Outlook Rules Wizard

  • Thread starter Thread starter Marcia
  • Start date Start date
M

Marcia

I'm being plagued with all those emails generated by the
swen virus (fake MS virus updates, attachments, returned
emails, etc. etc.)and I'm trying to create better rules
for them, but I have some questions that I hope someone
out there can answer for me:
1) Is there a way to create additional "conditions" that
the Rules Wizard uses when you create a new rule? There
is several listed already, but none of them meets the
criteria I want to use. So far I have successfully
redirected 97% of them from my inbox, but I've had to make
approximate 150 rules to do it. I'm trying to condense
them into 10 or 15 if possible, but the
existing "conditions" don't cover what I need.
2) Would it be faster to run a few long rules rather than
150 short rules?
3) Is there a character limitation on the "Rule
Description" field?

Thanks in advance for your help-Marcia
 
This virus is a tough one to block using subject line rules. Swen uses multiple word lists to concatenate it's subject line phrase - the combinations are almost limitless. More info - http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

A better tactic might be to create rules to delete messages of specific sizes. All of the Swen messages I have been getting in my Hotmail mailbox are either 156K (fake MS patch) or 144K (undeliverable report). One rule for each size should do the trick. Of course, there is a small chance of being sent a legit message which is one of these sizes, so double check the Deleted Items folder before emptying it. Bet this 2 rule solution gets more than 97% of them, plus Outlook won't be bogged down by 150+ (!!!) rules.

Hope that helps!

Matthew Clark
A+, MCP, MCSE, MOS, Network+
 
Okay, I'll try your suggestion and I'll let you know how
it went. Is there anything being done to stop these
emails once they've started? There's got to be some
ingenious person out there who can save us all....Thanks
for your help.
Marcia
-----Original Message-----
This virus is a tough one to block using subject line
Click to expand...
rules. Swen uses multiple word lists to concatenate it's
subject line phrase - the combinations are almost
limitless. More info -
http://securityresponse.symantec.com/avcenter/venc/data/w32
(e-mail address removed)
A better tactic might be to create rules to delete
Click to expand...
messages of specific sizes. All of the Swen messages I
have been getting in my Hotmail mailbox are either 156K
(fake MS patch) or 144K (undeliverable report). One rule
for each size should do the trick. Of course, there is a
small chance of being sent a legit message which is one of
these sizes, so double check the Deleted Items folder
before emptying it. Bet this 2 rule solution gets more
than 97% of them, plus Outlook won't be bogged down by
150+ (!!!) rules.
 
Not really. The current e-mail system is based on 30 year old technology and the bad guys have figured out how to exploit the weak spots. MSFT and others have begun working on a more secure form of e-mail, but it's likley years away.

Just do what you can to mitigate this junk (don't post your e-mail address on the web, don't forward dubious sounding warnings, etc.) and take comfort in the fact that there's a special place in HELL waiting for the spammers, virus writers, and spyware authors! :-)

Matthew CLark
A+, MCP, MCSE, MOS Master, Network+
 
Back
Top