On Tue, 23 Sep 2003 13:18:49 GMT, David Stinson
wrote:

I'm having good success with filtering the SWEN worm garbage
using these filter terms (*letter case and phrases count*):

Filtering for SUBJECT:
Pack, Net Security, Upgrade, Update, Internet, Returned Mail,
User unknown, Returned to Mailer, Critical, failure,
Letter, Advice, Announcement, Message, Latest, Bug, Error,
Notice, Network, Security, Undelivered Mail, Status Notification,
Undeliverable.

Filtering for SENDER:
Microsoft, MS, Internet, network, Net Email, Administrator, Customer,
webservice, Message, Mail Delivery, webbot

So far, it's nailing about 95% of the stuff.
Be sure to check trash before deleting it, since
I was catching one "good" user when I included "ms"
uncapitalized by mistake.

Good luck weathering the storm,
Dave Stinson AB5S


This one kills 100% of the ones I've gotten so far: (case insensitive)

Subject: (microsoft OR critical OR update OR patch OR pack OR security
OR upgrade)

FROM: (microsoft OR security OR MS OR public OR bulletin)

It seems to be a lot easier if you look for individual words to
target, rather than whole phrases.

-Scott

To reply to this message via e-mail, replace "fromrarp" in the e-mail address with "scott"

"Michael A. Terrell" wrote in message
...
wrote:

"David Stinson" wrote in message
...
I'm having good success with filtering the SWEN worm garbage
using these filter terms (*letter case and phrases count*):

Filtering for SUBJECT:
Pack, Net Security, Upgrade, Update, Internet, Returned Mail,
User unknown, Returned to Mailer, Critical, failure,
Letter, Advice, Announcement, Message, Latest, Bug, Error,
Notice, Network, Security, Undelivered Mail, Status Notification,
Undeliverable.

Filtering for SENDER:
Microsoft, MS, Internet, network, Net Email, Administrator, Customer,
webservice, Message, Mail Delivery, webbot

So far, it's nailing about 95% of the stuff.
Be sure to check trash before deleting it, since
I was catching one "good" user when I included "ms"
uncapitalized by mistake.

Good luck weathering the storm,
Dave Stinson AB5S

I just changed my e-mail address. Dave, what filter are you using?
Earthlink does not allow that kind of filtering, as far as I can tell.

http://webmail.earthlink.net takes you to Earthlink's Webmail access.
Use your full e-mail address and password to log in, and set the
spamblocker to high. It will add a folder called Suspect Email, where
anything that isn't in your on line address book will go. I just click
on it, and delete anything between 140 and 160 KB. I am still getting
over 200 an hour, but I am not wasting the time to download and delete
them. I just leave a page open to Earthlink's Webmail access while I am
on line, and click on delete about every 5 to 10 minutes.
--


Michael A. Terrell
Central Florida

Yes, you would need to be on-line continually to deal with Earthlink's
horrible Webmail system. Even if you put everything in the suspect folder,
it counts against your 10 meg total until you delete it. They will empty
the folder only ever 14 days when it fills up in 30 minutes. So it is a
worthless option. Also, they allow only 500 addresses to be blocked, so you
cannot even block the spam, which they refuse to call spam, because then
they would need to do something about it. Earthlink sucks.

"Michael A. Terrell" wrote in message
...
wrote:

"David Stinson" wrote in message
...
I'm having good success with filtering the SWEN worm garbage
using these filter terms (*letter case and phrases count*):

Filtering for SUBJECT:
Pack, Net Security, Upgrade, Update, Internet, Returned Mail,
User unknown, Returned to Mailer, Critical, failure,
Letter, Advice, Announcement, Message, Latest, Bug, Error,
Notice, Network, Security, Undelivered Mail, Status Notification,
Undeliverable.

Filtering for SENDER:
Microsoft, MS, Internet, network, Net Email, Administrator, Customer,
webservice, Message, Mail Delivery, webbot

So far, it's nailing about 95% of the stuff.
Be sure to check trash before deleting it, since
I was catching one "good" user when I included "ms"
uncapitalized by mistake.

Good luck weathering the storm,
Dave Stinson AB5S

I just changed my e-mail address. Dave, what filter are you using?
Earthlink does not allow that kind of filtering, as far as I can tell.

http://webmail.earthlink.net takes you to Earthlink's Webmail access.
Use your full e-mail address and password to log in, and set the
spamblocker to high. It will add a folder called Suspect Email, where
anything that isn't in your on line address book will go. I just click
on it, and delete anything between 140 and 160 KB. I am still getting
over 200 an hour, but I am not wasting the time to download and delete
them. I just leave a page open to Earthlink's Webmail access while I am
on line, and click on delete about every 5 to 10 minutes.
--


Michael A. Terrell
Central Florida

Yes, you would need to be on-line continually to deal with Earthlink's
horrible Webmail system. Even if you put everything in the suspect folder,
it counts against your 10 meg total until you delete it. They will empty
the folder only ever 14 days when it fills up in 30 minutes. So it is a
worthless option. Also, they allow only 500 addresses to be blocked, so you
cannot even block the spam, which they refuse to call spam, because then
they would need to do something about it. Earthlink sucks.

