On Tuesday 03 May 2005 15:02, Maurice Lucas typed:
> Hello,
>
> Send a complete sample to spam \-at/ timj.co.uk for addition to
> http://www.timj.co.uk/linux/bogus-virus-warnings.cf
In some ways though, it isn't a spam, and potentially just tagging a viral
mail and feeding it onwards could be a v
Hello,
Send a complete sample to spam \-at/ timj.co.uk for addition to
http://www.timj.co.uk/linux/bogus-virus-warnings.cf
With kind regards,
Met vriendelijke groet,
Maurice Lucas
TAOS-IT
- Original Message -
From: "Ronald I. Nutter" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 03, 2005 3
That email is itself a virus, named variously Sober.N, Sober.O or Sober.P . It
inserts the second-to-last part of the domain name in the faked anti-virus line.
Among about 400 copies of the viruses we received last night, we got 5 or 6
with a truncated 89-byte attachment that passed the virus s
To answer your original question, though: your rules would work, but could
easily cause false positives. I would suggest looking instead for the faked
domain-specific portion:
body BOGUS_SERVER_AV /\"GEORGETOWNCOLLEGE\" Anti-Virus/
describe BOGUS_SERVER_AV Blocks Bogus AV Clean message
sco
On Tuesday 03 May 2005 14:12, Ronald I. Nutter typed:
> We are getting flooded this morning with email that contains the
> following item(s) in the body of the message -
>
> *** Server-AntiVirus: No Virus (Clean)
> *** "GEORGETOWNCOLLEGE" Anti-Virus
> *** http://www.georgetowncollege.edu
>
> OR
>
>
