If this kind of attack catches on, and the e-mail can look like almost anything. Passing everything to the more CPU consuming AV engine may be needed.
This attack will work just fine in a plain text (non-HTLM) e-mail. (Will the link work easy?)
Greg
Matt wrote:
Maybe the new MyDoom virus suggests a change in the way that PRESCAN qualifies messages?
--- [This E-mail scanned for viruses by Findlay Internet]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.