> it, but I was wondering what test could check for
> UEsFBg== in a mime part
Ah. Tricky. That has the disadvantage of being a non-text mime part, so SA
tends to throw them in the trash. Nothing will find it on 2.6x, other than
perhaps a modification of the MICROSOFT_EXE
From: "Ben Wylie" <[EMAIL PROTECTED]>
> > Get Tim Jackson's bogus virus bounce ruleset.
>
> I've just added that ruleset but it didn't help as far as I can see.
> I have two custom rules which hit the text in the email, and spf also
caught
> it, but I was wondering what test could check for
> UEsF
> Get Tim Jackson's bogus virus bounce ruleset.
I've just added that ruleset but it didn't help as far as I can see.
I have two custom rules which hit the text in the email, and spf also caught
it, but I was wondering what test could check for
UEsFBg== in a mime part
Here
Get Tim Jackson's bogus virus bounce ruleset.
Loren
I get quite a lot of empty zip files, I presume from viruses having failed
to place themselves in them.
They always look like:
UEsFBg==
in base64.
Do others get these emails?
Could someone advice me as to what kind of rule I could write to block
these?
I presume a body
I quite regularly get emails getting past my spam filter which seem to
contain empty zip files. I presume they were sent by viruses which failed to
incude themselves in the zip files they sent out.
These emails have the following code in base 64 which when opened as a zip
is just empty
