virus warning message spam

[Steven Pritchard <steve@silug.org>]

So given that a) we don't run Windows, and b) every one of the Windows
email viruses going around spoofs the sender address, I'm *really*
sick of receiving warning messages from other people's poorly
configured virus filters.  I dug through my procmail log and found as
many of the subject lines from those messages as I could in order to
set up header_checks rules to block the damn messages.  I feel like
sharing, so the results are below.  :-)

Oh, and on this subject, I used to feel bad that majordomo replied
with a message whenever email was held for moderation, since it ended
up replying to the wrong person when it received virus messages, but
I'm doing virus filtering with amavis now, so I don't think those
messages are necessarily a bad thing anymore.

Add this to your header_checks pcre map (Postfix users only):

/^Subject:.*A mail message with subject .* contained a virus$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Antigen found VIRUS=/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Attachments not Delivered by MailScan\!$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*A virus  *was detected in the message$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Email was scanned, virus was removed:/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Failed to clean virus file/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*GateLock Virus Notification\.$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Important Notice: VIRUS GEFUNDEN\!$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*InterScan_Virus_Alert/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Mail Cleaner Virus Alert$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*MAIL GATEWAY ALERT$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*\[MailServer Notification\] ?To (Sender|Recipient) virus found and action taken\.$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*MDaemon Warning - Virus Found$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*moscas \(infecciones\)/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*NAV detected a virus in a document you authored\.$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Net Integrator Virus Alert$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Non delivery report: .*\(Virus infection\)$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Norton AntiVirus detected (and quarantined )?a virus in a message you sent/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Norton AntiVirus failed to scan an attachment in a message you sent\./	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Norton Antivirus ha rilevato un virus nel documento/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Returned due to virus;/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Returned mail: Possible Virus Infection$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*re\..*\{VIRUS\}/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*ScanMail Message: To .* virus found and action taken\.$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Symantec AntiVirus\/Filtering for Domino$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Symantec AVF detected a.*virus in a message you sent/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:Symantec Mail Security detected a.*virus/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Undelivered \(Virus\)$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject: Virus Alert$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Alert - ScanMail for Lotus Notes/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Check Alert/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*VIRUS.*dans votre courrier$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Detected by Network Associates, Inc\. Webshield/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus detected in attachment$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Detected in Email you sent\.$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus detected in mail/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus detected in ".*"$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus detected$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Detected$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Discarded$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*VIRUS en su e-mail/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus(es)? incident$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus(es)? picked up by Virex$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus found in a message you sent$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus found in (message|mail) from you\!$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus found in sent message/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus found in sent message$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus found in (sent|the) message/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus incident$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Infection Alert\!/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*VIRUS INFECTION ALERT/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*VIRUS.*IN MAIL FROM YOU$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus intercepted$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*VIRUS IN YOUR MAIL/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus n\xe1jden\xfd vo Va\xb9ej po\xb9te/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*\[VIRUS REMOVED\]/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Virus Scan detected a virus in an email you sent\.$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus trouve dans le message envoye/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*virus trovato in un messaggio inviato/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Warning: antivirus system report$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Warning: E-mail virus(es)? detected$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Warning: E-mail virus(es)? detected$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*Warning: E-mail Virus \(virii\) Detected$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*WARNING: YOU MAY HAVE A VIRUS$/	REJECT We didn't send you a virus so don't send us your spam.
/^Subject:.*WARNING: You tried to send a potential virus or unauthorised code$/	REJECT We didn't send you a virus so don't send us your spam.

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7360             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.