The commercial e-mail malware filters watch for e-mail where the "from" address and the headers do not match.
They did not used to. The *SPAM* filters watched for the mis-match, but not the malware filters. The notorious RSA hack began with a spear-phishing e-mail with an attachment of an Excel spreadsheet containing a zero-day exploit. RSA's SPAM filter caught it! However, two enterprising employees dragged the e-mail out of their SPAM folder and opened it and the attached spreadsheet. Ever since then the malware filter publishers have been watching for this mismatch and treating it as potential malware rather than merely potential SPAM. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of CM Poncelet Sent: Tuesday, September 22, 2020 2:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Hence, check your trash/deleted folder and then create message filters for any legitimate emails it contains, then run your message filters against your trash/deleted folder to move the legitimate emails out of there and into your "Inbox" folder or whatever other appropriate folders - and these legitimate emails will then no longer be trapped as spam/scam emails. What these 'not spam/scam' message filters should contain and check for is up to you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN