473,796 Members | 2,677 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Swen Detection code

Writing pop3 filters in python seems to be a pretty popular activity
today. ;)

So far it looks like the actual executable attachment isn't mutating
like subject lines, from and to fields are. I wrote some code that
scans message bodies for content-types that shouldn't be executable
(such as midis and wavs) and also scans content-types that should be
executable for the virus signature.

I just included the whole base64 encoded virus in the source file so
it's too large to post to usenet. The code is available at:

http://www.cathoderaymission.net/~lo.../detectSwen.py

(I'll also email if anyone requests).

This code does NOT interface with pop or hit your mailserver. It only
provides a predicate function for virus signature detection. It also
doesn't do anything with bad bounces where the attachment has been
stripped.

As usual, use care when automatically deleting emails.

It'd also be a bad idea to do something like
file("test.exe" ,"wb").write(ba se64.decodestri ng(virusSig))) ;)
Jul 18 '05 #1
0 1271

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
60
7310
User Agent Detection Logic
by: Fotios | last post by:
Hi guys, I have put together a flexible client-side user agent detector (written in js). I thought that some of you may find it useful. Code is here: http://fotios.cc/software/ua_detect.htm The detector requires javascript 1.0 to work. This translates to netscape 2.0 and IE 3.0 (although maybe IE 2.0 also works with it)
Javascript
0
1520
Swen E-Mail Zapper Utility
by: Zane Thomas [.NET/C# MVP] | last post by:
If, like me, your connection is being swamped downloading copies of the Swen Worm and bounce messages, you might find the utility I wrote today useful. Source for the utility is distributed with the Abderaware Mail for .NET demo package. Later (tonight?) I'll _may_, time permitting, make an executable only with the registered version of the components so that the hourly nag-screen does not have to be tolerated. After installation the...
.NET Framework
18
2903
Pop-up detection advice needed by Java folks
by: Mickey Segal | last post by:
On comp.lang.java.programmer we are discussing problems created for Java programs by pop-up blockers (in the thread "showDocument blocked by new microsoft pop-up blocker"). Our problem is that Java's showDocument method, which opens new browser windows, is blocked by some pop-up blockers. The showDocument method is blocked even if the user clicked a button in a Java program to call showDocument. As a result, a type of user-initiated...
Javascript
8
4550
Browser version detection: How?
by: R. Smits | last post by:
I've have got this script, the only thing I want to be changed is the first part. It has to detect IE version 6 instead of just "Microsoft Internet Explorer". Can somebody help me out? I tried "Microsoft Internet Explorer 6" but that doesn't work. <SCRIPT LANGUAGE="Javascript"> <!-- bName = navigator.appName; if (bName =="Microsoft Internet Explorer") { document.write('<link media="screen" rel="STYLESHEET" type="text/css"
Javascript
5
2076
Swen -- can I make a new eccount with a non existing emailadress ?
by: Ronny Sigo | last post by:
Hello all, Since I strarted to log in in this newsgroup my mailbox gets overflooded with the well known phony Microsoft security update (Swen-virus) My question is: can I log in with a new account with a false emailadress, so the virus-mails won't get to my emailaccount anymore ? Any advice very much appreciated. Thanks, Ronny
Microsoft Access / VBA
7
2657
About memory leak detection.
by: mosaic | last post by:
Hi, all I really interested in how to check the memory leak of a program. Your smart guys, do you have excellent ideas that could share with me? Thank you. The following is my idea: In C programming language, there's a "malloc", there must a "free", my solution of the detection of leak is, find the corresponding "free" of "malloc". This the first condition.
C / C++
6
1977
Swen Worm Zapper
by: Zane Thomas [.NET/C# MVP] | last post by:
I have a c# console app that needs a bit of testing before I make it available for free (with source) to everyone. It's a simple program - at this time - which connects to your POP3 server, downloads _only the headers_, and if you have specified the delete (/d) switch it deletes messages matching the following rule: Size > SizeThreshold To header != Regex
C# / C Sharp
0
1929
Intrusion Detection Strategies
by: origami.takarana | last post by:
Intrusion Detection Strategies ----------------------------------- Until now, we’ve primarily discussed monitoring in how it relates to intrusion detection, but there’s more to an overall intrusion detection installation than monitoring alone. Monitoring can help you spot problems in your network, as well as identify performance problems, but watching every second of traffic that passes through your network, manually searching for...
Microsoft SQL Server
10
3265
Feature detection vs browser detection
by: Conrad Lender | last post by:
In a recent thread in this group, I said that in some cases object detection and feature tests weren't sufficient in the development of cross-browser applications, and that there were situations where you could improve the application by detecting the browser vendor/version. Some of the posters here disagreed. Since then, I've had to deal with a few of these cases; some of them could be rewritten to use object detection, and some couldn't....
Javascript
0
9684
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9530
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10459
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10236
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9055
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6793
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5577
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3734
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2928
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us