On Sun, 5 May 2002, Michael Kellogg wrote: > For some reason I have been getting emails - no doubt viruses - from > people I don't even know, with 3 attachments: One is an almost-blank > HTML file, one is some decoy file, like a jpg or Word doc, and one is > a ".zl?" file, where "?" = 3 or 9 usually.
I'd check your virus scanner... chances are, that'd be Klez... it uses HTML code to force Outlook/Outlook Express to run the code. Fortunately for us, TB! doesnt' understand most of that code ;) > I created a filter that processes incoming mail looking for ".zl\d" > (without the quotes) in Kludges, thinking this would automatically > handle these messages. I also specified that the message must have > attachments, just to be safe. IIRC, the file name itself isn't stored in the headers (Kludges) of the emails... it's stored at the beginning of the attachment code... Try doing a full body search for it instead. > This filter is doing nothing; any ideas? Am I mis-using regular > expressions? Is there a simpler way to do this? Help! As I said up top... I wouldnt' worry about it too much, as TB! doesn't run the code... but I suggest looking at the headers of the email, check for a Return-Path in the header... if one is attached, you may want to try emailing that person, let them know there is a risk they are infected. 75% of the Klez virus that have hit where I work actually have the return-path of the actual person set.,... while the From/TO is set to people randomly picked from the infected users address book. -- Jonathan Angliss ([EMAIL PROTECTED]) ________________________________________________________ Current Ver: 1.60i FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
