Full Disclosure mailing list archives
Re: Status
From: Scott Taylor <security () 303underground com>
Date: Tue, 27 Jan 2004 01:14:48 -0700
What I find amusing is that these stupid viruses are sending the same content out to so many people, they are already getting blocked and encapsulated by spamassassin, even before the virus scanner. I hadn't even realized there was a rule for executables, but I might as well go in and boost the scores for microsoft anything. But in the meantime, I expect we'll be seeing a lot of these "status" messages from people on the list we don't usually hear from... On Mon, 2004-01-26 at 23:36, jeff01 () email unc edu wrote:
Content analysis details: (7.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 NO_REAL_NAME From: does not include a real name 0.9 FROM_ENDS_IN_NUMS From: ends in numbers 0.1 MICROSOFT_EXECUTABLE RAW: Message includes Microsoft executable program 3.3 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server [61.8.110.41 listed in dnsbl.sorbs.net] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [61.8.110.41 listed in dnsbl.sorbs.net] 1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE 0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
-- Scott Taylor - <security () 303underground com> BOFH Excuse #36: dynamic software linking table corrupted _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Status, (continued)
- Re: Status Martin Peikert (Jan 28)
- Re: Status Nick FitzGerald (Jan 27)
- Re: Status Gregh (Jan 27)
- Re: Status Nick FitzGerald (Jan 27)
- Re: will this virus(W32.novarg.a) infect people using wine in linux? Dave Sherohman (Jan 27)
- Re: will this virus(W32.novarg.a) infect people using wine in linux? Nico Golde (Jan 27)
- Re: Status Scott Taylor (Jan 27)