[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: sa-update does not pick up newest German spam wave
From: Karsten =?ISO-8859-1?Q?Br=E4ckelmann?= <guenther () rudersport ! de>
Date: 2008-12-02 17:20:30
Message-ID: 1228238430.4878.32.camel () monkey
[Download RAW message or body]
> Ihre Email "foo@bar" wird wegen Missbrauch innerhalb der naechsten 24
> Stunden gesperrt. Es sind \d{2} Beschwerden wegen Spamversand bei uns
> eingegangen.
> Details und moegliche Schritte zur Entsperrung finden Sie im Anhang.
>
> Attachment:
> randomly named zip file which contains an exe
This is not spam but malware. Got a virus scanner?
> Is not picked up by SA, yet. sa-update did not get any rules against
> it either. Does anyone have a ready-made rule against this, already?
sa-update generally is *not* meant for "signature style updates" once an
hour like that.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic