We are getting a number of word docs with scams in them. e.g.: http://pastebin.com/m7e7efaac
Note that this message has been MUNGed by Outlook, so the html parts have truly been Mashed Until No Good. As far as I can tell, the following rules didn't hit in the original, pre-MUNGed message: 1.6 MISSING_HEADERS Missing To: header 0.0 HTML_MESSAGE BODY: HTML included in message 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 2.5 L_UNVERIFIED_YAHOO L_UNVERIFIED_YAHOO Incidentally, if anyone knows how to convince the latest Outlook service pack to not mung the body and strip headers when doing the "create new message and drag the message into it" trick, I'd love to be able to tell the helpdesk so that they can collect proper message bodies... The word doc has a pretty standard 419 body in it, I recall some mutterings on this list about using wvHtml to regularize word docs. Is there a documented way to do that yet? Or do folks have a better way of cleaning these out? I'm also thinking of looking for a word attachment in messages with FREEMAIL_REPLYTO, and would appreciate thoughts on that. Something like: mimeheader __ANY_WORD_ATTACH Content-Type =~ #application/msword#/i meta AE_FREE_WORD (__ANY_WORD_ATTACH && FREEMAIL_REPLYTO) score AE_FREE_WORD 1.5 -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
