Re: New spam/phising
Haven't see those like that. But that subject line is a standard header for the recent run of Sober viruses. So I assume that is probably a virus. Loren
RE: New spam/phising
Huh, I guess some AV is stripping the attachment or they are using a site to distribute. Thanks Jason -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 10:31 AM To: users@spamassassin.apache.org Subject: Re: New spam/phising Haven't see those like that. But that subject line is a standard header for the recent run of Sober viruses. So I assume that is probably a virus. Loren
Re: New spam/phising
Alternative explanaation: bugs in the particular variant of sober caused it to generate a message without the attachment. Broken and missing attachments are both fairly common bugs in mailworms. Sidenote: if you're using SA 2.63 you are vulnerable to a remotely exploitable DoS attack. Upgrade to 2.64 (pretty painless, but you'll have to re-install spamcopURI afterwards if you use it) or 3.1.0 (may require more work, and harder on the CPU, but very much worth it if you can). Jason Staudenmayer wrote: > Huh, I guess some AV is stripping the attachment or they are using a > site to distribute. >
RE: New spam/phising
I was going to update a while ago but I think qmail-scanner would have broken or something, I'll have to look into it again. Thanks again Jason -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 11:53 AM To: Jason Staudenmayer Cc: users@spamassassin.apache.org Subject: Re: New spam/phising Alternative explanaation: bugs in the particular variant of sober caused it to generate a message without the attachment. Broken and missing attachments are both fairly common bugs in mailworms. Sidenote: if you're using SA 2.63 you are vulnerable to a remotely exploitable DoS attack. Upgrade to 2.64 (pretty painless, but you'll have to re-install spamcopURI afterwards if you use it) or 3.1.0 (may require more work, and harder on the CPU, but very much worth it if you can). Jason Staudenmayer wrote: > Huh, I guess some AV is stripping the attachment or they are using a > site to distribute. >
