I've just had a couple of the latest windows virus/worm attempts hit the
list - fortunately both hit the moderation queue (likely to stay that
way with this version since it apparently uses sender domain = recipient
domain), but the content level scanning on exim.org will not block it.
See
http://www3.ca.com/threatinfo/virusinfo/virus.aspx?ID=38599
http://www.f-secure.com/v-descs/bagle_q.shtml
The message content is a version short piece of HTML with a PHP URL (to
port 81) in it - due to MSIE bugs fixed a while back this will download
and install a mailing engine on vulnerable machines.
I'd be interested if anyone has a exiscan acl rule that kills this off
with a high degree of certainty since theres bound to be a pile of these
around soon.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
