Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
May 22, 2012, 08:23:21 PM

Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: viruses being sent to my lunarmail!!  (Read 3447 times)
kwdavids
Galactic Royalty
*****
Offline Offline

Posts: 324



WWW
« Reply #15 on: January 27, 2004, 07:45:11 AM »
By the way, you can have Spam Assassin block ALL emails with executable attachments, just add this line to your Spam Assassin user_prefs file:

score MICROSOFT_EXECUTABLE 100

The only gotcha with Novarg is that it also sends itself as a .zip file sometimes.
Logged
Kevin
Martijn
Intergalactic Superstar
*****
Offline Offline

Posts: 180


WWW
« Reply #16 on: January 27, 2004, 01:48:18 PM »
I have Spam Assassin enabled with the default settings and it marks all the virus mails sent by this worm as spam:
Code:
Content preview:  [skipped application/octet-stream attachment] [...]

Content analysis details:   (10.3 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.7 SUB_HELLO              Subject starts with "Hello"
 0.3 NO_REAL_NAME           From: does not include a real name
 0.1 MICROSOFT_EXECUTABLE   RAW: Message includes Microsoft executable program
 2.0 DATE_IN_FUTURE_12_24   Date: is 12 to 24 hours after Received: date
 3.3 MSGID_FROM_MTA_SHORT   Message-Id was added by a relay
 0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer
 1.2 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
Logged
kwdavids
Galactic Royalty
*****
Offline Offline

Posts: 324



WWW
« Reply #17 on: January 27, 2004, 02:05:14 PM »
Our copies of the virus don't have all of those items. We got a zip file version (not MICROSOFT_EXECUTABLE) and a subject of "TEST" instead of "HELLO". These are the hits:

MISSING_MIMEOLE, MSGID_FROM_MTA_SHORT, NO_REAL_NAME, PRIORITY_NO_NAME
Logged
Kevin
jerseygirl8t
Space Explorer
***
Offline Offline

Posts: 9
« Reply #18 on: January 31, 2004, 12:26:50 PM »
I was able to get rid of this nasty virus.  The only email that got hit tho, was these nonrealistic addresses from my lunarpage account.  Not even a legit address like webmaster@   .  Still baffled as to why this happen, but the point is, it's gone now, so I'd rather just not think anymore about it.   Wink
Logged
Ed
Berserker Poster
*****
Offline Offline

Posts: 5208



WWW
« Reply #19 on: January 31, 2004, 03:03:22 PM »
Just a note - if your blocking these emails by IP address - its likely the IP address of a good friend of yours as the worm virus spoofs both the from and the to addresses, hence why you may find your getting bounced messages from other people, even though you or your virus free computer didn't send them!

- Ed
Logged
Kata
--
Ed's Blog
Pain Free Learning - Internet marketing lessons from others mistakes
Joke A Whenever
Ed Loveless Dot Com
Got A Blog? List it on The Blog Resource
Custom PHP Programming and design

Lunarpages Web Hosting

Lunarpages Forums

Lunarpages Affiliate Program
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to: