More about "[Swen tiny FAQ] Filtering Swen mails with M$OE 6"

[GRL]

I think that there are some aspects to be cleared:
1) "To" and "Cc" lines must "anded" or "ored" (there are these two choices
in OE6)?
2) Do I have to click on "contains people" and to input my email address
both in the "To" line and in the "Cc" line?
3) My email address must be "anded" or "ored" with "people"?
4) When I select my email address and then the option "Message does not
contain the people below", BOTH "people" AND my email address are excluded
in the rule (and I think it's impossible to do otherwise). Isn't this
meaningless?

Giovanni

 

[Adam Russell]

I think that there are some aspects to be cleared:
1) "To" and "Cc" lines must "anded" or "ored" (there are these two choices
in OE6)?

You want and, I think.

2) Do I have to click on "contains people" and to input my email address
both in the "To" line and in the "Cc" line?

After you check From and CC then you should see 2 links saying 'contains
people'. Click each one of them, type in your email address, and click
options to change it to the NOT.

3) My email address must be "anded" or "ored" with "people"?
4) When I select my email address and then the option "Message does not
contain the people below", BOTH "people" AND my email address are excluded
in the rule (and I think it's impossible to do otherwise). Isn't this
meaningless?

Im not understanding 3 and 4. Hopefully my message above is sufficient.

 

[GRL]

Thank you, but my doubts still remain:
1) If I "AND" "To" and "Cc" lines, if the rule descriptions I input are
absent in one of the two conditions, the rule does not have any effect;
2) When I use the option to change to NOT my email address, I find that BOTH
the rule descriptions ("people" and my email address) are NOTed (at least,
my OE6 does it). So the the rule seems to me meaningless.
Giovanni

 

[David Stites]

Thank you, but my doubts still remain:
1) If I "AND" "To" and "Cc" lines, if the rule descriptions I input are
absent in one of the two conditions, the rule does not have any effect;

What you want:

If the To: header does not contain my name AND the Cc: header does not
contain my name;
Reject the mail (or delete, or whatever) I am not making these rules in OE.

I set up Not the To: header reject
and
If contains .exe attachment reject

No Swens in over 12 hours.

Dave

 

[FromTheRafters]

I think that there are some aspects to be cleared:
1) "To" and "Cc" lines must "anded" or "ored" (there are these two choices
in OE6)?

Anded, because you want both to not contain your address.

2) Do I have to click on "contains people" and to input my email address
both in the "To" line and in the "Cc" line?

Yes, the result should be:

Apply this rule after the message arrives
Where the To line does not contain 'My address'
and
Where the CC line does not contain 'My address'
Delete it from server

In other words, if your address is not anywhere in there, delete
from the server.

3) My email address must be "anded" or "ored" with "people"?

Your address replaces both "people's" which are just placeholders
for you to click on to get to the "add" dialog box.

4) When I select my email address and then the option "Message does not
contain the people below", BOTH "people" AND my email address are excluded
in the rule (and I think it's impossible to do otherwise). Isn't this
meaningless?

You need to replace both "people" with your address. One for the
"To" and one for the "Cc" (leave the "and" alone) and reverse the
logic for both :"To" and "Cc" to end up with:

Apply this rule after the message arrives
Where the To line does not contain 'My address'
and Where the CC line does not contain 'My address'
Delete it from server.

Boolean algebra would show this to be the same as...

"If either "To" or "Cc" does have my address, do not delete
from server.

 

[Jim Leder]

But doesn't the use of 'and' imply that both cases need be true? The
use of 'or' implies that only one of the two tests need be true.

 

[David Stites]

But doesn't the use of 'and' imply that both cases need be true? The
use of 'or' implies that only one of the two tests need be true.

Exactly. If the To: doesn't contain the address AND the Cc: doesn't contain
the address, delete it.
If either one DOES contain the address accept it.

Dave

 

[FromTheRafters]

But doesn't the use of 'and' imply that both cases need be true? The
use of 'or' implies that only one of the two tests need be true.

Yes, and you *do* want *both* to not contain
your address if the delete action is to take place.
Otherwise you would be deleting any mail actually
having your address in either of those fields.

If the action were "do *not* delete from server,
then you would have not "notted" the individual
criterion and would have needed to *or* the
compound rules two parts.

....isn't logic fun?

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Mon, 6 Oct

...isn't logic fun?

