Hello Jim, I've started working on some of these also. SNF usually does look inside file attachments so it's possible we can get to some of the raw content -- in fact, most of it is already coded - but being inside all of the binary cruft in a word document is keeping it out of the scanning window. We are catching some of them, and others not so much. We will keep working on it though.
_M Tuesday, August 22, 2006, 5:46:03 PM, you wrote: > Pete, > Is there any way to deal with the other new attachment based spasm we have > been seeing recently? I see a lot coming in that only say here is your > invoice and have an invoice.doc (or similar attachment). Inside the word > file is the spam itself. I've seen a bunch of these in the last week or so, > I initially thought they were viruses, but none of my virus scanners picked > them up as such and their contents were just a bunch of spam. > Jim Matuska Jr. > Computer Tech2, CCNA > Nez Perce Tribe > Information Systems > [EMAIL PROTECTED] > > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Tuesday, August 22, 2006 2:34 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Am I submitting to [EMAIL PROTECTED] properly > Hello David, > I think this format should come through fine. Phishing is a constant > challenge because it is so variable and so close to a legitimate > message (on purpose). > I will code some rules for the message you submitted and I'm sure > Jason (Lead Rule Tech) will see this note and help us watch for these > more closely. > Thanks! > _M > Tuesday, August 22, 2006, 5:10:58 PM, you wrote: >> >> >> >> I just want to know if I am submitting spam emails to >> [EMAIL PROTECTED] properly being in Australia we see a lot of >> spam targeting ANZ, National and Commonwealth bank and they seem to >> be evading the Sniffer program so when I send a spam to >> [EMAIL PROTECTED] (I am using Outlook 2003) I copy and paste the >> header and forward the email to [EMAIL PROTECTED] is this working >> properly. Please see example below. >> >> >> >> Regards David Moore >> >> >> >> >> >> Received: from dialup-82-207-6-125.lv.ukrtel.net [82.207.6.125] by > romtech.com.au >> >> (SMTPD-8.22) id A82E053C; Tue, 22 Aug 2006 23:35:42 +1000 >> >> Message-ID: <[EMAIL PROTECTED]> >> >> From: "Commonweal Bank of Australia" <[EMAIL PROTECTED]> >> >> To: <[EMAIL PROTECTED]> >> >> Subject: Commonweal Bank of Australia new security features. >> >> Date: Tue, 22 Aug 2006 10:45:09 +0400 >> >> MIME-Version: 1.0 >> >> Content-Type: multipart/alternative; >> >> boundary="----=_NextPart_000_001D_01C6C5D8.0A0008A0" >> >> X-Priority: 3 >> >> X-MSMail-Priority: Normal >> >> X-Mailer: Microsoft Outlook Express 6.00.2900.2527 >> >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 >> >> X-mxGuard-Info: Processed by romtech.com.au using mxGuard v2.4 >> >> X-mxGuard-SpoolID: 082d00a10000ecb1 >> >> X-mxGuard-Sender: [EMAIL PROTECTED] >> >> X-mxGuard-Virus-Info: No viruses detected >> >> X-mxGuard-Spam-Score: 0 >> >> X-mxGuard-Spam-Probability: CLEAN >> >> X-Note: This message has been scanned for spam and viruses by >> mxGuard for IMail (www.mxguard.com) >> >> X-RCPT-TO: <[EMAIL PROTECTED]> >> >> Status: U >> >> X-UIDL: 454949852 >> >> X-IMail-ThreadID: 082d00a10000ecb1 >> >> >> >> >> >> >> From: Commonweal Bank of Australia [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, 22 August 2006 4:45 PM >> To: [EMAIL PROTECTED] >> Subject: Commonweal Bank of Australia new security features. >> >> >> >> It has come to our attention that your account needs to be >> confirmed due to the recent changes we have made to our NetBank online > system. >> We contacted you for the following reason: Confirm your >> Information in order to activate new NetBank security features for >> your account. Be sure to log in securely by following the link >> below. It's important that you confirm your NetBank account >> information otherwise you will not be able to access our online >> services. We encourage you to login in to your Commonwealth Bank >> account as soon as possible to help avoid this. >> >> Click here >> >> We appreciate your understanding as we work to ensure account safety. >> >> Sincerely, >> Commonweal Bank of Australia management stuff. >> >> Email ID: GFR97DF >> >> >> >> >> >> >> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
