> From: d.h...@yournetplus.com [mailto:d.h...@yournetplus.com] > Sent: Wednesday, April 28, 2010 2:29 PM > To: users@spamassassin.apache.org > Subject: RE: new PDF "Launch" malware exploit (with sample) > > Quoting "Rosenbaum, Larry M." <rosenbau...@ornl.gov>: > > > Please don't send live malware samples to the list. > > Um... The OP did not send malware to the list. A link was supplied to > the original message. You must have a scanner set up to follow links. > That isn't a good idea, in my opinion.
There was some code in the message, right after the "Here's just the nifty Launch part" paragraph. Perhaps it's not dangerous in a text message, but Forefront didn't like it anyway. > >> -----Original Message----- > >> From: Chip M. [mailto:sa_c...@iowahoneypot.com] > >> Sent: Wednesday, April 28, 2010 2:01 PM > >> To: users@spamassassin.apache.org > >> Subject: new PDF "Launch" malware exploit (with sample) > >> > >> FILE QUARANTINED > >> > >> Microsoft Forefront Security for Exchange Server removed a file > since > >> it was found to be infected. > >> File name: "Body of Message" > >> Virus name: "TrojanDropper:Win32/Pidrop.A" > > > >
