Re: help... I am getting bombarded by @swen virus
From: S. Pidgorny
Date: 11/26/03
- Next message: anth0: "using the key recovery tool on a Microsoft Windows 2003 Enterprise Edition CA"
- Previous message: S. Pidgorny
: "Re: Hot Career Opportunity in a Windows Environment" - In reply to: Hairy One Kenobi: "Re: help... I am getting bombarded by @swen virus"
- Next in thread: Ion Marculescu: "Re: help... I am getting bombarded by @swen virus"
- Reply: Ion Marculescu: "Re: help... I am getting bombarded by @swen virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Nov 2003 22:29:10 +1100
Antispam tools not always block Swen, especially when they're
blacklist-based. Antivirus tools do a good job though: I have one mail
account with decent AV rpotection but without spam filters. I get 20+
enlargement offers daily, but no Swens on that account.
A heuristic: block all 140-145KB mails :)
-- Svyatoslav Pidgorny, MVP, MCSE -= F1 is the key =- "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message news:tXwwb.6685$4Y6.673@newsfep4-winn.server.ntli.net... > "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message > news:3fcc8693.2326675192@msnews.microsoft.com... > > On Mon, 24 Nov 2003 14:09:49 -0400, "Vincent Haakmat" > > <vhaakmat@ipx.nagicosus.com> wrote: > > > > >My mail server gets at least 100 mails a day claiming to to be sercurity > > >updates from MS. Everytime it uses a different email address. Strangely > > >enough they are targeted to only 2 users in our domain (both of them with > > >admin privilages). I use ORF Enterprise in addition to GFI Mailsecurity > and > > >Mail Essentials. They don't seem to be able to block them still. > > >How can I stop this attack ??????? > > > > Block the BODY text of "Microsoft Client" or "Microsoft Customer" > > It morphs a /lot/ more than that! > > I would suggest that the OP contact the vendors - my current solution is > limited to header analysis > (working on that one: http://www.codecutters.org/spam/spamreview.html), and > YMMV. Well, "definitely will vary" would be more accurate ;o) > > Blocking on "Client" or "Customer" as part of the incoming address may have > *very* undesirable effects on the Business - best check first. > > HTH > > Hairy One Kenobi > > Disclaimer: the opinions expressed in this opinion do not necessarily > reflect the opinions of the highly-opinionated person expressing the opinion > in the first place. So there! > >
- Next message: anth0: "using the key recovery tool on a Microsoft Windows 2003 Enterprise Edition CA"
- Previous message: S. Pidgorny
: "Re: Hot Career Opportunity in a Windows Environment" - In reply to: Hairy One Kenobi: "Re: help... I am getting bombarded by @swen virus"
- Next in thread: Ion Marculescu: "Re: help... I am getting bombarded by @swen virus"
- Reply: Ion Marculescu: "Re: help... I am getting bombarded by @swen virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
