Virus Bug
==================
The first bug is more straightforward, however it is related to Declude Virus, so please forgive me for not joining that group. In an E-mail that was forwarded from monstor.com, it tripped on a banned extension of .com because a cookie reference was attached by Outlook Express as follows:
------=_NextPart_000_0001_01C3D1D2.DEDBF400
Content-Type: application/octet-stream;
name="nojavascript&dcssip=jobsearch.monster.com"
Content-Transfer-Encoding: base64
Content-Location:
http://cookie.monster.com/DCS000003_6D4Q/njs.gif?dcsuri=/nojavascript&dcssip=jobsearch.monster.comR0lGODlhAQABAIAAAP8A/wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==
------=_NextPart_000_0001_01C3D1D2.DEDBF400--
I'm not sure if there is anything that can be done about this easily, but it was legitimate, and the attachment wasn't an executable, just a cookie. This is the first time that I have ever seen such a thing, so I'm sure it's rare, and maybe a bug with Outlook where it gets confused and attaches cookies coded this way thinking they are COM files???
JunkMail Bug
==============
The small bug with JunkMail is as follows. I've seen the following several times across a number of days with at least v1.77i7 and v1.77i10. I'm using the warn action and it always shows up with the same recipient (%ALLRECIPS%) repeated at least three or four times. The first example is unique, and the last three examples are from a dictionary attack coming from one spammer sent to addresses that never existed on the same domain. The X-MailPure: RECIPIENTS line is related to a weightrange test so that it only displays the recipients when it fails. The IPNOTINMX test generally shows up first, but appears below that line when this happens along with the associated errors. Another thing related is the fact that I have a colon in the WARN action for RECIPIENTS listed with a colon, but it always appears with a space then dash in every message. Here's how that is defined:
----- Global.cfg ----- HIGH-RECIPS weightrange x x 10 24
----- $Default$.junkmail ----- HIGH-RECIPS WARN X-MailPure: RECIPIENTS: <%ALLRECIPS%>
This is not a big deal to me, but I thought that I would let you know about it. Four examples follow:
Received: from mail.com [216.234.126.149] by domain.tld
(SMTPD32-7.15) id A570704020A; Tue, 06 Jan 2004 10:34:08 -0500
Reply-To: <[EMAIL PROTECTED]>
From: "BPD" <[EMAIL PROTECTED]>
Subject: [23] Sales Leads --$1,525 Savings
Date: Tue, 6 Jan 2004 10:34:23 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <[EMAIL PROTECTED]>
X-MailPure:
==================================================================
X-MailPure: NJABL-DYNABLOCK: Failed, listed in dynablock.njabl.org
(weight 4).
X-MailPure: NOABUSE: Failed, listed in abuse.rfc-ignorant.org
(weight 1).
X-MailPure: SORBS-DUL: Failed, listed in dnsbl.sorbs.net (weight 3).
X-MailPure: SPAMCOP: Failed, listed in bl.spamcop.net (weight 8).
X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records
(weight 0).
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected
(weight 0).
X-MailPure: CONCEALED: Failed, concealed message (weight 1).
X-MailPure: BADHEADERS: Failed, non-RFC compliant headers [8400000a]
(weight 4).
X-MailPure: WORDFILTER-SUBJECT: Message failed WORDFILTER-SUBJECT
test (line 63, weight 2).
X-MailPure: RECIPIENTS - <[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]>
X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: IPNOTINMX:
Failed, no legitimate content detected (weight 0).
X-MailPure: [Unknown Var]TESTNAME
X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: [Unknown Var]TESTNAME
X-MailPure: [Unknown Var] sign in the SMTP From address (weight 2).
