I wouldn't be at all surprised if it turns out that these phishing
expeditions for e-mail readers, replies, and credit card details are the
same spammers behind the SoBig malware.
Check out:
http://www.lurhq.com/sobig-e.html
I came across this very detailed write-up when checking out some oddly
Title: Message
Hi
Scott:
OUCH OUCH
OUCH...
We have a number
of tests that deal with blacklist.
1: Regular
Blacklist - DELETE
2: Blacklist in body - weight 20
3: Blacklist
in Header - weight 20
4: Blacklist
in REVDNS - weight 20
We delete on
weight 60.
In a recent update
I by
In a recent update I by mistake did not put an entry in the database
field.. and the following was resulted without knowing..
HEADERS 0 CONTAINS
...
We really need a fail safe for CONTAINS ... no blank entry should be
allowed.. I can't see a single reason for such a filter.. since for
Hi Scott:
Yes it is 1.75i2
X-Note: This E-mail was scanned filtered by Declude [1.75i2] for SPAM
virus.
The following are 3 lines of the Declude log file for an email. This email
was deleted since the weight hit 60.
08/17/2003 13:35:57 Qbcc000bc027c4734 Msg failed FILTER-BODY-BLACKLIST
What do the corresponding entries in your global.cfg file look like?
Bill
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, August 17, 2003 7:17 PM
Subject: [Declude.JunkMail] ROUTETO Peculiarity
In my $default$.junkmail file I have the following setup:
WEIGHT10weight x x 10 0
WEIGHT20weight x x 20 0
WEIGHT30weight x x 30 0
WEIGHT40weight x x 40 0
WEIGHT50weight x x 50 0
Would
change all weight rules under weight50 to weightrange and add the upper
end of the range as the last paramter:
WEIGHT10weightrange x x 10 19
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: