FriendlyGreeting is Expanding
G. Armour Van Horn
vanhorn at whidbey.com
Wed Dec 4 22:17:42 GMT 2002
I just ammended spam.assassin.prefs.conf as we got some more of these through
today:
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
header FRIEND_GREETINGS3 Subject =~ /you received an e-card e-mailed/i
describe FRIEND_GREETINGS3 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS3 100.0
Here is most of a message that was redirected to me, I haven't seen an actual
delivered card yet:
Subject: Jeanie you received an e-card e-mailed by .
X-MailScanner: Found to be clean
Jeanie,
just emailed you an ecard.
Retrieve your greeting by clicking below.
http://www.FriendGreeting.com/pickup.aspx?code=Jeanie&id=0412024
Note;
Jeanie,
Read the greeting card I just sent.
So, I guess we are going to have to edit this every time a minor new variant of
this comes out? If so, do we have to change the identifier every time? That is,
will I soon be vlocking for "FRIEND_GREETINGS99" in my system?
Van
Julian Field wrote:
> At 16:28 13/11/2002, you wrote:
> >I am ready to just block all e-mail.
>
> Do that and I'll have to go back to collecting things (glasses, clocks,
> bottles of brandy...)
> :-)
>
> >I attached the two possibilitys now according to Mcafee. Does anybody
> >have a long term solution for these guys. I believe the rule that
> >Julian suggested adding to spam.assassin.prefs.conf only covers the
> >first one.
>
> I have only seen these two. The second one appeared last week. Updates for
> sendmail.cf or spam.assassin.prefs.conf are included here for everyone's
> benefit. If I hear any more news in this I'll let you all know.
>
> Stop them in sendmail:
>
> HSubject: $>Check_Subject
> D{FriendPat1}you have an E-Card from
> D{FriendPat2}you have a greeting card from
> D{FriendMsg}This message is probably a nasty E-Card.
> SCheck_Subject
> R$* ${FriendPat1} $* $#error $@ 5.7.1 $: ${FriendMsg}
> R$* ${FriendPat2} $* $#error $@ 5.7.1 $: ${FriendMsg}
>
> Or stop them in SpamAssassin:
>
> header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
> describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
> score FRIEND_GREETINGS 100.0
> header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
> describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
> score FRIEND_GREETINGS2 100.0
>
> --
> Julian Field Teaching Systems Manager
> jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
> Tel. 023 8059 2817 University of Southampton
> Southampton SO17 1BJ
--
----------------------------------------------------------
Sign up now for Quotes of the Day, a handful of quotations
on a theme delivered every morning.
Enlightenment! Daily, for free!
mailto:twisted at whidbey.com?subject=Subscribe_QOTD
For web hosting and maintenance,
visit Van's home page: http://www.domainvanhorn.com/van/
----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20021204/b54aa689/attachment.html
More information about the MailScanner
mailing list