then run.
    If your admin URL looks like "http://mailman.XXX/mailman/admindb/YYY" then
    YYY is the mailing list name and "http://mailman.XXX/mailman/admindb/" the
    host. Tested with Mailman 2.1.2 and client side Python 2.3.

    Neil
     
    Neil Hodgson, Aug 23, 2003
    #3
  4. Alex

    Alex Guest

    Skip Montanaro wrote:
    > Alex> Under the gun, I've written a Python script to delete emails
    > Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.
    >
    > ...
    >
    > I wrote something similar today for scrubbing Mailman 2.1 pending
    > administrative requests. I've killed over a thousand messages for the
    > python-help mailing list so far. It's crude, but saves a huge amount of
    > pointing and clicking. If you'd like a copy, drop me a note. If enough
    > people are interested and it seems like there's no other easy way to
    > accomplish this with the usual Mailman means, I'll place a copy on my
    > website.
    >
    > Skip
    >


    Heck, why not post? "When in doubt, ship it out." :)

    Actually, my script was small enough to simply include in the newsgroup posting.
    But, it's usually handier for people to get things from the web site than trying
    to sort through old news messages.

    As indicated in the private email, I solved two particular problems we had:

    1) Used TOP to read just the start of the emails so that our bandwidth wasn't
    saturated by full, virus emails.

    2) Deleted virus scanner bounces that contained the whole, danged virus file
    attachment.

    Alex
     
    Alex, Aug 23, 2003
    #4
  5. Alex> Under the gun, I've written a Python script to delete emails
    Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

    >> I wrote something similar today for scrubbing Mailman 2.1 pending
    >> administrative requests.


    Alex> Heck, why not post? "When in doubt, ship it out." :)

    It's available as

    http://manatee.mojam.com/~skip/python/mmdiscard.py

    Alex> Actually, my script was small enough to simply include in the
    Alex> newsgroup posting.

    Mine too. I just wasn't sure if that was the right way to do things in a
    Mailman environment. Clearly, if you have direct access to the machine
    there are going to be faster ways to clear the backlog.

    Skip
     
    Skip Montanaro, Aug 25, 2003
    #5
  6. Alex

    Kevin Altis Guest

    Like Alex I wrote a script last week to auto-delete potential virus
    attachments from my POP account. The code uses the poplib module and email
    package and downloads the full message to completely parse the attachments
    before deciding whether to delete the message or not. The latest version is
    sitting in cvs. No warranties implied, but I've been using it without
    problems since Friday.


    http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pythoncard/PythonCardPrototyp
    e/samples/fpop/emailfilter.py

    ka

    "Alex" <> wrote in message
    news:p...
    > Skip Montanaro wrote:
    > > Alex> Under the gun, I've written a Python script to delete emails
    > > Alex> containing this latest virus/worm (Sobig-F) from a POP3

    mailbox.
    > >
    > > ...
    > >
    > > I wrote something similar today for scrubbing Mailman 2.1 pending
    > > administrative requests. I've killed over a thousand messages for the
    > > python-help mailing list so far. It's crude, but saves a huge amount of
    > > pointing and clicking. If you'd like a copy, drop me a note. If enough
    > > people are interested and it seems like there's no other easy way to
    > > accomplish this with the usual Mailman means, I'll place a copy on my
    > > website.
    > >
    > > Skip
    > >

    >
    > Heck, why not post? "When in doubt, ship it out." :)
    >
    > Actually, my script was small enough to simply include in the newsgroup

    posting.
    > But, it's usually handier for people to get things from the web site than

    trying
    > to sort through old news messages.
    >
    > As indicated in the private email, I solved two particular problems we

    had:
    >
    > 1) Used TOP to read just the start of the emails so that our bandwidth

    wasn't
    > saturated by full, virus emails.
    >
    > 2) Deleted virus scanner bounces that contained the whole, danged virus

    file
    > attachment.
    >
    > Alex
    >
     
    Kevin Altis, Aug 25, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    684
  2. Replies:
    0
    Views:
    289
  3. Guest
    Replies:
    0
    Views:
    309
    Guest
    Sep 4, 2003
  4. KDawg44
    Replies:
    4
    Views:
    1,172
    Tim Golden
    Oct 12, 2007
  5. ANTIGEN_ML-MAIL
    Replies:
    0
    Views:
    166
    ANTIGEN_ML-MAIL
    Sep 9, 2003
Loading...

Share This Page