I've found Declude Junkmail to be almost an addiction. Is there a 12 step program available?
Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 05/11/04 04:42PM >>> Take note that there was a virus payload at the link as Greg pointed out, but it appears that Terra-Lycos has killed the domain in question. It is too bad that the power that be aren't buying JunkMail. I find it to be a very effective last line of protection for viruses, as virtually everything that slips through before definitions are updates, ends up getting caught by a good JunkMail config. It can be very time consuming though, especially if you enjoy it too much :) Matt Douglas Cohn wrote: > Thanks > > I was thinking about adding the rule as well but also assumed that any > legit mail to yahoo would be blocked and stopped myself. > > Too bad the powers that be here are not buying JUNK Mail. > > DC > > ------------------------------------------------------------------------ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Tuesday, May 11, 2004 4:57 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] RE Mass mailing maybe new virus > > This is likely just spam. The technique with the URL is someone > exploiting Yahoo's redirection scheme to land you on another site. > They do this to hide from URL parsers that don't recognize the exploit. > > It is possible that the site tries to install an exploit such as Java > Byte Verify, which can be used to place just about anything on your > computer, but typically just drops browser helper objects > (adware/spyware) onto your system. Norton stops this stuff cold, and > it's been around for a while. Note that I didn't bother with the > payload link. > > Anyway, it just looks like it's forging spam to me. > > Your block of that address also isn't very wise because it is a > legitimate link that could stop valid E-mail from Yahoo and their > partners from getting through. If you are running JunkMail Pro, there > is a filter for this technique listed on my site (link in the sig) > called !YDIRECTED. > > Matt > >-- >===================================================== >MailPure custom filters for Declude JunkMail Pro. >http://www.mailpure.com/software/ >===================================================== > > > > > > Email Admin wrote: > >> Hello >> Our Mail server recevied a mass mailing earlier today. >> The email is address to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> and is coming from >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> >> Copy of headers: >> Received: from mail.citravel.com [10.215.43.52] by citravel.com >> (SMTPD32-8.11) id A06E595011C; Tue, 11 May 2004 11:25:34 -0400 >> From: mail.citravel.com<[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> >> To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> Subject: RE: >> X-Mailer: Microsoft Outlook >> Mime-Version: 1.0 >> Content-Type: text/html; charset=us-ascii >> Message-Id: <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> >> X-Declude-Sender: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> [10.215.43.52] >> X-Declude-Spoolname: Df06e0595011c829f.SMD >> X-Note: This message was scanned for Spam >> X-RBL-Warning: Total weight value: 0 >> X-Spam-Tests-Failed: Whitelisted [0] >> X-Note: Recipient Host: citravel.com >> X-Note: Sender Address: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> X-Note: Sender Host Name: (Private IP) >> X-Note: Sender IP Address: 10.215.43.52 >> X-Note: Sender Country ID: >> X-Note: This E-mail was sent from (Private IP) ([10.215.43.52]) >> Precedence: bulk >> Sender: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> Date: Tue, 11 May 2004 11:32:11 >> X-RCPT-TO: citravel.com >> Status: U >> X-UIDL: 384277933 >> >> This person's email client does not show they sent this message but >> the IP >> of the sending host is the senders system. >> I have scanned this system and it is showing virus free. Using >> SOPHOS latetest defs as of 2pm est 5/11/2004 >> I am also sniffing the network now looking for other SMTP Traffic. >> >> User who receive the email which has a link of h t t p:// d r s . y a >> h o o . com / citravel.com/news >> Get sent to a pornography site. After they close this site there system >> keeps having pop ups appearing regularly. >> this link redirects to h t t p:// d r s . y a h o o . com / >> citravel.com/news*http://www.security-warning.biz/personal6/maljo24/www.yahoo.com/#http://drs.yahoo.com/citravel.com/news >> >> >> >> >> I am not so much worried about the email but as to how it was sent. >> This is where I think it might be a virus. >> >> Currently I have a filter stopping emails with d r s . y a h o o . c o m >> (space added) >> I am seeing several hundred an hour being stopped. >> >> Any help ideas thouhgt? >> Or should I just go golfing and forget about it??? :) >> >> ~Paul~ > > -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.