JBDGMGR (Teddybear) Hoax

[Spicer, Kevin]

>We have seen as reported a resurgence in this nuisance hoax email.
>In its most innocent guise, its still catching some of our unsuspecting
>users. 

Same here, loads of them today!
 
>We know this is a bit off track but is anyone willing to share any sendmail
>tricks (if there any) that can block these emails.

Spam Assassin seems to catch them, perhaps by tweaking the scores you could give them a very high score and then set MS to delete high scoring spam (setting the theshold high).

My guess is that catching them with sendmail would be tricky since they are sent by real users all the headers and even the subject can change randomly.

Now if some perl guru could write a bit of code for MailScanner that picked up the hoax rules from the scoring information mailscanner returned and let us insert '{HOAX?}' rather than '{SPAM?}' for those emails that would be special.... not the easiest though. [just thinking aloud]

>If we remember rightly there was a 'Greetings' Hoax as well, if any body has
>anything on that as well it would be gratefully received.

The spam.assassin.prefs.conf distributed with mailscanner has SA rules for that.  Although they seem to have stopped since the website was removed.




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.