Kurt Buff wrote: > On Sun, May 17, 2009 at 16:23, Bill Landry <b...@inetmsg.com> wrote: >> I'm not sure the purpose is of this kind of email, as the links are not >> clickable, even though they appear to be. The message scored high, but >> wondering what others think about this one: >> >> http://pastebin.com/m74dd8503 >> >> Is it simply a poorly written piece of vbscript that could be dangerous >> if done right? >> >> Bill > > The clsid is a dead giveaway, and pretty dang old: > > http://isc.sans.org/diary.html?storyid=3324 > > Don't know why clamav didn't catch it - I know you're running that...
Hey Kurt, ClamAV did catch the email, but it was with one of the 3rd-party signatures (Sanesecurity) that flagged it. I've got amavisd set to not quarantine some messages and instead pass them onto Spamassassin for scoring and bayes training. Bill