X-MailPure:
==================================================================
X-MailPure: Spam Score: 23
X-MailPure: Scan Time: 10:34:15 on 01/06/2004
X-MailPure: Spool File: Dd5700704020a2dd9.SMD
X-MailPure: Server Name: mail.com
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: 3639246484.mi.dial.hexcom.net
[216.234.126.149]
X-MailPure:
==================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure:
==================================================================
X-Declude-Date: 01/06/2004 15:34:23 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 372975289
From <[EMAIL PROTECTED]> Tue Jan 06 09:35:58 2004 Received: from ecardica.net [66.246.175.2] by domain.tld (SMTPD32-7.15) id A7C4324022A; Tue, 06 Jan 2004 09:35:48 -0500 Message-ID: <[EMAIL PROTECTED]> From: "eCardica Newsletter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [20] #1 New York Times Best Selling Author of "Nothing Down" & "Creating Wealth" Date: Tue, 06 Jan 2004 02:20:07 +1200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_F20_E09E_964404D9.767FD892" X-Priority: 3 User-Agent: eCardica.com Opt-in Newsletter Mailer X-MailPure: ================================================================== X-MailPure: FIVETEN-SPAMSUPPORT: Failed, listed in blackholes.five-ten-sg.com (weight 4). X-MailPure: MAILPOLICE-BULK: Failed, listed in bulk.rhs.mailpolice.com (weight 8). X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records (weight 0). X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected (weight 0). X-MailPure: KAMI-COMBINED: Message failed KAMI-COMBINED test (line 5787, weight 8) (weight capped at 8). X-MailPure: RECIPIENTS - <[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]> X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: IPNOTINMX: Failed, no legitimate content detected (weight 0). X-MailPure: [Unknown Var]TESTNAME X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: [Unknown Var]TESTNAME X-MailPure: [Unknown Var] sign in the SMTP From address (weight 2). X-MailPure: ================================================================== X-MailPure: Spam Score: 20 X-MailPure: Scan Time: 09:35:57 on 01/06/2004 X-MailPure: Spool File: Dc7c40324022ac5aa.SMD X-MailPure: Server Name: ecardica.net X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: this.ptr.is.named.in.honor.of.arin.nac.net [66.246.175.2] X-MailPure: ================================================================== X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: ================================================================== X-Declude-Date: 01/05/2004 14:20:07 [1455] X-RCPT-TO: <[EMAIL PROTECTED]> Status: R X-UIDL: 372975274
From <[EMAIL PROTECTED]> Tue Jan 06 09:40:26 2004 Received: from ecardica.net [66.246.175.2] by domain.tld (SMTPD32-7.15) id A8CD7DB0230; Tue, 06 Jan 2004 09:40:13 -0500 Message-ID: <[EMAIL PROTECTED]> From: "eCardica Newsletter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [20] #1 New York Times Best Selling Author of "Nothing Down" & "Creating Wealth" Date: Tue, 06 Jan 2004 07:27:08 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_5B1_9F59_AFA91975.8E65AA3E" X-Priority: 3 User-Agent: eCardica.com Opt-in Newsletter Mailer X-MailPure: ================================================================== X-MailPure: FIVETEN-SPAMSUPPORT: Failed, listed in blackholes.five-ten-sg.com (weight 4). X-MailPure: MAILPOLICE-BULK: Failed, listed in bulk.rhs.mailpolice.com (weight 8). X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records (weight 0). X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected (weight 0). X-MailPure: KAMI-COMBINED: Message failed KAMI-COMBINED test (line 5787, weight 8) (weight capped at 8). X-MailPure: RECIPIENTS - <[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]> X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: IPNOTINMX: Failed, no legitimate content detected (weight 0). X-MailPure: [Unknown Var]TESTNAME X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: [Unknown Var]TESTNAME X-MailPure: [Unknown Var] sign in the SMTP From address (weight 2). X-MailPure: ================================================================== X-MailPure: Spam Score: 20 X-MailPure: Scan Time: 09:40:26 on 01/06/2004 X-MailPure: Spool File: Dc8cd07db0230d075.SMD X-MailPure: Server Name: ecardica.net X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: this.ptr.is.named.in.honor.of.arin.nac.net [66.246.175.2] X-MailPure: ================================================================== X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: ================================================================== X-Declude-Date: 01/06/2004 00:27:08 [853] X-RCPT-TO: <[EMAIL PROTECTED]> Status: R X-UIDL: 372975275
From <[EMAIL PROTECTED]> Tue Jan 06 09:42:31 2004
Received: from ecardica.net [66.246.175.2] by domain.tld
(SMTPD32-7.15) id A94C81A0244; Tue, 06 Jan 2004 09:42:20 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "eCardica Newsletter" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [20] Wealth Building Strategies with Robert G. Allen
Date: Tue, 06 Jan 2004 06:12:35 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_5C7_F835_A60981D9.4AE269B0"
X-Priority: 3
User-Agent: eCardica.com Opt-in Newsletter Mailer
X-MailPure:
==================================================================
X-MailPure: FIVETEN-SPAMSUPPORT: Failed, listed in
blackholes.five-ten-sg.com (weight 4).
X-MailPure: MAILPOLICE-BULK: Failed, listed in
bulk.rhs.mailpolice.com (weight 8).
X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records
(weight 0).
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected
(weight 0).
X-MailPure: KAMI-COMBINED: Message failed KAMI-COMBINED test (line
5787, weight 8) (weight capped at 8).
X-MailPure: RECIPIENTS - <[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]>
X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: IPNOTINMX:
Failed, no legitimate content detected (weight 0).
X-MailPure: [Unknown Var]TESTNAME
X-MailPure: IPNOTINMX: Failed, IP is noX-MailPure: [Unknown Var]TESTNAME
X-MailPure: [Unknown Var] sign in the SMTP From address (weight 2).
X-MailPure:
==================================================================
X-MailPure: Spam Score: 20
X-MailPure: Scan Time: 09:42:31 on 01/06/2004
X-MailPure: Spool File: Dc94c081a0244c167.SMD
X-MailPure: Server Name: ecardica.net
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From:
this.ptr.is.named.in.honor.of.arin.nac.net [66.246.175.2]
X-MailPure:
==================================================================
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure:
==================================================================
X-Declude-Date: 01/05/2004 22:12:35 [989]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 372975276Thanks,
Matt
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
