d.hill at yournetplus
Jul 21, 2007, 6:14 PM
Post #4 of 6
(158 views)
Permalink
|
On Sun, 22 Jul 2007 01:55:20 +0200
"Chr. v. Stuckrad" <stucki[at]mi.fu-berlin.de> wrote:
>On Sun, 22 Jul 2007, Robert Schetterer wrote:
>
>> > investors news-76212.xls, et all
>> >
>> > no real challenge
>> >
>> jep , got 3 xls spams today
>
>well, here too,
>
>but I think soon we'll get the whole mix ...
>a combinatoric explosion of envelope formats
>and content variants, meaning
> 'any windows-showable-fileformat' *
> 'all the already known picture-tricks embedded'
>
>Anybody working on generic detectors yet?
>(I really would like to plug that (w)hole :-)
>
>Something like amavis or clamav to first unpack
>and then spamassassin to analyze it?
>
>Stucki
You might also want to keep in mind if some versions of
Outlook are being
used to generate these spams, you could start seeing just
a winmail.dat
attachment. This would indicate a message was generated in
RTF (rich text
format). See:
http://en.wikipedia.org/wiki/TNEF
If that's the case, non Outlook users won't be able to
open the attachments
period. That is unless they have loaded the proper tools
to extract what's
inside.
|
