Re: help... I am getting bombarded by @swen virus
From: Ion Marculescu (ionm_at_bluewin.ch)
Date: 11/29/03
- Previous message: Edwin Ng: "Problem with CDP in Win2003 Certificate Server"
- In reply to: S. Pidgorny
: "Re: help... I am getting bombarded by @swen virus" - Next in thread: Paul Adare: "Re: help... I am getting bombarded by @swen virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 29 Nov 2003 09:04:13 +0100
I receive 50 Swen virus every day. The ISP Antivirus block the virus but
send me the message from the antivirus that informe me the virus was
deleted. I do not think that antivirus do a good job. Why I must be inform
50 times a day that a virus was fiound in emails that I do not want. Every
virus comes from a completely new and inexistant adress.
"S. Pidgorny <MVP>" <slavickp@yahoo.com> a écrit dans le message de news:
Omn0aCBtDHA.2252@TK2MSFTNGP09.phx.gbl...
> Antispam tools not always block Swen, especially when they're
> blacklist-based. Antivirus tools do a good job though: I have one mail
> account with decent AV rpotection but without spam filters. I get 20+
> enlargement offers daily, but no Swens on that account.
>
> A heuristic: block all 140-145KB mails :)
>
> --
> Svyatoslav Pidgorny, MVP, MCSE
> -= F1 is the key =-
>
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
> news:tXwwb.6685$4Y6.673@newsfep4-winn.server.ntli.net...
> > "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
> > news:3fcc8693.2326675192@msnews.microsoft.com...
> > > On Mon, 24 Nov 2003 14:09:49 -0400, "Vincent Haakmat"
> > > <vhaakmat@ipx.nagicosus.com> wrote:
> > >
> > > >My mail server gets at least 100 mails a day claiming to to be
> sercurity
> > > >updates from MS. Everytime it uses a different email address.
Strangely
> > > >enough they are targeted to only 2 users in our domain (both of them
> with
> > > >admin privilages). I use ORF Enterprise in addition to GFI
Mailsecurity
> > and
> > > >Mail Essentials. They don't seem to be able to block them still.
> > > >How can I stop this attack ???????
> > >
> > > Block the BODY text of "Microsoft Client" or "Microsoft Customer"
> >
> > It morphs a /lot/ more than that!
> >
> > I would suggest that the OP contact the vendors - my current solution is
> > limited to header analysis
> > (working on that one: http://www.codecutters.org/spam/spamreview.html),
> and
> > YMMV. Well, "definitely will vary" would be more accurate ;o)
> >
> > Blocking on "Client" or "Customer" as part of the incoming address may
> have
> > *very* undesirable effects on the Business - best check first.
> >
> > HTH
> >
> > Hairy One Kenobi
> >
> > Disclaimer: the opinions expressed in this opinion do not necessarily
> > reflect the opinions of the highly-opinionated person expressing the
> opinion
> > in the first place. So there!
> >
> >
>
>
- Previous message: Edwin Ng: "Problem with CDP in Win2003 Certificate Server"
- In reply to: S. Pidgorny
: "Re: help... I am getting bombarded by @swen virus" - Next in thread: Paul Adare: "Re: help... I am getting bombarded by @swen virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
