You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Ronald I. Nutter" <ro...@georgetowncollege.edu> on 2005/05/03 15:12:47 UTC
First attempt at writing SPAM rules
We are getting flooded this morning with email that contains the
following item(s) in the body of the message -
*** Server-AntiVirus: No Virus (Clean)
*** "GEORGETOWNCOLLEGE" Anti-Virus
*** http://www.georgetowncollege.edu
OR
*** Attachment-Scanner: Status OK
*** "GEORGETOWNCOLLEGE" Anti-Virus
*** http://www.georgetowncollege.edu
Here is that I have created as a rule set -
body BOGUS_SERVER_AV /Server-AntiVirus:/
describe BOGUS_SERVER_AV Blocks Bogus AV Clean message
score BOGUS_SERVER_AV 20.0
body BOGUS_ATTACH_SCAN /Attachment-Scanner:/
describe BOGUS_ATTACH_SCAN Blocks Bogus Attach Scan message
score BOGUS_ATTACH_SCAN 20.0
Any suggestions ?
Thanks,
Ron
--------------------------------------------------------------------
Ron Nutter ron_nutter@georgetowncollege.edu
Network Infrastructure & Security Manager
Information Technology Services (502)863-7002
Georgetown College
Georgetown, KY 40324-1696
--------------------------------------------------------------------
Re: First attempt at writing SPAM rules
Posted by Duncan Hill <sa...@nacnud.force9.co.uk>.
On Tuesday 03 May 2005 15:02, Maurice Lucas typed:
> Hello,
>
> Send a complete sample to spam \-at/ timj.co.uk for addition to
> http://www.timj.co.uk/linux/bogus-virus-warnings.cf
In some ways though, it isn't a spam, and potentially just tagging a viral
mail and feeding it onwards could be a very bad thing. Sober-N isn't the
first virus to claim to be clean when it isn't.
Re: First attempt at writing SPAM rules
Posted by Maurice Lucas <ms...@taos-it.nl>.
Hello,
Send a complete sample to spam \-at/ timj.co.uk for addition to
http://www.timj.co.uk/linux/bogus-virus-warnings.cf
With kind regards,
Met vriendelijke groet,
Maurice Lucas
TAOS-IT
----- Original Message -----
From: "Ronald I. Nutter" <ro...@georgetowncollege.edu>
To: <us...@spamassassin.apache.org>
Sent: Tuesday, May 03, 2005 3:12 PM
Subject: First attempt at writing SPAM rules
We are getting flooded this morning with email that contains the
following item(s) in the body of the message -
*** Server-AntiVirus: No Virus (Clean)
*** "GEORGETOWNCOLLEGE" Anti-Virus
*** http://www.georgetowncollege.edu
OR
*** Attachment-Scanner: Status OK
*** "GEORGETOWNCOLLEGE" Anti-Virus
*** http://www.georgetowncollege.edu
Here is that I have created as a rule set -
body BOGUS_SERVER_AV /Server-AntiVirus:/
describe BOGUS_SERVER_AV Blocks Bogus AV Clean message
score BOGUS_SERVER_AV 20.0
body BOGUS_ATTACH_SCAN /Attachment-Scanner:/
describe BOGUS_ATTACH_SCAN Blocks Bogus Attach Scan message
score BOGUS_ATTACH_SCAN 20.0
Any suggestions ?
Thanks,
Ron
--------------------------------------------------------------------
Ron Nutter ron_nutter@georgetowncollege.edu
Network Infrastructure & Security Manager
Information Technology Services (502)863-7002
Georgetown College
Georgetown, KY 40324-1696
--------------------------------------------------------------------
Re: First attempt at writing SPAM rules
Posted by Duncan Hill <sa...@nacnud.force9.co.uk>.
On Tuesday 03 May 2005 14:12, Ronald I. Nutter typed:
> We are getting flooded this morning with email that contains the
> following item(s) in the body of the message -
>
> *** Server-AntiVirus: No Virus (Clean)
> *** "GEORGETOWNCOLLEGE" Anti-Virus
> *** http://www.georgetowncollege.edu
>
> OR
>
> *** Attachment-Scanner: Status OK
> *** "GEORGETOWNCOLLEGE" Anti-Virus
> *** http://www.georgetowncollege.edu
That's Sober-N.
http://www.sophos.com/virusinfo/analyses/w32sobern.html