<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1">The virusses are attached in a .zip file, and they
contain an ActionScript file.<br>
<br>
Some logs:<br>
<br>
Wed Mar 9 15:24:39 2016 ->
/var/spool/MailScanner/incoming/7002/A91471D202E.A81BC/nPayment_2016_March_451756.zip:
OK<br>
Wed Mar 9 15:29:28 2016 ->
/var/spool/MailScanner/incoming/6913/E59FE1D17EB.AD539/nPayment_2016_March_767582.zip:
Sanesecurity.Rogue.0hr.20160309-1152.UNOFFICIAL(749d3ff3f7daba2815c1d185a0e6f045:4463)
FOUND<br>
Wed Mar 9 15:29:52 2016 ->
/var/spool/MailScanner/incoming/7002/0BFF01D17F6.AC86D/nPayment_2016_March_484985.zip:
Sanesecurity.Rogue.0hr.20160309-1353.UNOFFICIAL(93469d8f6d8603b0fd26db4810dc7571:4283)
FOUND<br>
Wed Mar 9 15:31:12 2016 ->
/var/spool/MailScanner/incoming/7097/9CE631D17CC.AC518/nPayment_2016_March_728879.zip:
OK<br>
Wed Mar 9 15:31:25 2016 ->
/var/spool/MailScanner/incoming/6551/D8E3A1D17CC.A866B/nPayment_2016_March_733140.zip:
OK<br>
Wed Mar 9 15:31:46 2016 ->
/var/spool/MailScanner/incoming/7097/337C91D17EB.A306C/nPayment_2016_March_129853.zip:
OK<br>
Wed Mar 9 15:32:44 2016 ->
/var/spool/MailScanner/incoming/7002/335213C37D3.A8279/nPayment_2016_March_360255.zip:
OK<br>
<br>
As you can see some of them do get detected and the others do not.<br>
<br>
<br>
</font>
<div class="moz-signature">
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><b><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"; mso-no-proof:
yes"><a href="https://www.linkedin.com/profile/view?id=182619557"><span style="TEXT-DECORATION: none; COLOR: windowtext;
text-underline: none">Mikey van der Worp</span></a><!--?xml:namespace prefix = "o" ns = "urn:schemas-microsoft-com:office:office" /--><o:p></o:p></span></b></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 9pt; FONT-FAMILY:
"Helvetica","sans-serif"; mso-no-proof:
yes; mso-bidi-font-size: 10.0pt; mso-bidi-font-style: italic">System
Engineer<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"">Utelisys
Communications B.V.<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-ansi-language: EN-US" lang="EN-US">Trinity Buildings<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-ansi-language: EN-US" lang="EN-US">Tower A, 7th floor<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"">Pietersbergweg
15<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"">1105 BM
Amsterdam<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"">M<span style="mso-tab-count: 1"> </span>+31 (0) 62 942
2052<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"">T<span style="mso-tab-count: 1"> </span>+31 (0) 20 561
8010<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"">F<span style="mso-tab-count: 1"> </span>+31 (0) 20 561
8021<o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><b style="mso-bidi-font-weight: normal"><span style="FONT-SIZE:
10pt; FONT-FAMILY:
"Helvetica","sans-serif"; mso-no-proof:
yes"><a href="https://www.linkedin.com/company/utelisys-communications-b.v./"><span style="COLOR: windowtext">LinkedIn</span></a></span></b><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"; mso-no-proof:
yes"> - <b style="mso-bidi-font-weight: normal"><a href="https://www.facebook.com/utelisyscommunications"><span style="COLOR: windowtext">Facebook</span></a></b><o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><b style="mso-bidi-font-weight: normal"><span style="FONT-SIZE:
10pt; FONT-FAMILY:
"Helvetica","sans-serif""><a href="http://www.utelisys.com/"><span style="COLOR:
windowtext"><a class="moz-txt-link-abbreviated" href="http://www.utelisys.com">www.utelisys.com</a></span></a></span></b><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif""> – <b style="mso-bidi-font-weight: normal"><a href="https://www.utelisys.com/"><span style="COLOR:
windowtext"><a class="moz-txt-link-freetext" href="https://www.utelisys.com/">https://www.utelisys.com/</a></span></a></b><o:p></o:p></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><br>
</p>
</div>
<div class="moz-cite-prefix">On 03/09/2016 03:33 PM, Jerry Benton
wrote:<br>
</div>
<blockquote cite="mid:ED476573-0325-4C3C-91F8-1DD11E0F61FD@mailborder.com" type="cite">
Define “virus” as the most popular complaint of viruses making it
through are HTML attachments that download ransomware via an
iframe, which technically are not viruses. (the HTML attachments)<br class="">
<div class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<br class="Apple-interchange-newline">
-</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
Jerry Benton</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<a moz-do-not-send="true" href="http://www.mailborder.com" class="">www.mailborder.com</a></div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<br class="">
</div>
<br class="Apple-interchange-newline">
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Mar 9, 2016, at 9:29 AM, Mikey van der Worp
