Blocking attachments, maybe subject line statement?

NTIN Page Guy pages at ntin.net
Fri Jan 23 19:29:23 GMT 2004 

Hello Chris,

I have see similar emails coming into my email server.  We are running
Communigate so I created a rule that blocked these subjects.

 Friday, January 23, 2004, you wrote:


CH> They are coming to my customers. The from address is different everytime. I
CH> have 3 diffent domain names and two of them are getting them. the only
CH> difference in wording is the domain. The email says this:

CH> Internet Billing Notice
CH> Please press "open" and read the attached Billing Notice.

CH> Note if you do not read this withing 24 hours we at morgan.net regret we
CH> will have to terminate internet service


CH> ----- Original Message -----
CH> From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
CH> To: <MAILSCANNER at JISCMAIL.AC.UK>
CH> Sent: Friday, January 23, 2004 11:06 AM
CH> Subject: Re: Blocking attachments, maybe subject line statement?


>> At 17:02 23/01/2004, you wrote:
>> >Apprently there is some new worm out that generates emails that appear to
>> >come from our billing department. I cant find anything on it anywhere,
CH> but
>> >the file that it has with it is a page.hta file. I want to block this
>> >email altogether, so what is the best way to go about doing that? I was
>> >going to black list them, but since it is apparently some kind of worm,
>> >its from all different sorts of people. What sort of action should I take
>> >with this?
>> >
>> >Chris
>>
>> If they have merely used your billing department's email address as the
>> "From" address in email they are sending, there is nothing you can do to
>> stop this propagating across the internet, as it never goes anywhere near
>> your servers.
>>
>> Using MailScanner's filename.rules.conf file you can block .hta files
>> coming into your site or leaving your site. It blocks them by default.
>> --
>> Julian Field
>> www.MailScanner.info
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>



Best regards,
Robert B, NTIN                           mailto:pages at ntin.net

More information about the MailScanner mailing list