[lug] N00b: Security Warning Fun -- spamassassin blocking
Ryan Wheaton
ryan.wheaton at comcast.net
Tue Aug 19 14:51:16 MDT 2003
A lot of our sales agents have gotten 50+ emails from this already. I'm
not worried about infection because pif's are filtered on the firewall, but
I'm quite afraid that once people REALLY start to get infected with this
worm that it may bring our mail server to it's knees. i'm using
MailScanner (with spamassassin), do y'all think that adding the following
to my spam.assassin.prefs.conf file will drop most of these emails?
full SOBIG /See the attached file for details/i
describe SOBIG Any email with the above phrase
score SOBIG 1000.0
or do i have the use of this file mixed up?
-ryan
At 01:34 PM 8/19/2003 -0600, you wrote:
>On Tue, 2003-08-19 at 13:27, Ryan Wheaton wrote:
> > I've noticed an unsual high amount of spam coming through as well. Some
> > with this subject, some with others, but all with a .pif attachment. My
> > firewall filters out .pif's so i'm not too concerned, but it's driving my
> > users crazy (sometimes, emails come once a minute or so). Anyone else
> seen
> > this or have an explanation??
>
>It is Sobig.F:
>
>http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
>
>Whee!
>--
>"And isn't sanity really just a one-trick pony, anyway? I mean,
>all you get is one trick, rational thinking, but when you're good
>and crazy, ooh ooh ooh, the sky's the limit!" -- The Tick
> The Matt -- http://ucsub.colorado.edu/~thompsma/
More information about the LUG
mailing list