Lucio Chiappetti <lu...@lambrate.inaf.it> wrote:
The subject was "Delivery reports about your e-mail", the apparent originator was From: "MAILER-DAEMON" <nore...@ourdomain>, the body was empty and there was a single attachment "transcript.zip".
Here, yesterday, 93 of 102 came from hosts in Spamhaus Zen and were rejected for that reason. 3 more bounced because envelope sender was mailer-dae...@columbia.edu instead of <>. That's a useful local rule. That doesn't leave many left to analyze, but it's enough to report variations in the attachment: transcript.scr in transcript.zip letter.doc .scr in letter.zip file.pif in file.zip mail.scr in mail.zip Very old-school, using pif and scr file extensions and the name with a lot of spaces in it (actually more spaces than I show here). We started refusing mail with pif and scr files ages ago. It's almost like a very old virus that got reactivated somehow. How many email viruses do you even see these days? Did antivirus provide a name for this thing? Joseph Brennan Columbia University Information Technology
