Another SWEN coming in every hour

[Jan Il]

Apparently, because it does work.

Whoa! Boy! ..do you like to take things out of context. Well...now here's a
real good word for ya..if you're gonna quote me, cowboy, you best make DAMN
sure you get the facts straight! Got it!!

NOOOO...I does NOT...not any more.....not for everyone at this point, you
bullheaded moron. That is what I am trying to tell you! And if you weren't
such an egotistical ass, you might just sit back and see what is going on.
But, jerks like you have to be right all the time, even when they are wrong.

This is why I make it a point never to engage in a duel of wits with the
unarmed.

Plonk!

 

[Jan Il]

In Message-ID:<fpSeb.36797$gv5.2240@fed1read05> posted on Thu, 2 Oct


Chill neighbor,
you're needlessly compromising your health,
and possibly alienating any potential help.

I don't use OE, so can't be of specific assistance, but the way you
describe once functional features losing their functionality might be a
clue to something.
Have you run an AV scan to assure that something hasn't bit you?
Maybe some option box got un-checked accidentally,
happens to me from time to time,
or maybe there's a limit to the number of arguments a rule can
accommodate, and as new words are added, previous ones are rolling off?
I can endorse the pre-screener (Mailwasher Pro) I'm using as being
effective in my case, and it might be worth exploring its utility to
yourself. Doesn't look like swen is going away anytime soon.

Bart, I appreciate your concern. But, I would not have come here and
made this statement unless I had made sure I was certain of my facts.

I ran an AVG scan, Spybot, Adware, House Call, as many and all that I could
to make sure nothing was lurking and there was no "HAL" on board. I reset
all of my Rules, and even added some, I checked and rechecked all the
settings. I could not believe myself that this thing had somehow found a way
to over ride the Rules. But, all I can say is, if you want to believe it or
not, it has, and it does, and the game plan is not the same. The playing
field has changed. I do have Mailwasher in place, and I will monitor it to
see what happens there.

You're right, Swen is not going to go quietly into that good night. Heck,
I'm no virus guru, but, even I can see the changes that are taking place on
a daily basis. But, it is another story when it can detect and over ride
settings like this. That is why I wanted to post this here, so that someone
else might pick up on it too. It may be that the strain that I got has not
hit everyone yet, so you folks may not have seen this yet, or maybe not even
noticed it, but, it is happening. It is over riding, bypassing,
circumventing, whatever you want to call it. I guess it is because I had not
had any Swen related messages in over 3 days, then suddenly started seeing
the same ones that I had used to set the rules for showing up out of
nowhere, with attachments, and all the nomenclature, and yet, the rules had
been stopping them or putting them in the delete box before. Now, they were
showing up in my Inbox again. I did check each and every word in the From,
To, Subject Line, body, anything that could signify that they were all
somehow new and not the same as before. But, not so.

Well, what you folks choose to do with the info is up to you. It just
bothered me that this thing seems to be sort of "thinking" if you will. Or,
the person(s) behind it are trying to stay one step ahead to keep it going.
If they are smart enough to write something like this crap, they are surely
smart enough to be able to over ride or circumvent some simple OE rules. I
am not new to in-depth research of various computer problems, and there are
many MVP's in several other newsgroups that can attest to that. So I make
sure all my ducks are in a row before I post my findings. I would not have
come here and made this statement if I was not sure.

Jan

 

[W. Blevins]

Well, what you folks choose to do with the info is up to you. It just
bothered me that this thing seems to be sort of "thinking" if you will.

<shakes head>

 

[Bart Bailey]

In Message-ID:<h5Ueb.37037$gv5.17954@fed1read05> posted on Thu, 2 Oct

I do have Mailwasher in place, and I will monitor it to
see what happens there.

I have reduced my Mailwasher filters to two, one that filters for HTML
in the body, and one that filters for any of three words in the header
("Network", "Freelotto", "Microsoft")
I have my AOL using sister in the friends list, which precedes the
filters, or the HTML rule would get her. Agent handles her HTML emails
just fine (as text) and can "not show" the formatting tags.
I don't know what to tell you about your dysfunctional OE rules, but I
don't think swen has morphed, or it would have started to look different
here too.

BTW: You turned out to be someone other than I initially thought, Figgs
threw me a curve, but you still are quite an accomplished person, even
more so that whom I had suspected.

Here's hoping you can sort out the daemons in OE, I flushed it several
years ago, and haven't missed it a minute <g>

 

[FromTheRafters]

Plonk!

