Re: [Full-Disclosure] Status

[Scott Taylor <security@303underground.com>]

What I find amusing is that these stupid viruses are sending the same
content out to so many people, they are already getting blocked and
encapsulated by spamassassin, even before the virus scanner. I hadn't
even realized there was a rule for executables, but I might as well go
in and boost the scores for microsoft anything. But in the meantime, I
expect we'll be seeing a lot of these "status" messages from people on
the list we don't usually hear from...


On Mon, 2004-01-26 at 23:36, jeff01@email.unc.edu wrote:
> Content analysis details:   (7.8 points, 5.0 required)
> 
>  pts rule name              description
> ---- ---------------------- --------------------------------------------------
>  0.3 NO_REAL_NAME           From: does not include a real name
>  0.9 FROM_ENDS_IN_NUMS      From: ends in numbers
>  0.1 MICROSOFT_EXECUTABLE   RAW: Message includes Microsoft executable program
>  3.3 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
>  1.1 RCVD_IN_SORBS_HTTP     RBL: SORBS: sender is open HTTP proxy server
>                             [61.8.110.41 listed in dnsbl.sorbs.net]
>  0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
>                             [61.8.110.41 listed in dnsbl.sorbs.net]
>  1.2 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
>  0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer
> 
> The original message was not completely plain text, and may be unsafe to
> open with some email clients; in particular, it may contain a virus,
> or confirm that your address can receive spam.  If you wish to view
> it, it may be safer to save it to a file and open it with an editor.

--
Scott Taylor - <security@303underground.com> 

BOFH Excuse #36:

dynamic software linking table corrupted

    

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html