On Tue, 23 Sep 2003 13:18:49 GMT, David Stinson
wrote:

I'm having good success with filtering the SWEN worm garbage
using these filter terms (*letter case and phrases count*):

Filtering for SUBJECT:
Pack, Net Security, Upgrade, Update, Internet, Returned Mail,
User unknown, Returned to Mailer, Critical, failure,
Letter, Advice, Announcement, Message, Latest, Bug, Error,
Notice, Network, Security, Undelivered Mail, Status Notification,
Undeliverable.

Filtering for SENDER:
Microsoft, MS, Internet, network, Net Email, Administrator, Customer,
webservice, Message, Mail Delivery, webbot

So far, it's nailing about 95% of the stuff.
Be sure to check trash before deleting it, since
I was catching one "good" user when I included "ms"
uncapitalized by mistake.

Good luck weathering the storm,
Dave Stinson AB5S


This one kills 100% of the ones I've gotten so far: (case insensitive)

Subject: (microsoft OR critical OR update OR patch OR pack OR security
OR upgrade)

FROM: (microsoft OR security OR MS OR public OR bulletin)

It seems to be a lot easier if you look for individual words to
target, rather than whole phrases.

-Scott

To reply to this message via e-mail, replace "fromrarp" in the e-mail address with "scott"