Projects / SwenDeleter

SwenDeleter

SwenDeleter tries to identify email messages infected with the Swen worm in POP3 mailboxes and delete them on the server. It applies some heuristics to the headers and size of the messages, in order to avoid downloading the actual email, thus making retrievals less taxing. It has both interactive and nonstop modes.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  20 Jan 2004 03:38

    Release Notes: Handling of the threshold option was fixed.

    •  26 Oct 2003 02:53

      Release Notes: In this version, the size threshold and highlighting are now parameters. The server, login, and password can be entered interactively.

      •  27 Sep 2003 00:32

        Release Notes: Patterns were revised, taking a third study of the worm into account and some false negatives. Some bugs were fixed. The code was refactored.

        •  25 Sep 2003 08:44

          Release Notes: The heuristics are now stronger and performance was improved. POP3 settings are now passed as parameters. Precompiled binaries for Windows were provided, and specific instructions for OS/2 were included. The code was also cleaned up.

          •  24 Sep 2003 02:54

            Release Notes: Parameters are now read from the command line. Instructions for Windows users have been added. A distribution with a self-contained precompiled executable for Windows is provided.

            Recent comments

            26 Sep 2003 15:52 fxn

            Re: No highlighting on Mac OS X
            It turns out that eq 'MSWin32' is the right thing to do and
            that's documented in perlvar. Fixed in 1.3. Thank you Ron.

            26 Sep 2003 15:48 fxn

            Re: False negatives due to qr//i peculiarity
            Excellent, fixed in 1.3. Thank you.

            26 Sep 2003 10:23 RonNewman

            False negatives due to qr//i peculiarity
            SwenDeleter sometimes fails to properly match a copy
            of the virus message because it does not use the /i
            (case-insensitivity) switch consistently at every step
            when building up pre-compiled regular expressions.

            In particular, the declaration of my $subject2_regexp
            needs to end with /ix and not just /x .

            Probably the same fix needs to be made to all the
            "from" regexps, but this should be done by someone
            more familiar with the virus definition (not me!)

            26 Sep 2003 10:16 RonNewman

            No highlighting on Mac OS X
            The SwenDeleter.pl 1.2 script as written will not
            highlight the matches on Mac OS X, because of this
            line:

            unless ($^O =~ /win/i) {

            Unfortunately, $^O == "darwin" on Mac OS X. Since I
            don't know what $^O actually looks like on Windows, I
            don't know how to fix this correctly.

            In my private copy, I just changed the regexp to
            /^win/i , but I doubt that this is correct.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.