<<a moz-do-not-send="true" href="mailto:mvdworp@utelisys.com" class="">mvdworp@utelisys.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><font class="" size="-1">Gentlemen,<br class="">
<br class="">
One of our customers opened a virus and now 2000+ emails
are targeting us, mostly of them are either spam
messages or virusses. Does anybody have a solution for
this? Some of the virusses are coming through and some
of them don't.<br class="">
<br class="">
Our current setup is:<br class="">
* clamav -> with unofficial rules (does not consume
any cpu actually)<br class="">
* spamassassin (with spamhaus etc)<br class="">
* savscan (consuming a lot of our cpu and does not even
detect 30%)<br class="">
* mailscanner (high scoring spam = 4.0+, low scoring =
3.0)<br class="">
<br class="">
I am willing to pay for an virus scanner, but if
somebody can help me make the better choose of what to
use with this, the virusses are the very annoying
"invoice" emails. Does anybody suggests McAfee or
Norton? Or another one?<br class="">
<br class="">
Most viruses are actionscripts, doc and executables. We
wish not to block the extension as this will block a lot
of e-mails outgoing from our customers.<br class="">
<br class="">
Best regards,<br class="">
Mikey van der Worp<br class="">
</font><br class="">
-- <br class="">
<div class="moz-signature">
<div style="margin: 0cm 0cm 0pt;" class=""><b class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-no-proof: yes" class=""><a moz-do-not-send="true" href="https://www.linkedin.com/profile/view?id=182619557" class=""><span style="TEXT-DECORATION: none;
COLOR: windowtext; text-underline: none" class="">Mikey van der Worp</span></a><!--?xml:namespace prefix = "o" ns = "urn:schemas-microsoft-com:office:office" /--><o:p class=""></o:p></span></b></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 9pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-no-proof: yes; mso-bidi-font-size: 10.0pt;
mso-bidi-font-style: italic" class="">System
Engineer<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class="">Utelisys Communications B.V.<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-ansi-language: EN-US" class="" lang="EN-US">Trinity
Buildings<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-ansi-language: EN-US" class="" lang="EN-US">Tower
A, 7th floor<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class="">Pietersbergweg 15<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class="">1105 BM Amsterdam<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class="">M<span style="mso-tab-count: 1" class="">
</span>+31 (0) 62 942 2052<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class="">T<span style="mso-tab-count: 1" class="">
</span>+31 (0) 20 561 8010<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class="">F<span style="mso-tab-count: 1" class="">
</span>+31 (0) 20 561 8021<o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><b style="mso-bidi-font-weight: normal" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-no-proof: yes" class=""><a moz-do-not-send="true" href="https://www.linkedin.com/company/utelisys-communications-b.v./" class=""><span style="COLOR: windowtext" class="">LinkedIn</span></a></span></b><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif";
mso-no-proof: yes" class=""> - <b style="mso-bidi-font-weight: normal" class=""><a moz-do-not-send="true" href="https://www.facebook.com/utelisyscommunications" class=""><span style="COLOR: windowtext" class="">Facebook</span></a></b><o:p class=""></o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0cm 0cm 0pt;" class=""><b style="mso-bidi-font-weight: normal" class=""><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class=""><a moz-do-not-send="true" href="http://www.utelisys.com/" class=""><span style="COLOR: windowtext" class=""></span></a><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.utelisys.com/"><a class="moz-txt-link-abbreviated" href="http://www.utelisys.com">www.utelisys.com</a></a></span></b><span style="FONT-SIZE: 10pt; FONT-FAMILY:
"Helvetica","sans-serif"" class=""> – <b style="mso-bidi-font-weight: normal" class=""><a moz-do-not-send="true" href="https://www.utelisys.com/" class=""><span style="COLOR: windowtext" class=""></span></a><a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.utelisys.com/"><a class="moz-txt-link-freetext" href="https://www.utelisys.com/">https://www.utelisys.com/</a></a></b></span><o:p class=""></o:p></div>
<div style="margin: 0cm 0cm 0pt;" class=""><br class="">
</div>
</div>
</div>
<br class="">
<br class="">
-- <br class="">
MailScanner mailing list<br class="">
<a moz-do-not-send="true" href="mailto:mailscanner@lists.mailscanner.info" class="">mailscanner@lists.mailscanner.info</a><br class="">
<a class="moz-txt-link-freetext" href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><br class="">
<br class="">
</div>
</blockquote>
</div>
<br class="">
</blockquote>
<br>
</body>
</html>