SPAMCOP HOME · SPAMCOP FAQ · NEWSGROUPS · FORUM FAQ · WEBMAIL · SSL WEBMAIL · SPAMCOPWIKI


 Other words, data, places -->  SpamCop Pages V  FAQs & Words V  Newsgroups V  WebMail V  News-Recent Stuff V   Poll on menu

------>------> Latest and Current Announcements <------<------

Welcome Guest ( Log In | Register )

> This is a User to User Support Forum

The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)
Another try:
This forum is composed of people who have used spamcop and those who are learning about anti-spam efforts.

2 Pages V  1 2 >  
Reply to this topicStart new topic
> SpamCop does not send virus, bounced crap
Wazoo
post Mar 3 2004, 09:59 AM
Post #1


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



Now that we have your attention <g>

From Ellen - as posted over in the newsgroups

We do *not* send mail as staff[at]spamcop.net -- if you get mail from that
address in your SpamCop account, it a new variant of a virus mailing. Please
just delete it, do not execute it. The mail system is on automatic AV dat
updates and will have new updates as soon as the AV company posts them *but*
there is always a gap between the release of a new virus and the AV dat file
updates so stay vigilant everyone!

OTOH I am sure that our users are smart enough not to fall for this -- but I
thought I would mention it for those of us who sometimes read our email with
most of brain engaged elsewhere :-)

Ellen

And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...

This post has been edited by Wazoo: Mar 3 2004, 10:34 AM
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Mar 4 2004, 09:16 AM
Post #2


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



no updates yet as to whether or not the anti-virus updates have been written / supplied / installed ... just a lot more complaints about the increasing flow of these damn things from all around the world.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
enigma
post Mar 4 2004, 09:28 AM
Post #3


Member
**

Group: Members
Posts: 38
Joined: 29-January 04
Member No.: 92



There's a new virus called Beagle-J which has such effects. I told that to Jeff already. I received an email to my Spamcop account containing this virus.

Dimitris
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Mar 4 2004, 10:37 AM
Post #4


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



Well, there's actually several "new" nasties running around, that's the reason for this Topic ... that folks were receiving e-mail allegedly from SpamCop specifically, but as said in my last, it's happening all over the world, lowlife scum taking advantage of what once was a nice thing, letting the sender know that their e-mail didn't make it through .. so not only the scanning engines are needing updates, they're causing more ISPs to add to the list of banned file type/name attachments, and causing more issues to those that used to rely on e-mail in general ....
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Mar 5 2004, 11:45 AM
Post #5


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



Well, it seems that there are still new variants being created, so the virus scanning database is still behind the powercurve. Just reporting the obvious to move this back up towrds the front of the list.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jeff G.
post Mar 6 2004, 02:52 AM
Post #6


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3730
Joined: 2-July 04
From: Northeast New Jersey (New York Metro Area), USA ... Please read my sig. :)
Member No.: 2041



JT, can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files? I'm not expecting any such files via email any time soon, and I'd like to have the bagle-spew filtered. Thanks!


--------------------
Best Regards, Jeff G. (full signature)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Lukas
post Mar 6 2004, 03:26 AM
Post #7


Member
**

Group: Members
Posts: 29
Joined: 24-January 04
From: Switzerland
Member No.: 43



QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?


you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan (IMG:style_emoticons/default/biggrin.gif)

Lukas
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jeff G.
post Mar 6 2004, 03:40 AM
Post #8


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3730
Joined: 2-July 04
From: Northeast New Jersey (New York Metro Area), USA ... Please read my sig. :)
Member No.: 2041



QUOTE(Lukas @ Mar 6 2004, 03:26 AM)
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan (IMG:style_emoticons/default/biggrin.gif)

I'd need lots more than ten slots to make that happen, and they wouldn't cover the following:
  • email sent directly to my spamcop.net account
  • email sent through strict forwarders, like bigfoot, sneakemail, and spammotel
  • email forwarded through systems that are too messed up to allow changes, like mailandnews


--------------------
Best Regards, Jeff G. (full signature)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jeff G.
post Mar 6 2004, 01:23 PM
Post #9


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3730
Joined: 2-July 04
From: Northeast New Jersey (New York Metro Area), USA ... Please read my sig. :)
Member No.: 2041



QUOTE(Lukas @ Mar 6 2004, 03:26 AM)
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan (IMG:style_emoticons/default/biggrin.gif)
Is that "different AV-System" similar to the one described edtnps84]here?


--------------------
Best Regards, Jeff G. (full signature)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Lukas
post Mar 8 2004, 03:58 PM
Post #10


Member
**

Group: Members
Posts: 29
Joined: 24-January 04
From: Switzerland
Member No.: 43



QUOTE(JeffG @ Mar 6 2004, 07:23 PM)
QUOTE(Lukas @ Mar 6 2004, 03:26 AM)
QUOTE
can we SpamCop Email System Customers please get an optional filter for password-protected .ZIP files?
you just have to make Spamcop POP your Emails. - Those go through a different AV-System deleting everything it is unable to scan (IMG:style_emoticons/default/biggrin.gif)
Is that "different AV-System" similar to the one described edtnps84]here?

