On Tuesday, May 17, 2005, 1:27:25 PM, Jim wrote:
JM Is anyone else seeing a huge amount of spam increase over
JM the last couple days. Most is being caught by sniffer but the
JM overall number of messages especial foreign language spam messages
JM seems to be very high.
You are probably
Yes, these messages were caused by Sunday'sSober.O
and Sober.P remote update of
previouslyinfected PCs, causing them to send out millions of
neo-nazi mail. The next update (likely a new spam-wave) is scheduled in 10 days. Somepublic
mailboxes got as many as 50,000 emails in 48 hours to a
I think that is it, do the links in the messages go to the virus rather than
the normal attachment method to avoid the virus scanners?
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To:
Pete,
Is there a possibility of setting up another return
code for situations such as this such as a blacklist rulecode that only has
rules for messages such as these that should be blacklisted immediately. I
wouldn't mind setting certain high priority rules to block immediately.
Jim
On Tuesday, May 17, 2005, 1:44:30 PM, Jim wrote:
JM Pete,
JM Is there a possibility of setting up another return code for
JM situations such as this such as a blacklist rulecode that only has
JM rules for messages such as these that should be blacklisted
JM immediately. I wouldn't mind setting
Thanks Pete, would you be able to provide the current false positive rates
for the return codes?
Jim Matuska Jr.
Computer Tech2, CCNA
Nez Perce Tribe
Information Systems
[EMAIL PROTECTED]
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: Jim Matuska sniffer@SortMonster.com
On Tuesday, May 17, 2005, 2:57:44 PM, Jim wrote:
JM Thanks Pete, would you be able to provide the current false positive rates
JM for the return codes?
This is not something that we are formally capturing at present,
however anecdotally I can't recall the last time we had an FP
submitted for the
Pete,
Your memory fails you :) I reported one just yesterday, however it was
understandable. The rule is below (slightly obfuscated for public
consumption).
MB Final
MB RULE 349776-055: User Submission, 13 days, 3.1979660500
MB NAME: Account and Password Information are
On Tuesday, May 17, 2005, 6:37:12 PM, Chuck wrote:
CS Can't seem to get a response on a major problem we are having.
Responded off list.
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to