Just in the last week, the number of messages with what I assume to be the Klez virus or a variant has exploded, at least for me. Since we have no Windows machines I don't pay a lot of attention to email viruses and other malware, but I'm getting 20+ a day, all different insofar as From and Subject headers, and I just want to kill them as spam.
Has anyone written a local rule for this? I have just now started looking at the messages closely, and the key part seems to be an attachment of type audio/x-wav, with a filename of *.(?:pif|scr|exe|bat). I can't imagine anyone sending a legitimate attachment with those criteria, so it should have a fairly high score, if not an automatic trap. Question: does SA consider MIME sub-headers to be "header" or "body"? They are in the traditional RFC822 message body, but they're actually headers. The other one I just get over and over and finally wrote a rule for is something with "Snowhite" and the 7 dwarves, and an attachment that is usually an .exe file. I'm just scoring anything with /snowhite/i and an attachment as probable spam. -- Michael C. Berch [EMAIL PROTECTED] _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that’s a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
