New Virus with Fake Microsoft Address...

Forrest Aldrich forrie at FORRIE.COM
Fri Sep 19 08:38:19 IST 2003


Hmmm... I'm running 4.23-11 and don't see that in there, so perhaps the
update_MailScanner_conf didn't work correctly.

Anyone else have spamassassin rules that might be suitable here?



At 03:23 AM 9/19/2003, Julian Field wrote:
>At 08:26 19/09/2003, you wrote:
>>My antivirus scanners are cleaning it out - but the spam messages are still
>>making it through, so I figure if I can add spamassassin rules to this
>>setting, I can get spamass-milter to simply reject the message in the
>>transaction (saving me a lot of headaches and a huge packet filter list).
>>
>>I added that keyword below, anyhow.  What action will this take/create.
>
> From the latest MailScanner.conf:
>
>#    All-Viruses   : inserting this will stop senders being warned about
>#                    any virus, while still allowing you to warn senders
>#                    about HTML-based attacks.
>
>>At 03:16 AM 9/19/2003, Julian Field wrote:
>>>Please add "Swen Gibe" to your "Silent Viruses" list.
>>>
>>>Very recent versions of MailScanner have a special keyword that can be put
>>>in the Silent Viruses list called "all-viruses" so you can just add that
>>>and not bother keeping your list up to date any more.
>>>
>>>At 07:38 19/09/2003, you wrote:
>>>>This new virus appears to generate many (random?) subjects, so it's getting
>>>>difficult to narrow down.
>>>>
>>>>Has anyone filters for Spamassassin that will correctly identify this
>>>>virus?  I'd like to score this one high so they are rejected (via
>>>>spamass-milter)... it's been a huge problem all day.
>>>>
>>>>The fake messages have a preamble like this:
>>>>
>>>> >>>>>>>>>
>>>>MS User
>>>>
>>>>this is the latest version of security update, the "September 2003,
>>>>Cumulative Patch" update which eliminates all known security
>>>>vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook
>>>>Express as well as three newly discovered vulnerabilities. Install now to
>>>>continue keeping your computer secure from these vulnerabilities. This
>>>>update includes the functionality of all previously released patches.
>>>><<<<<<<<<
>>>>
>>>>
>>>>
>>>>Thanks,
>>>>Forrest
>>>
>>>--
>>>Julian Field
>>>www.MailScanner.info
>>>MailScanner thanks transtec Computers for their support
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list