worm emails marked as possible spam

Glenn Steen glenn.steen at GMAIL.COM
Thu Dec 1 18:19:01 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 01/12/05, IT Dept <itdept at fractalweb.com> wrote:
> Glenn Steen wrote:
> >Just out of curiosity, what does "clamscan --version" give?
> >
> >Does the mails have the usual zip/exe things attached? If so, you
> >could always block the filenames/types...
> >If not, why then they are already "sanitized" perhaps?
> >
> >
> Hi Glenn,
> # clamscan --version
> ClamAV 0.87.1/1199/Thu Dec  1 01:39:16 2005

Looks good. And if you run it on one of the messages (assuming they
get quarantined somewhere), this fails to see a problem?
> "zip/exe things"???
Sloppy way of expressing myself ".zip files (archives) containing
executable files (.exe)" would perhaps be more intelligible:-).
If not, then you're probably just seeing some form of "backwash", like
the previous Sober outbreak generating a lot of ... German spam.... In
that case, Scotts suggestion is probably the best way to go: Identify
some common features and create SA rules for 'em.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list