> From: Bob Pierce <[EMAIL PROTECTED]> > Date: Wed, 20 Aug 2008 16:53:35 -0500 > To: <users@spamassassin.apache.org> > Subject: UPS / FedEx spam with virus attached > > We've been seeing lots of messages with contents similar to this: > > "Unfortunately we were not able to deliver postal package you > sent on July the 25 in time because the recipient's address is not > correct. > Please print out the invoice copy attached and collect the package at > our office." > > Of course the zip attachment contains a virus, and ClamAV does not seem > to be catching that either. > > Has anyone else been getting lots of these? If so, what are you doing to > block them?
We use amavisd-new to quarantine any zip files with executables. Oh, the postal one is old. Watch for a new one. Journalists shot in georgia. Password protected zip file. Password in email Any user who goes through the trouble to unzip/put in password then click on executable deserves to get infected. (clamav can mark encrypted files as 'virus' if you edit the clamd.conf file) -- Michael Scheidell, CTO >|SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer > > Bob > _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _________________________________________________________________________
