another update to the Killer HTML filter

[Trevor Smith]

Yet another update to the Killer HTML filter. This time I found a
killer HTML message with a slightly different line break patter which
would have slipped past my previous version of this filter.

Enter PMMail/2's filter setup and create a new filter (select
"Account->Filters...", and click "New") with the following settings.
You'll want to make this your first filter.

1. Enabled (checked)
2. Complex (checked) with these settings:

!(Header.Toid="$c.acctid$" | Header.Cc="$c.acctid$")
&
(Header.Content-Type="html")
&
(Body="LANGUAGE="JavaScript">IpVecIpV=")

3. Incoming (checked)
4. Actions:
   a) Set status "Read"
   b) Move message "Trash"
   c) Delete message "Local copy"
   d) Inform user

This filter assumes you do not have "true deletes" checked. If you
have "true deletes" checked, you should be able to eliminate step 4b.

This filter assumes you do not have "leave all messages on server"
checked. If you have "leave all messages on server" checked, you
should change step 4c to:

4. Actions:
   c) Delete message "Remote and local copy (incoming only)"

This filter checks 3 things: 1) if the incoming email is *not*
addressed to you in the To: or Cc: fields, 2) if the string "html"
appears in the "Content-type" header line and 3) if the incoming
email has a specific string in its body
('LANGUAGE="JavaScript">IpVecIpV=') which seems to appear in all the
killer HTML messages.

If these three conditions are met, the message will be marked as read
and permanently deleted. Also, the filter lets you know that a
message has been found and removed.

If you are extremely paranoid and worry that this filter might
accidentally delete a useful message, you can eliminate action 4c
(Delete message "Local copy"). You will then be able to look over the
messages in the trash folder to see if they really need to be
deleted.

CAUTION: THIS DEFEATS THE PURPOSE OF THIS FILTER. The purpose of this
filter is to remove the offending emails *BEFORE* you have a chance
to view them, either from the preview pane or by double-clicking.

Some notes:

1. This filter moves and deletes messages it identifies as "killer
HTML". Once a message has been moved or deleted by a filter in
PMMail, no other filters are applied to that message.

2. If someone were to send you a "killer HTML" message addressed
specifically to you in the To: or Cc: fields, this filter would not
delete it. This means someone could still purposefully crash your
copy of PMMail if they wanted to. Remove the first two lines of the
filter:

!(Header.Toid="$c.acctid$" | Header.Cc="$c.acctid$")
&

and this filter will delete *all* messages which appear to be "killer
HTML" messages, regardless of who they're addressed to.

3. I am not 100% sure that the search string I'm using appears in all
"killer HTML" messages. So far it has been in all the ones I've
checked, but that's not necessarily a guarantee it will be in all of
them.

Whenever you find a message that crashes PMMail when you attempt to
view it (either from the preview pane or by opening the message),
send it to me as an attachment (turn off your preview pane, then drag
the message -- without opening it -- from the message list to the
attachment area of an outgoing message and send it to me) at:

pmmailos2@blueprintsoftwareworks.com

Please let me know either in the subject or body of the message that
the attachment is a "Killer HTML" email.


Again, this is an interim solution until we can fix the bug in PMMail
which causes this crash.


-- 
 Trevor Smith          |          trevor@haligonian.com
 PGP public key available at: www.haligonian.com/trevor