Be sure to let us know if Bill manages to evade your killfile settings.
I'm sure someone here can help with an appropriate ruleset. ;O)

 

[Jeebus Whistlehands]

Be sure to let us know if Bill manages to evade your killfile settings.
I'm sure someone here can help with an appropriate ruleset. ;O)

Heh heh heh

 

[FromTheRafters]

In Message-ID:<vMQeb.36608$gv5.20360@fed1read05> posted on Thu, 2 Oct


I don't know if OE allows filtration for words occurring in the body,
but if you can filter against "HTML" you will get 90 some odd percent of
it.

It can, and you can, but it requires downloading the message to do so.
I think that you have to apply all of the "delete from server" rules, each
with an accompanying "stop processing more rules" rule, to speed things
up a little. After that it does little good to try to avoid downloading mail
by rules which require the downloading action in order to work.

....and of course, some people *like* HTML e-mail as long as it isn't
malicious.

 

[Robert Green]

randomly, and other e-mail that
you

Sorry....but, that don't work. I tried your suggestion, but, I still got 37
of the same crap coming in within 20 minutes. So...this alone does not
block the ever elusive quick-silver. It seems to just ignore your e-mail
address. It is not interested in you...and does not care if the mail is
addressed to you or not. Same with the Rule for anything with an attachment.
I still get all the same stuff as before. It seems to have somehow
overwritten these Rules. It seems the only thing that the Rules controls at
all in any way is some spam. Well...I have been tracking the OE6 Message
rules, and changing the rules to address various and sundry variations of
this junk, and I'll tell ya this...this stuff don't pay one dang bit of
attention to the majority of the OE Rules anymore. It's like it's been
programmed to over ride the most widely used ones. Especially the ones that
deal with the attachment issue, your e-mail address, certain words in the
From, Subject Line, Message Body.....nothing. It won't delete them, it
won't send them to the delete box, it won't delete them from the server
first, it is simply ignoring these all of these Rules.

So...this is not a sure fire protection plan either.

It works fine. You probably didn't up the filters correctly. There are
a number of posts on the group that explain how to do it.

Bob

--
Robert Green
FileRecovery.Biz
Data Recovery Services
Some nice freebies at http://download.filerecovery.biz
bob[dot]green[at] filerecovery[dot]biz

 

[Jason Wade]

It does, but not if you are deleting POP3 mail at the server.

Hmm.
So you need something that works on the header only, hmm.

Okay, use the Content-Type. The bogus patches have content-types
like this:

Content-Type: multipart/mixed; boundary="ukieuolyh"

So make a regular expression:

Content-Type: multipart/mixed; boundary="[a-z]+"

And the bogus bounces have content-types like this:

Content-Type: multipart/alternative; boundary="rhwufod"

So use another regular expression in another filter:

Content-Type: multipart/alternative; boundary="[a-z]+"

Or you could combine both regular expressions into one filter:

Content-Type: multipart/[ma][a-z]+; boundary="[a-z]+"

Or you could create a simpler--but more dangerous--regex:

boundary="[a-z]+"

Watch out for the last one; it could delete some real mail.

 

[Gabriele Neukam]

On that special day, Jan Il, ([email protected]) said...

Hmm...excuse me...but... is there a part of 'don't work' you do not
understand?

Perhaps it is you who doesn't understand. You have to make sure that you
insert the rules in the correct sequence. If you *first* apply some
other rules before the filtering on "not addressed to me", it won't
work.

For instance, if you have another rule set up on the top of the list,
like "put in special folder when larger than # kb", then it is too late
for filtering for the non-address, as the mails have already been
processed and downloaded.

Also the way OE rules are meant to be implemented, is a bit weird. You
first have to choose "contains my address", then go to "Options" and
inverse the rule. "Options" is only available if the rule has already
been created (yet).

Someone in a German newsgroup said <sarcasm> that this behavious is only
consistent with Microsofts menu design, as you also have to choose
"Start" for shutting down the computer</sarcasm>

And put the "does not contain my address" rule on the top of the list,
and check "when downloaded from server" and have the mails "delete"d or
whatever. OE rules are nothing but logical.


Gabriele Neukam

(e-mail address removed)

 

[Jan Il]

Bart -

In Message-ID:<h5Ueb.37037$gv5.17954@fed1read05> posted on Thu, 2 Oct


I have reduced my Mailwasher filters to two, one that filters for HTML
in the body, and one that filters for any of three words in the header
("Network", "Freelotto", "Microsoft")
I have my AOL using sister in the friends list, which precedes the
filters, or the HTML rule would get her. Agent handles her HTML emails
just fine (as text) and can "not show" the formatting tags.
I don't know what to tell you about your dysfunctional OE rules, but I
don't think swen has morphed, or it would have started to look different
here too.

