just when you thought nimda was dead ! A couple of interesting things in this spam, including the use of some <span class=SpellE>First</span><span Class=SpellE>last</span>
<http://pastebin.com/m3c5544f7> (lots of them) almost like the '[]' block art ED adds of last week. also, the email ends in: </html> <html> <scripts.....> (shouldn't a multi line rawbody check, or a plugin html check score something that has a <html> AFTER the closing </html>? and then there is the nimda looking stuff, where it tries to pop open a readme.eml . so, what is it trying to do, bank of america phishing? phishing along with nimda? -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/