Sudden surge in spam

Wed Aug 27 11:42:42 IST 2003

James,

I am running a similar setup as you except im using DCC and not using Pyzor..

Here is a copy of a header for the "Take advantage of lower interest rates" spam on my system.

Subject: {Spam?} Take advantage of lower interest rates
Date: Wed, 27 Aug 2003 06:28:14 -0400
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
X-Priority: 3
X-Mailer: mxMAILPro
Abuse2-Tracking: <cmRiQHJva2UuY28udWs=>
X-MailScanner-rsys001x: Found to be clean
X-MailScanner-rsys001x-SpamCheck: spam, SpamAssassin (score=20.3, required 5,
        BAYES_80 2.86, BULK_EMAIL 1.84, COMPLETELY_FREE 1.10, DCC_CHECK 2.63,
        FROM_NUM_AT_WEBMAIL 2.90, HTML_30_40 0.63, HTML_FONT_BIG 0.22,
        HTML_FONT_COLOR_RED 0.10, HTML_WEB_BUGS 0.10,
        HTTP_USERNAME_USED 0.66, LOW_INTEREST 2.29, MIME_HTML_ONLY 0.10,
        NORMAL_HTTP_TO_IP 0.70, THE_BEST_RATE 2.93, USERPASS 1.30)
X-MailScanner-rsys001x-SpamScore: ssssssssssssssssssss

Hope this helps

Dean Plant.

-----Original Message-----
From: James Pifer [mailto:mailscannerlist at TNJINFL.COM]
Sent: 27 August 2003 11:30
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Sudden surge in spam

No, these aren't Sobigs. I've been getting those for a couple weeks and
MailScanner has been tagging those. As a matter of fact I just changed
Sobig to be silent last week, so I don't even see them now.

The messages are like:
I Can Show You How To Lose WeightZIJSDRL
Take advantage of lower interest rates
Get prescriptions overnight and online dulpbnez atjeq

That's just 3 of the 8 I have in my inbox this morning. In the headers
it has "X-MailScanner:Found to be clean". There are also about a dozen
spams in the mailbox that MailScanner forwards spam to, so it's still
working. Just don't understand why all of the sudden some is getting
through.

Thanks,
James

On Tue, 2003-08-26 at 21:46, Hack Hawk wrote:
> Do the subjects of that spam contain phrases like "Wicked Screensaver" or
> "My Details"?  You're probably starting to receive emails from SoBig
> infected systems.
>
> All these emails were tagged as spam on my systems simply because .pif
> attachments receive a +4 rating or something like that.  :)
>
> At 06:38 PM 8/26/03, James Pifer wrote:
> >Got no responses on this. Anyone else have an increase of spam today? I
> >had 9 this morning get into my Inbox and 5 more by this evening, but
> >some are getting caught.
> >
> >Something I should be looking at specifically?
> >
> >Thanks,
> >James
> >
> >On Tue, 2003-08-26 at 06:36, James Pifer wrote:
> > > The last few days I've been getting a bit of spam each day, like one
> > > maybe two messages on my main account. Then this morning I had 9 spams
> > > in my inbox.
> > >
> > > Everything appears to be working normally as far as I can tell. I
> > > restarted MailScanner just in case. I'm running:
> > > MailScanner 4.21-9
> > > SpamAssassin 2.55-1
> > > Pyzor 0.4.0
> > > Razor 2.34
> > > F-Prot
> > > ClamAV
> > >
> > > Anyone else seeing this?
> > > What's the best way to tell if everything is working, maillog?
> > > How can I tell that Pyzor and Razor are being used correctly?
> > >
> > > I know it's at least partially working since I have spam forwarded to a
> > > specific mailbox, and it has new messages in it.
> > >
> > > Thanks,
> > > James

--
Registered Office: Roke Manor Research Ltd, Siemens House, Oldbury, Bracknell,
Berkshire. RG12 8FZ

The information contained in this e-mail and any attachments is confidential to
Roke Manor Research Ltd and must not be passed to any third party without
permission. This communication is for information only and shall not create or
change any contractual relationship.