I can truly understand the reluctance to think of anything different, and it
is much easier to explain by attributing it to the user's stupidity or
inability to do a very simple task properly.

If you are not having a problem that is truly great. But, that does not
negate the fact that I am, and there may be a lot more out there that are
too.

BTW: You turned out to be someone other than I initially thought, Figgs
threw me a curve, but you still are quite an accomplished person, even
more so that whom I had suspected.

I have no idea what you mean by this statement. Heather is not accountable
for me. She recommended this ng to me as a place to learn about viruses and
other slugs, and I came to do just that. But, I see that if something does
not directly bite others in the butt, it is not worth discussing. Being a
curious researcher this disappoints me, but, won't deter me. However, I
have now leaned to keep my research to myself due to lack of interest.

Here's hoping you can sort out the daemons in OE, I flushed it several
years ago, and haven't missed it a minute <g>

Well... there a few things I have learned here, and I've made some changes
in my efforts to keep the sewage at bay, including adding Mailwasher,
switching from Big Mc to AVG, and so forth. But, I have no doubt there will
be dragons there too at some point. A Dragon Lady's work is never done. <g>

Jan

 

[Jan Il]

Be sure to let us know if Bill manages to evade your killfile settings.
I'm sure someone here can help with an appropriate ruleset. ;O)

Bill? Bill who??? Oh..THAT Bill. Hmm.....nahhh...he's just
grumpy...contrary, and easy enough to ignore. . ;-))))

 

[Jan Il]

It works fine. You probably didn't up the filters correctly. There are
a number of posts on the group that explain how to do it.

I do know how....'nuf said.

Bob

--
Robert Green
FileRecovery.Biz
Data Recovery Services
Some nice freebies at http://download.filerecovery.biz
bob[dot]green[at] filerecovery[dot]biz

 

[Chopper]

take your lithium

Bart -



I can truly understand the reluctance to think of anything different, and it
is much easier to explain by attributing it to the user's stupidity or
inability to do a very simple task properly.

If you are not having a problem that is truly great. But, that does not
negate the fact that I am, and there may be a lot more out there that are
too.

I have no idea what you mean by this statement. Heather is not accountable
for me. She recommended this ng to me as a place to learn about viruses and
other slugs, and I came to do just that. But, I see that if something does
not directly bite others in the butt, it is not worth discussing. Being a
curious researcher this disappoints me, but, won't deter me. However, I
have now leaned to keep my research to myself due to lack of interest.


Well... there a few things I have learned here, and I've made some changes
in my efforts to keep the sewage at bay, including adding Mailwasher,
switching from Big Mc to AVG, and so forth. But, I have no doubt there will
be dragons there too at some point. A Dragon Lady's work is never done.

 

[Jan Il]

take your lithium

LOL!!

But, careful Chopper, you're top posting....you'll get your flannels singed.
<vbg>

Jan

 

[Jan Il]

On that special day, Jan Il, ([email protected]) said...


Perhaps it is you who doesn't understand. You have to make sure that you
insert the rules in the correct sequence. If you *first* apply some
other rules before the filtering on "not addressed to me", it won't
work.

For instance, if you have another rule set up on the top of the list,
like "put in special folder when larger than # kb", then it is too late
for filtering for the non-address, as the mails have already been
processed and downloaded.

Also the way OE rules are meant to be implemented, is a bit weird. You
first have to choose "contains my address", then go to "Options" and
inverse the rule. "Options" is only available if the rule has already
been created (yet).

Someone in a German newsgroup said <sarcasm> that this behavious is only
consistent with Microsofts menu design, as you also have to choose
"Start" for shutting down the computer</sarcasm>

And put the "does not contain my address" rule on the top of the list,
and check "when downloaded from server" and have the mails "delete"d or
whatever. OE rules are nothing but logical.

Gabriele, I appreciate your time to provide this information, and, truly, I
do know how to set the Rules, and that there are certain procedures as to
how they work. I made sure that I researched all the information and fully
understood how the process is to be performed in order to get the proper
results. I always read what comes with, so that I understand what is with,
otherwise, how will I know what to do with?

I have run some further tests, and since I have Cox cable, I can access my
account from the webmail before I open my OE which will download then
download the files. Which means I can review whatever is hanging out there
in my account before it gets downloaded, at least as much as my account will
hold. Thus, I know that I am not getting all the various other Swen messages
with attachments dropped into my OE Inbox, ONLY the specific ones.

