Page 1 of 1

New virus difficoutl to catch

Posted: 10 Jul 2018 09:50
by nicola.piazzi
There is a virus that make a reply to all inbox messages and send mail attaching itself
It is very difficoult to catch because il is a reply to a valid mail
Have someone some idea of a rule to catch it ?

i found that it is positive to FORGED_MUA_OUTLOOK at now

Someone know how to remove attachements when a message is positive to a single rule ?

Re: New virus difficoutl to catch

Posted: 11 Jul 2018 09:56
by shawniverson
Can you identify the attachment somehow in MailScanner?

SpamAssassin won't remove attachments. I'm not sure there is some way to inform MailScanner to remove the attachment via SA....

Re: New virus difficoutl to catch

Posted: 11 Jul 2018 10:04
by nicola.piazzi
attachment name changes each time, i think that there is no way
the only way can be to remove attachments in high score spam (and can be useful)

Re: New virus difficoutl to catch

Posted: 12 Jul 2018 21:14
by shawniverson
Are the content similar? You could identify it using a custom signature perhaps?