Might make more sense if you created a truth table for the OP. <g>

 

[R]

THIS IS NOT A SPAM EMAIL/NEWSGROUP POST. You may be unaware but there is a
new malicious virus going around that causes you to send out emails with
viruses. These emails will already have been sent to everyone on your
contact list/address book if you have it. Please urgently forward this
email to everyone on your contacts/address book so that they may check their
own PC. Do not worry about sending them the virus, you will have already
done so if you do have the virus! This is microsoft's report on this virus.
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

The fact that you are sending out these virus infected emails indicates that
you probably have a virus on your PC that is automatically sending out
emails with viruses without your knowledge. You can verify below whether or
not you may have the virus. After reading this you should virus check your
PC with the latest anti virus definitions. If you do not have anti virus
software you should connect to the internet and click here Scan your PC for
viruses now!
http://click.linksynergy.com/fs-bin/click?id=jGkJDpd6dW0&offerid=50252.6&type=1&subid=0

Only email me if you wish more info and want to opt in to a mailing list.
----------------------------------------------------------------------------
----

Extract from Anti Virus companies regarding "W32.Swen.A@mm" worm.
NOTE: This threat was previously detected as Worm.Automat.AHB

Due to an increase in submissions, this has been upgraded W32.Swen.A@mm to
Category 3, as of 6:30pm Thursday, September 18, 2003. It is also rapidly
heading towards being a high risk.

W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread
itself.

The worm can arrive as an email attachment. The subject, body, and from
address of the email may vary. Some examples claim to be patches for
Microsoft Internet Explorer, or delivery failure notices from qmail.

This worm exploits a vulnerability in Microsoft Outlook and Outlook Express
in an attempt to execute itself when you open or even preview the email. If
you do not have anti virus software you should connect to the internet and
click here Scan your PC for viruses now!


Information and a patch for the vulnerability IF YOU DO NOT ALREADY HAVE THE
VIRUS can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
however this will only protect you IF YOU DO NOT ALREADY HAVE THE VIRUS.
Install this patch after you confirm that you are clear of the virus.

Here is some information on what the virus does:

1. This virus attempts to trick you into installing it by pretending to be
a security vulnerability patch from Microsoft.

2. Upon executing it asks if you want to install the latest security
patch.

3. If you say no, it still installs itself but without your knowledge. If
you say yes then it displays messages that appear that it is installing an
update to windows.

4. Modifies the value:

"DisableRegistryTools" = "1"

in the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

TO PREVENT THE USER RUNNING REGEDIT ON THE COMPUTER (see below*)

5. Puts a copy of itself to %Windir% with a randomly generated filename.


6. Searches .html, .asp, .eml, .dbx, .wab, .mbx files on the computer for
email addresses.


7. Creates the file, %Windir%\Germs0.dbv, where it stores the email
addresses it has found.


8. Creates the file, %Windir%\Swen1.dat, where it stores a list of remote
news and mail servers.


9. Adds the following values to the registry:

"Server"="<The IP address of the SMTP server that the worm retrieves from
the registry>"
"Mirc Install Folder"="<location of mirc client on system>"
"Installed"="...by Begbie"
"Install Item"="<random>"
"Unfile"="<random>"
"CacheBox Outfit"="yes"
"ZipName"="<random>"
"Email Address"="<The current users email address that the worm retrieves
from the registry>"
to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\<rando
m set of letters>


10. So that it can run itself it adds a randomly named value to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

11. Modifies the registry keys:
HKEY_LOCAL_MACHINE\Software\CLASSES\regfile\shell\open\command
HKEY_LOCAL_MACHINE\Software\CLASSES\scrfile\shell\open\command
HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command
HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command
HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command
HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command

12. Checks the computer to find messages sent by itself and deletes them
so there is no trace that the PC has sent any virus infected emails.

How do you know if you've been infected?

Display of a series of dialog boxes
Unexpected termination of various security and anti-virus products.
Inability to run RegEdit on the victim's machine


*IF YOU CANNOT RUN REGEDIT ON YOUR PC YOU ARE PROBABLY INFECTED or this has
been turned off by your computer system administrator. If you are on a
network check with your system administrator.

Click <start>, Click <run>, type regedit and click <OK>. Registry editor
should run, it looks similar to windows explorer but has a name of Registry
Editor in the name bar at the top. If it has run ok then close it with the
X in top right. If the program ran ok this does not confirm that you are
not infected. It could mean that your registry may be corrupted and the
virus was unable to stop the program from running.

For further information visit Anti Virus now!
http://click.linksynergy.com/fs-bin/click?id=jGkJDpd6dW0&offerid=50252.6&type=1&subid=0