Inundated with this Attachment Email Spam
Steve Freegard
steve.freegard at fsl.com
Fri Jun 18 18:31:27 IST 2010
Seems excessive when you can get these easily using SA rules... note
*UNTESTED RULES* you'll need to try them and then increase the scores of
FSL_RTF_SPAM.
header FSL_CTYPE_APP Content-Type =~ /application\//
describe FSL_CTYPE_APP Message has a top-level MIME type of application/*
score FSL_CTYPE_APP 0.01
header __FSL_CTYPE_RTF Content-Type =~ /\.rtf"/
meta FSL_RTF_SPAM (FSL_CTYPE_APP && __FSL_CTYPE_RTF)
describe FSL_RTF_SPAM Likely RTF spam with application/octet-stream MIME
type
score FSL_RTF_SPAM 0.01
Regards,
Steve.
On 18/06/10 17:30, Phil Udel wrote:
> If I install and run the Sophos Virus will that stop the .html virus
> spam as JS/Redir-BO
> <http://www.sophos.com/security/analyses/viruses-and-spyware/trojjsredirbo.html>
> ?
> http://www.sophos.com/blogs/gc/g/2010/06/18/adultfriendfinder-messages-spam-campaign-hits-hard/
>
> ------------------------------------------------------------------------
> *From:* mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *Phil Udel
> *Sent:* Friday, June 18, 2010 8:35 AM
> *To:* mailscanner at lists.mailscanner.info
> *Subject:* Inundated with this Attachment Email Spam
>
> Hi. I am running MS 4.65.3 and lately I have been inundated with this
> Attachment Email that has the “Sell Virus Product” worm or worse.
>
> Example:
>
> http://www.sophos.com/blogs/gc/g/2010/06/17/romance-skype-deliveries-plundered-spammers/
>
> http://msmvps.com/blogs/donna/archive/2009/06/02/malware-spam-outlook-setup-notification-micr-outlook-update-6556-zip-inside-outlook-setup-notification-zip.aspx
>
> I have received over 9k of these puppies in the last 48 hours, and I
> block about 99.995% of them, But 2 or 3 are getting thru each day.
>
> What can I do to get these few that get by?
>
More information about the MailScanner
mailing list