And here, all this time, I thought it was corrupt or uncomplete versions of
Swen.
I have a force hold test in JM.
Here is the filter file I have:
HEADERS 0 CONTAINS@technet.msdn.net
HEADERS 0 CONTAINSMicrosoft Corporation Program Security
HEADERS 0 CONTAINS@technet.net
HEADERS 0 CONTAINSLatest Net Critical Upgrade
SUBJECT 0 CONTAINSLast Net Security Patch
SUBJECT 0 CONTAINSCurrent Network Update
SUBJECT 0 CONTAINSNewest Network Security Pack
SUBJECT 0 CONTAINS{VIRUS?}
SUBJECT 0 CONTAINSCurrent Microsoft Patch
SUBJECT 0 CONTAINSMicrosoft Security Pack
SUBJECT 0 CONTAINSNet Pack
SUBJECT 0 CONTAINSNew Critical Update
SUBJECT 0 CONTAINSNew Net Upgrade
SUBJECT 0 CONTAINSLast Internet Critical Update
SUBJECT 0 CONTAINSCurrent Security Update
SUBJECT 0 CONTAINSInternet Update
SUBJECT 0 STARTSWITH Bug Report
SUBJECT 0 CONTAINSLast Net Patch
SUBJECT 0 CONTAINSNew Patch
SUBJECT 0 CONTAINSLatest Critical PacK
SUBJECT 0 CONTAINSinternet critical update
SUBJECT 0 CONTAINSNew Internet Patch
SUBJECT 0 CONTAINSAbort Advice
SUBJECT 0 CONTAINSMicrosoft Pack
SUBJECT 0 CONTAINSAbort Message
SUBJECT 0 CONTAINSLast Net Pack
SUBJECT 0 CONTAINSLast Internet Update
SUBJECT 0 CONTAINSbug letter
SUBJECT 0 CONTAINSNew Net Critical Patch
SUBJECT 0 CONTAINSLatest Network Security Pack
SUBJECT 0 CONTAINSLast Update
SUBJECT 0 CONTAINSMicrosoft Critical Upgrade
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of R. Scott Perry
> Sent: Tuesday, October 07, 2003 7:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Obvious spam not failing my tests,
suggestions?
> suggestions?
>
>
> >The following headers tell the story. Anything I should be adding to add
> >weight to this? It didn't trigger Sniffer or Alligate, but that's a
> >different issue. The mailbox it was sent to was harvested from usenet,
fwiw.
>
> This is actually a virus:
>
> >FROM: "Microsoft Network Security Section" <[EMAIL PROTECTED]>
> >TO: " " <[EMAIL PROTECTED]>
> >SUBJECT: New Internet Security Pack
> >Mime-Version: 1.0
> >Content-Type: multipart/mixed; boundary="gkxrxour"
> >Message-Id: <[EMAIL PROTECTED]>
> >Date: Mon, 6 Oct 2003 08:33:57 +1300
>
> This appears to be W32/Harmony.A.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.