Re: [Declude.Virus] Spam .com files being blocked.

[Matt]

I did the same as a work around, but I would prefer that the functionality be fixed/brought in line with how other bogus file blocking was being performed. Note to Chris, this is zombie spam and it comes from all over the place.  I would imagine that every Declude user is seeing this problem currently unless they have added SKIPIFEXT COM to their bannotify.eml file, which is only a work around and not a common config.  This was probably always happening with COM files, but it took a spammer to screw up and expose the flaw due to sheer volume.  I would expect for the problem to get worse with time as his spam campaign ramps up. Matt Scott Fisher wrote: I had to put SKIPIFEXT COM into my bannotify.eml file as a workaround. ----- Original Message ----- From: Matt To: Declude.Virus@declude.com Sent: Wednesday, March 16, 2005 10:09 AM Subject: Re: [Declude.Virus] Spam .com files being blocked. The problem has been growing on my end.  This morning I had over 200 of these bounce back to my postmaster account and my spool has 100 more of these waiting. Declude is detecting the "bogus" COM file extension, but still generating a bounce.  I believe this to be in error and in need of fixing.  My recollection is that when Declude detects a "bogus" file type, it treats it as a vulnerability and then it should not create a bounce according to banned extensions, yet these things are still bouncing.  Here's a sample of my logs: 03/16/2005 00:00:31 Qbd6eb1a701040a54 MIME file: [text/html][quoted-printable; Length=5395 Checksum=490002] 03/16/2005 00:00:31 Qbd6eb1a701040a54 MIME file: [EMAIL PROTECTED] [base64; Length=6414 Checksum=850887] 03/16/2005 00:00:31 Qbd6eb1a701040a54 Banning file with COM extension [image/gif]. 03/16/2005 00:00:31 Qbd6eb1a701040a54 Found a bogus .com file 03/16/2005 00:00:31 Qbd6eb1a701040a54 Scanned: Banned file extension. [Prescan OK][MIME: 3 12614] 03/16/2005 00:00:31 Qbd6eb1a701040a54 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 03/16/2005 00:00:31 Qbd6eb1a701040a54 Subject: denigrate cosmetic  scene  serge   midshipman Bogus files should be treated as vulnerabilities are (historically), and not as banned extensions.  I'm running 1.82. Declude, will you please respond to the problem. Matt Darin Cox wrote: Yep. I just added SKIPIFEXT COM to my bannotify.eml yesterday. Darin.     ----- Original Message ----- From: Scott Fisher To: Declude.Virus@declude.com Sent: Tuesday, March 15, 2005 3:31 PM Subject: [Declude.Virus] Spam .com files being blocked. I block .com files.   The last 3 days, I've been getting consistent blocking of spam messages referring to a gif file named .com: Content-Type: image/gif;         name="wdjgamexmail.com"   These are getting blocked, but the users are getting a little tired of the bannotify.eml messages that this triggers. So I'm reluctantly forced to add SKIPIFEXT COM to my bannotify.eml file.   Has anyone else been seeing this? -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================