None of the attachments come through in a form that can be executed. Even if they weren't being quarantined by Zone Alarm, et. al. Outlook 2002-2003 all put pif, exe, dll, com, mdb (that one kills me) under security level I (which means they show up but can't be opened) by default. You have to either hack the registry or use a third party tool to move them to level 2 (warning & prompt before you can open)
Like you I'm constantly amazed that people get infected. Several large companies here (Texaco was one of them when my husband worked there) strip ALL attachments except zip that require a password to open. It isn't the different attachment name or as far as I can tell the content of the email. I've had some caught in the spam filters that were identical to those that made it through except for the sender. All I can think of is that I had blacklisted the domain extensions that didn't get through at some point in the past. I have a very large blocked sender list. Just a little bit of common sense before clicking would stop most viruses (viri?) in its tracks. Cheryl D. Wise Microsoft MVP WiserWays, LLC 713 353-0139 www.wiserways.com mailto:[EMAIL PROTECTED] -----Original Message----- From: Abigail Marshall On Thursday, August 21, 2003, 12:20:56 PM, Cheryl D. Wise commented: CDW> What I can't quite figure out is why the spam filters caught CDW> approx. half of the SoBig emails but left the other half to go into CDW> my inbox. Because the exact text of the subject and message varies somewhat. Whatever you are filtering on only is hitting half the time. For example, some Sobig messages have the word "Movie" in the subject, and the last variant of Sobig also had that word, so a filter based on looking for the word "Movie" would work for some, but not all of the virus. The reason I'm having a 100% block rate is that my server spam filter and my desktop email program are configured to block anything with an executable attachment (*.pif, *.bat, *.scr, etc.). The last Sobig variant had a *.zip file, so it was something of a headache for me, but this one doesn't..... which again renders it inexplicable (in my mind) why so many seem to be getting infected. ____ • The WDVL Discussion List from WDVL.COM • ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email. To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]