It appears to be a virus, in which case Declude Virus would be the best method of blocking it. If you don't want to run that, then I also believe that this message uses extensions like PIF and SCR, in which case a body filter for .pif" and .scr" would probably pick it up (use the quotes accordingly).
If you are running Declude JunkMail Pro (needed for the above as well), then my FORIEGN/TLD filter set would have added 3 points to the message (depends on how you score it though). You can get that filter set at http://www.mailpure.com/software/decludefilters/
There might well be other filters that would also add points to the body content. I wouldn't know though because Declude Virus is blocking all of this stuff.
Matt
Jeff Pereira wrote:
What would be the best way (i know best is subjective) to block a message like the one below ?
Would adding microsoft.com to my SPAMDOMAINS file work ??
Thank you.
Jeff
Received: from av3.stonline.sk [213.81.152.34] by updatenyc.com with ESMTP
(SMTPD32-8.04) id A1CA33F0062; Tue, 18 Nov 2003 03:01:14 -0500
Received: from smtp.stonline.sk ([192.168.4.53])
by av3.stonline.sk (8.12.10/8.11.6) with ESMTP id hAI7wHJi029648
for <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>; Tue, 18 Nov 2003 08:58:17 +0100
Received: from rwos (telecom-213-161-129.telecom.sk [213.81.161.129])
by smtp1.stonline.sk (STOnline ESMTP Server)
with SMTP id <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> for [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>;
Tue, 18 Nov 2003 08:58:17 +0100 (MET)
Date: Tue, 18 Nov 2003 08:57:50 +0100 (MET)
Date-warning: Date header was inserted by smtp1.stonline.sk
From: Microsoft Corporation Network Security Center
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
Subject: Network Security Update
To: Commercial User <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
Message-id: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_P1VN7aaL239Vja+tPXlFZw)"
X-RAVMilter-Version: 8.4.3(snapshot 20030212) (av3.stonline.sk)
X-Declude-Sender: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [213.81.152.34]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com <http://www.declude.com>) for spam.
X-Spam-Tests-Failed: IPNOTINMX [0]
X-Note: Total spam weight of this E-mail is 0.
X-Country-Chain:
X-Note: This E-mail was sent from av3.stonline.sk ([213.81.152.34]).
X-RCPT-TO: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
Status: U
X-UIDL: 349464161
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