"David Stinson" wrote in message
...
wrote:

I just changed my e-mail address. Dave, what filter are you using?
Earthlink does not allow that kind of filtering, as far as I can tell.

I'm using the filters in my Netscape mail reader.
No way I'm changing my email address- too many years,
accounts and friends invested in this one.
73 Dave S.

Netscape is not going to filter out the stuff on the server. That
quickly fills up and jams everything.

"David Stinson" wrote in message
...
wrote:

I just changed my e-mail address. Dave, what filter are you using?
Earthlink does not allow that kind of filtering, as far as I can tell.

I'm using the filters in my Netscape mail reader.
No way I'm changing my email address- too many years,
accounts and friends invested in this one.
73 Dave S.

Netscape is not going to filter out the stuff on the server. That
quickly fills up and jams everything.

wrote:

Netscape is not going to filter out the stuff on the server. That
quickly fills up and jams everything.

I've got my mail reader set to download mail every 2 minutes, then the
filters take over. That keeps the server clean. Admittedly, if I
didn't
have DSL, it wouldn't work. No dialup could possibly keep up with the
mess.
The ISPs are going to have to do something soon; if you haven't noticed,
a great many regular users are, for all practical purposes, offline.
73 Dave AB5S

wrote:

Netscape is not going to filter out the stuff on the server. That
quickly fills up and jams everything.

I've got my mail reader set to download mail every 2 minutes, then the
filters take over. That keeps the server clean. Admittedly, if I
didn't
have DSL, it wouldn't work. No dialup could possibly keep up with the
mess.
The ISPs are going to have to do something soon; if you haven't noticed,
a great many regular users are, for all practical purposes, offline.
73 Dave AB5S

I'm using Mozilla's junk filtering, which has been
terrific. I have it set up to send all "junk" to
a separate Junk folder. I then do a quick check for
false alarms and then delete it all, but you can set
Mozilla to delete it after a period of time automatically.
You train the filter by manually flagging junk for a little
while and then it takes over. In the past couple of days
since I activated it, it's handled well over a hundred
swen messages, with no false alarms and maybe one or two
"misses."

David Stinson wrote:


I've got my mail reader set to download mail every 2 minutes, then the
filters take over. That keeps the server clean. Admittedly, if I
didn't
have DSL, it wouldn't work. No dialup could possibly keep up with the
mess.
The ISPs are going to have to do something soon; if you haven't noticed,
a great many regular users are, for all practical purposes, offline.
73 Dave AB5S

I'm using Mozilla's junk filtering, which has been
terrific. I have it set up to send all "junk" to
a separate Junk folder. I then do a quick check for
false alarms and then delete it all, but you can set
Mozilla to delete it after a period of time automatically.
You train the filter by manually flagging junk for a little
while and then it takes over. In the past couple of days
since I activated it, it's handled well over a hundred
swen messages, with no false alarms and maybe one or two
"misses."

David Stinson wrote:


I've got my mail reader set to download mail every 2 minutes, then the
filters take over. That keeps the server clean. Admittedly, if I
didn't
have DSL, it wouldn't work. No dialup could possibly keep up with the
mess.
The ISPs are going to have to do something soon; if you haven't noticed,
a great many regular users are, for all practical purposes, offline.
73 Dave AB5S

"Martin" wrote in message
et...

"Jeffrey D Angus" wrote in message
...


Dee D. Flint wrote:
My problem is not the attachments. My ISP kills them but then I get a
message saying that the email has been cleaned so it's still a deluge
of
emails.

Same here, after the first day and a half of the attached exe file
email, road runner kicked in and now I get the "This mail contained
name virus and has been deleted.

Jeff

That's interesting. My ISP doesn't kill the attachments, and that is
actually making it easier for me to get rid of all the follow-on garbage
too. With the NAV email option everything with that attachment gets
routed
immediately to the Deleted Items folder and I don't have to spend time on
the individual messages. Maybe you can get them to quit killing them ;-)



From what I am seeing, the attachments have a myriad of names so that
wouldn't help. Besides, I'd just as soon not download an virus laden
attachments anyway. Besides that, the attachments would make it take
forever to download all the messages. Not a good thing.

Dee D. Flint, N8UZE