| We had a very short spam come in (actually it had a virus attachment named "updated-password.zip"). There is not much to grab onto Content analysis details: (1.5 points, 5.0 required) ____ pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 NO_REAL_NAME From: does not include a real name 0.2 HTML_20_30 BODY: Message is 20% to 30% HTML 0.0 HTML_MESSAGE BODY: HTML included in message 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.1 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE so I wonder if one can use a rule to look for the name of the attachment in the header/body of the email to ID this (see below). Any thoughts on how to approach? Using SA 3.0.4 with Razor2 installed. This is a multi-part message in MIME format.
------=_NextPart_000_0005_67B7CFFA.FC0D3D0A Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
------=_NextPart_000_0005_67B7CFFA.FC0D3D0A Content-Type: application/octet-stream; name="updated-password.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="updated-password.zip" |
- Trying to id spam Dr Robert Young
- Re: Trying to id spam Rick Macdougall
- Re: Trying to id spam David B Funk
- RE: Trying to id spam Herb Martin
- Re: Trying to id spam Dr Robert Young
- Re: Trying to id spam jdow
- Re: Trying to id spam Dr Robert Young
- Re: Trying to id spam jdow
- Re: Trying to id spam JamesDR
- Re: Trying to id spam Loren Wilton
- Re: Trying to id spam Andy Jezierski
