worm emails marked as possible spam

Scott Silva ssilva at SGVWATER.COM
Thu Dec 1 17:29:25 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

IT Dept spake the following on 12/1/2005 9:15 AM:
> Hi Everyone,
> 
> I'm getting tons of complaints from my users that are complaining about
> the amount of "spam" they're getting over the past week or so. These are
> messages with subjects such as "hi, ive a new mail address" and so
> forth. Obviously, it's not really spam, but the result of one of the
> Sober worm variants. But the problem is that although SOME of the
> messages get tagged as high spam, and therefore the users aren't
> notified...many of the messages don't score high enough for that, so get
> tagged as possible spam and the user's inbox gets bigger...some users
> are apparently getting hundreds of these a day.
> 
> How do I block these damned things, or at least not have the system
> notify my users about them?
> 
> Thanks,
> Chris
> 
You could look for something in common in them and write a filter.
See if they hit an existing optional ruleset.
Maybe put some examples up on a website and post a link. Some of us
could test them and see if we have rules that hit them. If you are
getting them, then many of the other people on this list are also seeing
this traffic. The only thing I have seen get through were some corrupted
sober.u mails. Since they were corrupted, they were harmless and didn't
trip a virus scanner.
 Unfortunately, they happened to go to a Vice President who was not too
amused.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list