[antispam-f] Re: Rule with And action
- From: Jeremy C B Nicoll <Jeremy@xxxxxxxxxxxxxxxx>
- To: antispam@xxxxxxxxxxxxx
- Date: Fri, 03 Nov 2006 21:28:11 +0000 (GMT)
In article <9344b37f4e.harriet@xxxxxxxxxx>,
Harriet Bazley <lists@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I'm already deleting them based (by observation) on that same version
> and by minimum size - I'm rather assuming they're all coming from a
> single infected machine, unless it's a weakness in that specific
> Microsoft release that means lots of viruses have got hold of it. So
> far I've had 85 spams and no false positives; that's an awful lot of
> spam I'd have otherwise had to delete manually. All very short
> messages coming from that specific MimeOLE source have been spam.
It's just it seems to me to be as reasonable as saying that all users
of a particular version of - say - Pluto are creating spam.
I don't see why the version of MimeOLE is relevant - I presume all it
is is the software that lets another program create an outbound mail
message. So I'd expect it to be a symptom of a virus but not part of
one.
I googled for it; ironically I found an example webpage about what
spamassassin does, and at frst I thought - maybe it does indicate spam.
But in fact that page showed a sample good mail's headers including that
specific one...
Of course because so many emails are visible on webpages there are many
hits for strings like this. I'm not sure how one would find out what
specific product (if any, rather than an internal windows service) has
the version string.
--
Jeremy C B Nicoll, Edinburgh, Scotland - my opinions are my own.
Other related posts:
