From: "Michael Scheidell" <[EMAIL PROTECTED]>
Sent: Wednesday, 2008, August 20 15:12
From: Bob Pierce <[EMAIL PROTECTED]>
Date: Wed, 20 Aug 2008 16:53:35 -0500
To: <users@spamassassin.apache.org>
Subject: UPS / FedEx spam with virus attached
We've been seeing lots of messages with contents similar to this:
"Unfortunately we were not able to deliver postal package you
sent on July the 25 in time because the recipient's address is not
correct.
Please print out the invoice copy attached and collect the package at
our office."
Of course the zip attachment contains a virus, and ClamAV does not seem
to be catching that either.
Has anyone else been getting lots of these? If so, what are you doing to
block them?
We use amavisd-new to quarantine any zip files with executables.
Oh, the postal one is old. Watch for a new one. Journalists shot in
georgia.
Password protected zip file. Password in email
Any user who goes through the trouble to unzip/put in password then click
on
executable deserves to get infected. (clamav can mark encrypted files as
'virus' if you edit the clamd.conf file)
And THAT one is getting old. There will be a new one. It's times like
this that need extreme agility on the part of making rules.
{^_^}
