Good to know. I did not look tat far into the message.
Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Mike K > Sent: Tuesday, January 27, 2004 2:06 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] MyDoom / Novarg > > > This string is in the beginning of first line of the body of > infected emails > all buts the zips > > T_V_q_Q_A_AMAAAAEAAAA > > This is in the beginning of the first line of the .zips > > U_E_s_D_B_AoAAAAAA > > Both of these strings produce virus hits on Google > > NOTE: remove the underscores to get the actual string. > > I put these in a separate body filter with a delete action. Every one held > today was a virus. > > Mike > > > ----- Original Message ----- > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, January 27, 2004 4:01 PM > Subject: [Declude.JunkMail] MyDoom / Novarg > > > > I have been successful trapping most of these viruses with a body filter > > filtering on the > > > > Mail transaction failed. Partial message is available. > > > > and > > > > has been sent as a binary attachment > > > > I placed the extra spaces so they will not get caught by other > filters on > > this list. I then use ROUTETO to send the messages to an > account I monitor > > for false positives. > > > > Out of about 100 catches so far no false positives. > > > > > > Kevin Bilbee > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Jim Priest > > > Sent: Tuesday, January 27, 2004 12:10 PM > > > To: Chuck Schick > > > Subject: Re[2]: [Declude.JunkMail] evaluating declude > > > > > > > > > Tuesday, January 27, 2004, 2:42:18 PM, Chuck wrote: > > > CS> Here are some of my general guidelines. > > > CS> 4. ) A few pieces of Spam are always going to get through > > > because spammers > > > CS> are always changing their methodology. We are in a reactive mode. > > > > > > Chuck, thanks for all the info. Been digging through some of the > > > archives and learning more. > > > > > > Another quick question - how many people use the 'hold' action - and > > > how do you manage any spam which gets held? I've found some software > > > called 'Spam Review' which looks helpful. > > > > > > jim > > > > > > > > > > > > --- > > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.