BTW...yes, I got a copy of the Mircrosoft comparison you mentioned
yesterday. Loved the come back...<bg>

Best regards,
Jan

 

[Stuart Gray]

"Jan Il"

As you have probably already surmised - this NG is populated by W.Blevins
and sycophants as in
http://www.stormloader.com/users/moelane/innomine/choirsbands/Sycophants.htm
Have you noticed you never get an actual answer or even a discussion that
leads to a clue of an answer? Except from a few brave souls that dip in here
occasionally, such as yourself. I lurk here just to see the latest toadying,
it's sort of like a binary "big brother" thing for me. Sad eh? But it does
keep me amused. Reminds me of one of my users who said he had a "1 in 10
warning" on his PC. Turned out it was an I/O error. That seems to be the
level of problem solving here. Wish I could give you something more solid to
work on with your problem, but Outlook and its rules are not my forte, and I
hope my little message at least brought a smile to your lips.

Stuart.

 

[FromTheRafters]

If you are not having a problem that is truly great. But, that does not
negate the fact that I am, and there may be a lot more out there that are
too.

The way I see it, if the filter rules were working before, and
they aren't working now, then one of the following is true:

1) The filters have somehow changed
2) The worm has somehow changed
3) I am misunderstanding something

You checked the filters ~ no change.

You would notice if the worm e-mail that evaded the filter met
the criteria of one of the filter rules, but not necessarily whether
or not that particular rule had always been ineffective and that
it was another rule that had always worked in the past.

I usually apply rules with actions to highlight with color and
test their effectiveness that way, but with Swen (if I were to
be getting them) I would probably not bother, as there would
be far too many of them to look at.

That being said, if what you describe had been happening to me,
I would reluctantly settle on item three. I would then take steps
to remedy the situation by changing the rules to highlight with
color to determine which rules never seem to be effective and
attempt to discern why that is.

The "stop processing more rules" rule is an important consideration.
If the filter program sees a whitelist criteria to "send to folder" and
then a "delete from server" criteria it may very well download first
and then delete, which is what it would have done if no rules had
existed. It may not matter in what order the filters were set up if
the algorithm is "check all criteria" and then "take all actions"
rather than "check first criteria" and then "take first action". The
program may see the illogic of deleting before downloading to
check a whitelist rule. If the whitelist criteria is followed by the
"send to folder" and then a "stop processing more rules" then the
appropriate actions can be taken on the whitelist rule without any
concern for other rules. It is like having "end" statements in a
program ~ even if you believe that there is no chance that program
flow would ever reach that statement

I have seen Swen headers with random letters as the <username>
portion of the "From" e-mail address even though I haven't seen
this mentioned in the write-ups, so I suppose it is possible that
random changes could be made to the domain portions as well
to make the filtering harder, but if you are seeing @microsoft.com
when you know damned well that you have a rule to filter out
all @microsoft.com's, then I would investigate that rule and the
ones not separated from it by "stop processing" actions further
to see if it is thwarted by another rule.

The "stop processing" thing is to avoid making inadvertant
compound rules.

 

[Jan Il]

Hey Stuart!

"Jan Il"

As you have probably already surmised - this NG is populated by W.Blevins
and sycophants as in
http://www.stormloader.com/users/moelane/innomine/choirsbands/Sycophants.htm
Have you noticed you never get an actual answer or even a discussion that
leads to a clue of an answer? Except from a few brave souls that dip in here
occasionally, such as yourself. I lurk here just to see the latest toadying,
it's sort of like a binary "big brother" thing for me. Sad eh? But it does
keep me amused. Reminds me of one of my users who said he had a "1 in 10
warning" on his PC. Turned out it was an I/O error. That seems to be the
level of problem solving here. Wish I could give you something more solid to
work on with your problem, but Outlook and its rules are not my forte, and I
hope my little message at least brought a smile to your lips.

Stuart.

Well... there are plenty here who will take great pleasure in taking issue
with your assessment of my mental and emotional stability. So, you better
get ready to duck and run. But, thanks. <bg>

As for WB....nahh...he's just a tiresome and pathetic PITA. I was put
onto him early on by the regulars here. <g> But, every situation
needs a 'Devils Advocate'. But....actually, he's not nearly as good
at it as Bill....<giggle...>

Shooo! Viruses are not rocket science..more like baked beans, with a
bit of a variation of the recipe from one cook to another. But, some can't
accept anything except the way mom used to make them. Pity.

<hope my little message at least brought a smile to your lips.>

Yeppa...and thanks...;-)))))))

Jan

 

[scoopdamedia]

You should Update your Outlook Express so that it always asks permission
before downloading anything from Email or whatever.