MCP not working
Scott Silva
ssilva at sgvwater.com
Thu Aug 9 16:47:04 IST 2007
Daniel Eiland spake the following on 8/9/2007 5:07 AM:
> On Thu, 09 Aug 2007 14:05:04 +0200, Kai Schaetzl <maillists at conactive.com> wrote:
>> Daniel Eiland wrote on Thu, 9 Aug 2007 12:30:02 +0200:
>>
>>> describe MCP_W32_ZHELATIN_GEN
>> 1. your rules all have the same name, only the first (I think) will get
>> used. You could condense them, anyway, to something like /received a.*card
>> from a/".
>
> Good idea! Thanx.
>
>> 2. why would you use MCP for this? You are trying to catch a bit more spam
>> than you normally could with the rules you currently have. So, what you do
>> is add extra rules to the ones coming with the distribution. Either from
>> sites like www.rulesemporium.com or by dropping your own rules in
>> /etc/mail/spammassassin. Not MCP!
>
> Well, the thing is that these emails are in fact virusses.
> http://vil.nai.com/vil/Content/v_142621.htm
> But since there's no attachment, it is not scanned by clamav or bitdefender.
> They are also not picked up by spamassassin rules. I also use rules_du_jour for fetching all kind of rules.
> Getting this particular email in an outlook client makes (some version of) outlook crash.
> Clicking the link in this email leads you to a website that will try to use known exploits on your browser.
>
Have you tried the sanesecurity addons for clam?
http://www.sanesecurity.co.uk/clamav/
I think this will catch these AND mark them as viruses.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list