Script to remove SoBig/F virus from POP3 mailbox

[Alex]

Under the gun, I've written a Python script to delete emails containing this
latest virus/worm (Sobig-F) from a POP3 mailbox.

http://www.tranzoa.com/extras.htm#remove_email_virus

The script is a quick-and-dirty, no question, but it's sure doing the job on
megabytes of garbage without too much bandwidth use (it gets the top 150 text
lines of the emails).

Interestingly enough, it shows that most of the bad email we're getting can be
traced back to a few IP addresses. (Are you listening, 206.228.159.186 and
212.234.58.156 and 81.96.121.126?) That fact indicates that if an ISP or net
admin were to pull the plug on a just a few connections, the net would lose a
lot of wasted bytes and traffic.

Alex

 

[Skip Montanaro]

Alex> Under the gun, I've written a Python script to delete emails
Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

...

I wrote something similar today for scrubbing Mailman 2.1 pending
administrative requests. I've killed over a thousand messages for the
python-help mailing list so far. It's crude, but saves a huge amount of
pointing and clicking. If you'd like a copy, drop me a note. If enough
people are interested and it seems like there's no other easy way to
accomplish this with the usual Mailman means, I'll place a copy on my
website.

Skip

 

[Neil Hodgson]

Skip:

I wrote something similar today for scrubbing Mailman 2.1 pending
administrative requests.

I have created a similar script. It requires ClientCookie and ClientForm
(URLs in the script) and blindly discards all moderation requests.
http://www.scintilla.org/DiscardModeration.py
Modify the script to point to your host, lists and password and then run.
If your admin URL looks like "http://mailman.XXX/mailman/admindb/YYY" then
YYY is the mailing list name and "http://mailman.XXX/mailman/admindb/" the
host. Tested with Mailman 2.1.2 and client side Python 2.3.

Neil

 

[Alex]

Alex> Under the gun, I've written a Python script to delete emails
Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

...

I wrote something similar today for scrubbing Mailman 2.1 pending
administrative requests. I've killed over a thousand messages for the
python-help mailing list so far. It's crude, but saves a huge amount of
pointing and clicking. If you'd like a copy, drop me a note. If enough
people are interested and it seems like there's no other easy way to
accomplish this with the usual Mailman means, I'll place a copy on my
website.

Skip

Heck, why not post? "When in doubt, ship it out."

Actually, my script was small enough to simply include in the newsgroup posting.
But, it's usually handier for people to get things from the web site than trying
to sort through old news messages.

As indicated in the private email, I solved two particular problems we had:

1) Used TOP to read just the start of the emails so that our bandwidth wasn't
saturated by full, virus emails.

2) Deleted virus scanner bounces that contained the whole, danged virus file
attachment.

Alex

 

[Skip Montanaro]

Alex> Under the gun, I've written a Python script to delete emails
Alex> containing this latest virus/worm (Sobig-F) from a POP3 mailbox.

Alex> Heck, why not post? "When in doubt, ship it out."

It's available as

http://manatee.mojam.com/~skip/python/mmdiscard.py

Alex> Actually, my script was small enough to simply include in the
Alex> newsgroup posting.

Mine too. I just wasn't sure if that was the right way to do things in a
Mailman environment. Clearly, if you have direct access to the machine
there are going to be faster ways to clear the backlog.

Skip

 

[Kevin Altis]

Like Alex I wrote a script last week to auto-delete potential virus
attachments from my POP account. The code uses the poplib module and email
package and downloads the full message to completely parse the attachments
before deciding whether to delete the message or not. The latest version is
sitting in cvs. No warranties implied, but I've been using it without
problems since Friday.


http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pythoncard/PythonCardPrototyp
e/samples/fpop/emailfilter.py

ka