Just block name="*.scr" and name="*.exe"
you should probably be blocking these anyways. Anyone who needs to send an exe can easily just zip it. Here is my procmail rule: :0B * Content-Type: application|Content-Type: audio * name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com" /tmp/viruses Cheers, Jon. On Friday 19 September 2003 09:54 am, Forrest Aldrich wrote: > This new virus appears to generate many (random?) subjects, so it's getting > difficult to narrow down. > > Has anyone filters for Spamassassin that will correctly identify this > virus? I'd like to score this one high so they are rejected (via > spamass-milter)... it's been a huge problem all day. > > The fake messages have a preamble like this: > > > MS User > > this is the latest version of security update, the "September 2003, > Cumulative Patch" update which eliminates all known security > vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook > Express as well as three newly discovered vulnerabilities. Install now to > continue keeping your computer secure from these vulnerabilities. This > update includes the functionality of all previously released patches. > <<<<<<<<< > > > > Thanks, > Forrest > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
