Matt Sergeant writes: > Every single one of these is a virus, not spam.
I think it's a worm, actually, but the headers are forged so I don't know who's sending them, so unlike a trojan being sent from a co-worker, it's basically unsolicited email that should be filtered. I think trying to not filter these would be a mistake -- they share too many similarities with spam. Some are actually sent from spam sources, the headers are forged and incorrect. I also suspect some may even be resent by people on purpose, using spammer address lists. Here are the messages. (The USER_IN_WHITELIST one is a false negative from [EMAIL PROTECTED], one of the 60_whitelist.cf addresses, not someone in my actual whitelist.) Y 13 ../mail/spam/2 FROM_BTAMAIL,INVALID_DATE,FROM_NAME_NO_SPACES,MIME_SUSPECT_NAME,CHARSET_FARAWAY_HEADERS,MSG_ID_ADDED_BY_MTA_2,SUBJ_FULL_OF_8BITS Y 9 ../mail/spam/3 FROM_BTAMAIL,INVALID_DATE,FROM_NAME_NO_SPACES,MIME_SUSPECT_NAME,CHARSET_FARAWAY_HEADERS,MSG_ID_ADDED_BY_MTA_2 Y 13 ../mail/spam/74 FROM_BTAMAIL,INVALID_DATE,FROM_NAME_NO_SPACES,MIME_SUSPECT_NAME,CHARSET_FARAWAY_HEADERS,MSG_ID_ADDED_BY_MTA_2,SUBJ_FULL_OF_8BITS Y 7 ../mail/spam/299 NO_REAL_NAME,RELAYING_FRAME,MIME_MISSING_BOUNDARY,MIME_SUSPECT_NAME,MISSING_HEADERS,SUBJ_ALL_CAPS,SUBJ_FULL_OF_8BITS . -97 ../mail/spam/2124 NO_REAL_NAME,RELAYING_FRAME,MIME_MISSING_BOUNDARY,MIME_SUSPECT_NAME,MISSING_HEADERS,USER_IN_WHITELIST . 2 ../mail/spam/5474 FROM_NAME_NO_SPACES,X_NOT_PRESENT,LARGE_HEX,RELAYING_FRAME,MIME_SUSPECT_NAME . 1 ../mail/spam/5529 FROM_NAME_NO_SPACES,LARGE_HEX,RELAYING_FRAME,MIME_SUSPECT_NAME . 4 ../mail/spam/5574 FROM_NAME_NO_SPACES,X_NOT_PRESENT,LARGE_HEX,RELAYING_FRAME,MIME_SUSPECT_NAME,MSG_ID_ADDED_BY_MTA_2 Y 6 ../mail/spam/5661 MAY_BE_FORGED,FROM_NAME_NO_SPACES,X_NOT_PRESENT,LARGE_HEX,RELAYING_FRAME,MIME_SUSPECT_NAME,SUBJ_FULL_OF_8BITS Y 6 ../mail/spam/5726 MAY_BE_FORGED,FROM_NAME_NO_SPACES,X_NOT_PRESENT,LARGE_HEX,RELAYING_FRAME,MIME_SUSPECT_NAME,SUBJ_FULL_OF_8BITS . 3 ../mail/spam/5784 MAY_BE_FORGED,FROM_NAME_NO_SPACES,X_NOT_PRESENT,LARGE_HEX,RELAYING_FRAME,MIME_SUSPECT_NAME Y 5 ../mail/spam/6129 FROM_NAME_NO_SPACES,X_NOT_PRESENT,LARGE_HEX,PORN_10,RELAYING_FRAME,MIME_SUSPECT_NAME,FORGED_HOTMAIL_RCVD,MSG_ID_ADDED_BY_MTA_2 Dan _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
