On Fri, Dec 16, 2005 at 10:09:45AM -0700, [EMAIL PROTECTED] wrote: > I don't normally create my own sig's but this morning we are getting a > lot of these. ClamAV is not detecting anything. Below is a sig , below > is one of the messages. My concern before I put this into production is > that my sig attempt may be to broad and catch things that shouldn't. > > v3=c3bf0000002c00000000c2b801c2a4010002 > > Return-Path: <[EMAIL PROTECTED]> > Received: (qmail 17325 invoked from network); 16 Dec 2005 10:21:53 -0000 > Received: from pre-smtp08-01.prod.mesa1.secureserver.net > ([64.202.166.49]) > (envelope-sender <[EMAIL PROTECTED]>) > by smtp01-01.prod.mesa1.secureserver.net (qmail-ldap-1.03) > with SMTP > for <[EMAIL PROTECTED]>; 16 Dec 2005 10:21:53 -0000 > Received: (qmail 10422 invoked from network); 16 Dec 2005 10:21:53 -0000 > Received: from unknown (HELO 158.75.10.178) ([158.75.10.178]) > (envelope-sender <[EMAIL PROTECTED]>) > by pre-smtp08-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) > with SMTP > for <[EMAIL PROTECTED]>; 16 Dec 2005 10:21:52 -0000 > Received: from Pritchard by 158.75.10.178 with local (Exim 4.45 > (FreeBSD)) > id 1eNmUX-0004X2-N1 > for [EMAIL PROTECTED]; Fri, 16 Dec 2005 11:23:26 +0100 > To: [EMAIL PROTECTED] > Subject: breaking news > From: [EMAIL PROTECTED] > MIME-Version: 1.0 > Content-Type: multipart/related; > boundary="=_dcfdf02d80c664b8a6516c10eef4cc6e" > Message-Id: <[EMAIL PROTECTED]> > Sender: xxxxx <[EMAIL PROTECTED]> > Date: Fri, 16 Dec 2005 11:23:22 +0100
<snipped> Are you using Spamassassin as well? I have a few custom rules for Spamassassin that has been catching 100% of these things. Contact me off list (as this is OT) and I can forward you the rules... -- Matthew Daubenspeck http://www.oddprocess.org Gentoo Linux 2.6.14-gentoo-r2 x86_64 AMD Athlon(tm) 64 Processor 2800+ 18:19:12 up 11 days, 5:32, 2 users, load average: 0.18, 0.14, 0.09 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
