Skip to site navigation (Press enter)
Re: [SAtalk] More
thoughts</span></a></span> </h1> <p class="darkgray font13"> <span class="sender pipe"><a href="/search?l=spamassassin-talk@lists.sourceforge.net&q=from:%22Matt+Sergeant%22" rel="nofollow"><span itemprop="author" itemscope itemtype="http://schema.org/Person"><span itemprop="name">Matt Sergeant</span></span></a></span> <span class="date"><a href="/search?l=spamassassin-talk@lists.sourceforge.net&q=date:20020327" rel="nofollow">Wed, 27 Mar 2002 04:27:18 -0800</a></span> </p> </div> <div itemprop="articleBody" class="msgBody"> <!--X-Body-of-Message--> <pre> Michael Moncur wrote: > I just received an <iframe> message and noticed something - the new > RELAYING_FRAME rule catches it, but it's still not enough to mark this message > as spam: > > <HTML><HEAD></HEAD><BODY> > iframe src=<A HREF="cid:A6ed42Wd7M65W7171">cid:A6ed42Wd7M65W7171</A> height=0 width=0> > /iframe> > <FONT></FONT></BODY></HTML> > > (initial <'s removed just in case someone's email client tries to execute this) > > I don't know if this message is spam or a virus since I can't read the content, > but I was wondering if there's a way to detect these more specifically and > score them really high: something like an eval test for messages that contain > an <iframe> tag and not much else?</pre><pre> Anything using src=cid: should be treated very suspiciously as a virus. That's what you've been sent (Either Klez or BadTrans - not sure without seeing the subject of the email). I'd prefer if people used a proper anti-virus solution, as there's a lot more stuff we couldn't detect, and we've had that discussion before. However I'm all for upping the IFRAME/FRAME score - I've not seen anything using IFRAME that's not either spam, or mass marketing crap (solicited spam). Matt. _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] <A HREF="https://lists.sourceforge.net/lists/listinfo/spamassassin-talk">https://lists.sourceforge.net/lists/listinfo/spamassassin-talk</A> </pre> </div> <div class="msgButtons margintopdouble"> <ul class="overflow"> <li class="msgButtonItems"><a class="button buttonleft " accesskey="p" href="msg02930.html">Previous message</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="c" href="thrd141.html#02985">View by thread</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="i" href="mail142.html#02985">View by date</a></li> <li class="msgButtonItems textalignright"><a class="button buttonright " accesskey="n" href="msg03017.html">Next message</a></li> </ul> </div> <a name="tslice"></a> <div class="tSliceList margintopdouble"> <ul class="icons monospace"> <li class="icons-email"><span class="subject"><a href="msg02892.html">[SAtalk] More <iframe> thoughts</a></span> <span class="sender italic">Michael Moncur</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg02906.html">Re: [SAtalk] More <iframe> thoughts</a></span> <span class="sender italic">Craig Hughes</span></li> <li class="icons-email"><span class="subject"><a href="msg02928.html">Re: [SAtalk] More <iframe> thoughts</a></span> <span class="sender italic">Matthew Cline</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg02930.html">RE: [SAtalk] More <iframe> thoughts</a></span> <span class="sender italic">Michael Moncur</span></li> </ul></li> <li class="icons-email"><span class="subject"><a href="msg03017.html">[SAtalk] src:cid (was Re: More <iframe> thoughts...</a></span> <span class="sender italic">Matt Sergeant</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg03017.html">[SAtalk] src:cid (was Re: More <iframe> thou...</a></span> <span class="sender italic">Daniel Pittman</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg03053.html">Re: [SAtalk] src:cid (was Re: More <iframe&...</a></span> <span class="sender italic">Matt Sergeant</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg03120.html">[SAtalk] Re: src:cid (was Re: More <ifr...</a></span> <span class="sender italic">Daniel Pittman</span></li> <li class="icons-email"><span class="subject"><a href="msg03129.html">Re: [SAtalk] src:cid (was Re: More <ifr...</a></span> <span class="sender italic">Craig Hughes</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg03275.html">Re: [SAtalk] src:cid (was Re: More &l...</a></span> <span class="sender italic">Matt Sergeant</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg03302.html">Re: [SAtalk] src:cid (was Re: Mor...</a></span> <span class="sender italic">Craig Hughes</span></li> </ul> </ul> </ul> </ul> </ul> </ul> </ul> </div> <div class="overflow msgActions margintopdouble"> <div class="msgReply" > <h2> Reply via email to </h2> <form method="POST" action="/mailto.php"> <input type="hidden" name="subject" value="Re: [SAtalk] More <iframe> thoughts"> <input type="hidden" name="msgid" value="3CA1BD61.8050806@startechgroup.co.uk"> <input type="hidden" name="relpath" value="spamassassin-talk@lists.sourceforge.net/msg02985.html"> <input type="submit" value=" Matt Sergeant "> </form> </div> </div> </div> <div class="aside" role="complementary"> <div class="logo"> <a href="/"><img src="/logo.png" width=247 height=88 alt="The Mail Archive"></a> </div> <form class="overflow" action="/search" method="get"> <input type="hidden" name="l" value="spamassassin-talk@lists.sourceforge.net"> <label class="hidden" for="q">Search the site</label> <input class="submittext" type="text" id="q" name="q" placeholder="Search spamassassin-talk"> <input class="submitbutton" name="submit" type="image" src="/submit.png" alt="Submit"> </form> <div class="nav margintop" id="nav" role="navigation"> <ul class="icons font16"> <li class="icons-home"><a href="/">The Mail Archive home</a></li> <li class="icons-list"><a href="/spamassassin-talk@lists.sourceforge.net/">spamassassin-talk - all messages</a></li> <li class="icons-about"><a href="/spamassassin-talk@lists.sourceforge.net/info.html">spamassassin-talk - about the list</a></li> <li class="icons-expand"><a href="/search?l=spamassassin-talk@lists.sourceforge.net&q=subject:%22Re%5C%3A+%5C%5BSAtalk%5C%5D+More+%3Ciframe%3E+thoughts%22&o=newest&f=1" title="e" id="e">Expand</a></li> <li class="icons-prev"><a href="msg02930.html" title="p">Previous message</a></li> <li class="icons-next"><a href="msg03017.html" title="n">Next message</a></li> </ul> </div> <div class="listlogo margintopdouble"> </div> <div class="margintopdouble"> </div> </div> </div> <div class="footer" role="contentinfo"> <ul> <li><a href="/">The Mail Archive home</a></li> <li><a href="/faq.html#newlist">Add your mailing list</a></li> <li><a href="/faq.html">FAQ</a></li> <li><a href="/faq.html#support">Support</a></li> <li><a href="/faq.html#privacy">Privacy</a></li> <li class="darkgray">3CA1BD61.8050806@startechgroup.co.uk</li> </ul> </div> </body> </html>