On Friday, Sep 19th 2003 at 10:54 -0400, quoth Forrest Aldrich: =>This new virus appears to generate many (random?) subjects, so it's getting =>difficult to narrow down. => =>Has anyone filters for Spamassassin that will correctly identify this =>virus? I'd like to score this one high so they are rejected (via =>spamass-milter)... it's been a huge problem all day. => =>The fake messages have a preamble like this: => => >>>>>>>>> =>MS User => =>this is the latest version of security update, the "September 2003, =>Cumulative Patch" update which eliminates all known security =>vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook =>Express as well as three newly discovered vulnerabilities. Install now to =>continue keeping your computer secure from these vulnerabilities. This =>update includes the functionality of all previously released patches. =><<<<<<<<<
Yeah, I'd like to nail this one too. I already score MICROSOFT_EXECUTABLE 5.0 but that does me no good for this one. If I look at the MIME structure of the doc I see this: 1.1.1 ~40 lines Text/PLAIN 1.1.2 ~158 lines Text/HTML 1.2 3.7 KB Image/GIF 1.3 370 bytes Image/GIF 2 0% B Application/X-MSDOWNLOAD If I try to save section 2 I get a file with a .exe extension which has a zero length. So I guess the question is this: How do I get SA to recognize messages which have a zero length .exe attachment? -- -Time flies like the wind. Fruit flies like a banana. Stranger things have - -happened but none stranger than this. Does your driver's license say Organ -Donor?Black holes are where God divided by zero. Listen to me! We are all- -individuals! What if this weren't a hypothetical question? steveo at syslang.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk