Hi I use outlook express and want to be able to prevent the 100+ swen e-mails I get everyday--the virus attachement actually gets chopped by our mail server my inbox is a bloody joke--no amount of rules can catch all the permutations of the subject/sender etc...it's too randaom. Any suggestions? Even the domains are rapid changing so....
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
how to stop swen virus mails getting to my inbox??
- Thread starter elmurado
- Start date
Ever considered an Antivrus?
Besides, if you have an mailserver, it should stop the virus there, so you don't get it at all.
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Besides, if you have an mailserver, it should stop the virus there, so you don't get it at all.
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Get a firewall ( router based ) or at least software based ( Zone Alarm Pro or Notron Internet Security )
GET ON THE PHONE with your ISP like yesterday and ask what steps they are taking to prevent the attacks from happening.
Tell them you will bill them for every virus email you get that they did not filter out at 1 cent per message. And because of the TOS you agreed to, they are breeching that contract by allowing the continued abuse.
AND GET RID OF outlook express. Get OUTLOOK or Eudora.
GET ON THE PHONE with your ISP like yesterday and ask what steps they are taking to prevent the attacks from happening.
Tell them you will bill them for every virus email you get that they did not filter out at 1 cent per message. And because of the TOS you agreed to, they are breeching that contract by allowing the continued abuse.
AND GET RID OF outlook express. Get OUTLOOK or Eudora.
Since when does a firewall like ZoneAlarm stop emailviruses?
I don't know what contract you have with your ISP, but they will hardly be impressed with such demands. You cannot hold your ISP responsible for someone else sending you an email, virus infected or not!
I don't know what contract you have with your ISP, but they will hardly be impressed with such demands. You cannot hold your ISP responsible for someone else sending you an email, virus infected or not!
- Thread starter
- #5
Sorry guys, i didn't make myself clear--the viral attachment is caught by our mail server--the e-mail however comes through. This happens several hundred times a day for the twenty users in our office---At some point it will come close to a DOS attack if it grows exponentially. The engine they have creating the mails is smart enough to change the subject line or the spoofed address nearly every time it gets sent.
What I want to know is can the WHOLE mail be bounced at our mail server and if so how? Especially as the mail seems so random in its setup?
What I want to know is can the WHOLE mail be bounced at our mail server and if so how? Especially as the mail seems so random in its setup?
mattjurado
MIS
Agree with marcs completely, sounds like you have a mail scanner on your mail server, but its not working right. Make sure you have the latest updates, you might call tech support of the virus scanner for help. They might charge you, but you should get this resolved, sounds like a lot of virus activity. I don't know what's up with that other guy telling you to install zonealarm and complain to your isp.
Matt J.
Matt J.
- Thread starter
- #7
Cheers Matt! We have a very well known domain name so that seems to me to be the ease of getting some mail engine to 'create' addresses which is why our servers are getting hit. I'll check with the guys who setup the mail server config.
The virus scanner is pretty good as it was catching 0 day stuff from swen and blaster--just need to stop the mass mailing capability next and we'll be sweet--until the next time ;-)
The virus scanner is pretty good as it was catching 0 day stuff from swen and blaster--just need to stop the mass mailing capability next and we'll be sweet--until the next time ;-)
I've noticed that most of these w32swen emails are those pathetic "Microsoft Critical Update bull" - I have seen that all/most of those emails end in *msdn.com. So we have put this in the exceptions list of our firewall software. Dunno if you can try doing that under the Rules Wizard of Outlook if you don't have a firewall. Dunno if Outlook Express has the same sorta rules as it is a bit of a chopped down version.
I am experiencing the same problem as Elmurado except that I use Outlook 2002. I have Norton Internet Security 2003 and Norton AntiVirus 2003. And my ISP is doing what he can to block the known emails. The problem is not the virus itself. Just as Elmurado explained, the frustration is in receiving the email even after the virus attachment has been removed. Norton "deletes" the attachment, not the message. To compound the problem, several of the 100+ daily messages have no subject. Unfortunately, I have friends who seem incapable of filling in the subject line. So, I can not delete all of those.
I have a rule which deletes based on known patterns (such as MS Corporation), but many still get through. I tried automatically replying back to the sender but then I received dozens of undeliverable mail. It is frustrating.
Additional info... I have several email accounts on my domain. Some are accessed through Outlook, some through Outlook Express and some through webmail. Only the Outlook account is being bombed. In fact, it started moments after I posted a message on the Microsoft technical discussions site.
Ultimately, I too am looking at how to stop the mailing from ever getting to my account. While Norton is doing a great job, it can not check the mail before it arrives. Also, I see no settings in the Firewall that specify how to identify email before it arrives.
DnR - low costs; high service.
I have a rule which deletes based on known patterns (such as MS Corporation), but many still get through. I tried automatically replying back to the sender but then I received dozens of undeliverable mail. It is frustrating.
Additional info... I have several email accounts on my domain. Some are accessed through Outlook, some through Outlook Express and some through webmail. Only the Outlook account is being bombed. In fact, it started moments after I posted a message on the Microsoft technical discussions site.
Ultimately, I too am looking at how to stop the mailing from ever getting to my account. While Norton is doing a great job, it can not check the mail before it arrives. Also, I see no settings in the Firewall that specify how to identify email before it arrives.
DnR - low costs; high service.
- Thread starter
- #10
In complete agreement with you there rrascal. It's too random to setup rules --even in a firewall even if the so called heuristics are on full power!
I just thought that if we could work out how to do the block--based on some kind of 'smart' rule we'd get employed by symantec on megabucks ;-) I guess we'll all have to have honeypots one day....
I just thought that if we could work out how to do the block--based on some kind of 'smart' rule we'd get employed by symantec on megabucks ;-) I guess we'll all have to have honeypots one day....
The only thing you can do to block them in a 'smart' way is to use a spamfilter. You will have to choose based on either your mailserver or you client(s).
The one we use do catch all those swen and related ones, virus or not.
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
The one we use do catch all those swen and related ones, virus or not.
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Hi
I am a home user and I too am getting 10 to 30 swen emails per day to my home account
I use Mailwasher to kill them before they get to my email client - but any filters, firewalls etc. only stop them getting to your system - I want to stop them coming in in the first place - my only chance I suspect is that I use an alias for my email adddres which is configurable at my domain hosting company.
Incidently I had just posted a question on the Microsoft tech forum - I then started getting the Swen emails
Any updates or other suggestions would be appreciated
regards
Willsco
I am a home user and I too am getting 10 to 30 swen emails per day to my home account
I use Mailwasher to kill them before they get to my email client - but any filters, firewalls etc. only stop them getting to your system - I want to stop them coming in in the first place - my only chance I suspect is that I use an alias for my email adddres which is configurable at my domain hosting company.
Incidently I had just posted a question on the Microsoft tech forum - I then started getting the Swen emails
Any updates or other suggestions would be appreciated
regards
Willsco
- Status
Similar threads
- Locked
- Question
