[Exim] Re: Re: Re: Mydoom and virus signature updates

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPeter Bowyer at <-
MPeter Bowyer at ->
Delete this message
Reply to this message
Author: Michelle Konzack
Date:  
To: Exim users list
Subject: [Exim] Re: Re: Re: Mydoom and virus signature updates
--
Am 2004-07-27 08:52:50, schrieb Peter Bowyer:

>OK, nothing special, but what SA rule triggers to detect the virus?

OK, I was looking in some of the Messages...

____ ( 'stdin' ) _____________________________________________________
/
| Content analysis details: (5.5 points, 4.0 required)
|
|   pts rule name              description
|  ---- ---------------------- --------------------------------------------------
|   2.3 BAYES_70               BODY: Bayesian spam probability is 70 to 80%
|                              [score: 0.7700]
|   0.7 DATE_IN_PAST_06_12     Date: is 6 to 12 hours before Received: date
|   2.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
|
|
|
| Content analysis details: (4.0 points, 4.0 required)
|
|   pts rule name              description
|  ---- ---------------------- --------------------------------------------------
|  -0.9 BAYES_30               BODY: Bayesian spam probability is 30 to 40%
|                              [score: 0.3952]
|   1.6 MIME_BASE64_ILLEGAL    RAW: base64 attachment uses illegal characters
|   2.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
|   0.8 AWL                    AWL: Auto-whitelist adjustment
|
|
|
| Content analysis details: (9.5 points, 4.0 required)
|
|   pts rule name              description
|  ---- ---------------------- --------------------------------------------------
|   5.4 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
|                              [score: 0.9999]
|   1.6 MIME_BASE64_ILLEGAL    RAW: base64 attachment uses illegal characters
|   0.0 UPPERCASE_25_50        message body is 25-50% uppercase
|   2.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
|
|
|
| Content analysis details: (4.7 points, 4.0 required)
|
|   pts rule name              description
|  ---- ---------------------- --------------------------------------------------
|   2.1 BAYES_90               BODY: Bayesian spam probability is 90 to 99%
|                              [score: 0.9567]
|   2.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
|
|
|
| Content analysis details: (5.0 points, 4.0 required)
|
|   pts rule name              description
|  ---- ---------------------- --------------------------------------------------
|   0.2 NO_REAL_NAME           From: does not include a real name
|  -0.0 BAYES_40               BODY: Bayesian spam probability is 40 to 44%
|                              [score: 0.4229]
|   1.6 MIME_BASE64_ILLEGAL    RAW: base64 attachment uses illegal characters
|   0.7 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay
|   2.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
\______________________________________________________________________

So all Messages are coming with a forged Outlook Header...

>Peter

I hope this help you...

Greetings
Michelle 

--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)
--
Content-Description: Digital signature


[ signature.pgp of type application/pgp-signature deleted ]
--


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Router name available in RCPT ACL?Re: [Exim] Re: Re: Re: Mydoom and virus signature updates->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)