New Virus with Fake Microsoft Address...

Julian Field mailscanner at ecs.soton.ac.uk
Fri Sep 19 08:46:26 IST 2003 

At 08:38 19/09/2003, you wrote:
>Hmmm... I'm running 4.23-11 and don't see that in there, so perhaps the
>update_MailScanner_conf didn't work correctly.

The upgrade_MailScanner_conf worked exactly as I intended. Whether I
intended "the right thing" is another matter.

Currently it copies over all the comments in the old MailScanner.conf file
to the new one, so you don't lose any extra info you have put in there.
However, I can't tell the difference between comments put in by me (as
documentation) and comments put in by you. So it copies over all the comments.

Anyone got any bright ideas on ways to improve this script so you get new
docs but don't lose you existing comments? I could put another character at
the start of the line, so my docs start with
         #-
instead of just
         #
but then people will start thinking that is the "start of comment" sequence
and put it on the front of their own comments too. Which ruins the point of
doing it :-(

Considering it only took half an hour to write in the first place, it's not
too bad at the moment :-)
But good ideas are always welcome.

>At 03:23 AM 9/19/2003, Julian Field wrote:
>>At 08:26 19/09/2003, you wrote:
>>>My antivirus scanners are cleaning it out - but the spam messages are still
>>>making it through, so I figure if I can add spamassassin rules to this
>>>setting, I can get spamass-milter to simply reject the message in the
>>>transaction (saving me a lot of headaches and a huge packet filter list).
>>>
>>>I added that keyword below, anyhow.  What action will this take/create.
>>
>> From the latest MailScanner.conf:
>>
>>#    All-Viruses   : inserting this will stop senders being warned about
>>#                    any virus, while still allowing you to warn senders
>>#                    about HTML-based attacks.
>>
>>>At 03:16 AM 9/19/2003, Julian Field wrote:
>>>>Please add "Swen Gibe" to your "Silent Viruses" list.
>>>>
>>>>Very recent versions of MailScanner have a special keyword that can be put
>>>>in the Silent Viruses list called "all-viruses" so you can just add that
>>>>and not bother keeping your list up to date any more.
>>>>
>>>>At 07:38 19/09/2003, you wrote:
>>>>>This new virus appears to generate many (random?) subjects, so it's
>>>>>getting
>>>>>difficult to narrow down.
>>>>>
>>>>>Has anyone filters for Spamassassin that will correctly identify this
>>>>>virus?  I'd like to score this one high so they are rejected (via
>>>>>spamass-milter)... it's been a huge problem all day.
>>>>>
>>>>>The fake messages have a preamble like this:
>>>>>
>>>>> >>>>>>>>>
>>>>>MS User
>>>>>
>>>>>this is the latest version of security update, the "September 2003,
>>>>>Cumulative Patch" update which eliminates all known security
>>>>>vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook
>>>>>Express as well as three newly discovered vulnerabilities. Install now to
>>>>>continue keeping your computer secure from these vulnerabilities. This
>>>>>update includes the functionality of all previously released patches.
>>>>><<<<<<<<<
>>>>>
>>>>>
>>>>>
>>>>>Thanks,
>>>>>Forrest
>>>>
>>>>--
>>>>Julian Field
>>>>www.MailScanner.info
>>>>MailScanner thanks transtec Computers for their support
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list