I don't think so. It seems to block everything it is unable to scan.
I discovered this because emails with an unencrypted archive (split up in 2 volumes) got lost through Spamcop-POP. (Blocked by AV). When forwarded to my Spamcop account the same mails got through without problem.

(I'd prefer to have options... and to get everything not positively identified as a virus...)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
clytie
post Aug 13 2004, 08:05 PM
Post #11


Member
**

Group: Members
Posts: 11
Joined: 13-August 04
Member No.: 2370



I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one.

I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it.

I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious...

Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this:

"Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam."

_________________________entire spam received, including headers____________________

From: harvestbug[at]admin.spamcop.net
Subject: SpamCop security breach
Date: 14 August 2004 9:55:12 AM
To: clytie[at]riverland.net.au
Return-Path: <harvestbounces[at]admin.spamcop.net>
Delivered-To: clytie[at]riverland.net.au
Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700
Precedence: list
Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net>
X-Mailer: http://www.spamcop.net/ v1.370

Hello SpamCop user (or recipient of SpamCop reports),

We appologize for this email, but we felt it was important to let you know
of a recent security bug in the SpamCop codebase.

This problem was fixed within hours of its discovery, but unfortunately
your address was among the very small number that was revealed before
we were able to resolve the problem.

We want you to know that security remains our highest priority. We are
always working to ensure that your account information remains secure.

Please accept our sincere appologies for this serious oversight. If you
have any questions, comments or concerns you may reply to this email to
reach a SpamCop representative.

Thank you for your understanding,

- SpamCop management
______________________________end of pasted message___________________________


--------------------
Clytie Siddall - Renmark, in the Riverland of South Australia
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Aug 14 2004, 12:52 AM
Post #12


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail. Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
clytie
post Aug 14 2004, 04:48 AM
Post #13


Member
**

Group: Members
Posts: 11
Joined: 13-August 04
Member No.: 2370



QUOTE(Wazoo @ Aug 14 2004, 03:22 PM)
I just posted some commentary over in http://forum.spamcop.net/forums/index.php?showtopic=2366 that may resolve some of your feelings, hopefully answers some questions about this particular e-mail.  Your requested front-page notification doesn't really work, as part of what you are describing is used in the processing of spam submitted by e-mail.


Thankyou for taking the time to answer. I'm sorry, I don't quite understand what you are saying: do you mean that some of what I suggested is already used by spammers? Sorry to be muddled. <blush>

from Clytie


--------------------
Clytie Siddall - Renmark, in the Riverland of South Australia
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Aug 14 2004, 05:37 AM
Post #14


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



Submission of spam by e-mail results in an e-mail that includes links to a reporting page. Thus your requested statement and definition of "any e-mail from SpamCop" includes normal traffic to/from the SpamCop servers.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
clytie
post Aug 14 2004, 06:54 PM
Post #15


Member
**

Group: Members
Posts: 11
Joined: 13-August 04
Member No.: 2370



Ah, thanks. (IMG:style_emoticons/default/smile.gif) I was having trouble working that one out.

It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes.

I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop.

from Clytie


--------------------
Clytie Siddall - Renmark, in the Riverland of South Australia
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Bill Roberts
post Sep 23 2004, 08:34 AM
Post #16


Member
**

Group: Members
Posts: 18
Joined: 23-September 04
Member No.: 2689



My ISP detected this one
QUOTE
**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************

MESSAGE QUARANTINED

Virus Detected: Malformed container violation

Message Details:
From: mailreport <at> spamcop.net
To: wroberts <at> spamcop.net
Subject: Held Mail Report
Date: 23 Sep 2004 09:19:33 -0000

EarthLink Virus Blocker has quarantined a message sent to
you because it contains a virus that cannot be removed or
disabled.

Quarantined messages are automatically deleted three days
after they are received.

To learn how to access quarantined messages, visit:

http://www.earthlink.net/myaccount/help/vi...ker/#quarantine

*******************
Powered by Symantec
*******************

Is this the same problem? I didn't get my held mail report.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
StevenUnderwood
post Sep 23 2004, 09:23 AM
Post #17


What Life?
Group Icon

Group: Membersph
Posts: 5207
Joined: 20-January 04
From: Whitinsville, MA USA
Member No.: 12



Bill:

I would definitely retreive that message and bring this to the attention of the deputies as I'm sure they would like to know why a text only list of messages was tagged as a virus. What virus did it detect?

Bringing it to the attention of Earthlink would not be a bad idea either.


--------------------
Steven P. Underwood, DNRC
Whitinsville, MA
underwood+forum[at]spamcop.net

-No trees were killed in the sending of this message. However, a large number of electrons were terribly inconvenienced.-
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
DavidT
post Sep 23 2004, 09:27 AM
Post #18


Been There
Group Icon

Group: Memberp
Posts: 2185
Joined: 28-January 04
Member No.: 63



QUOTE(Bill Roberts @ Sep 23 2004, 06:34 AM)
My ISP detected this one
Is this the same problem?  I didn't get my held mail report.

No...it's probably a bug with the "Earthlink Virus Blocker" -- which didn't like the format of your Held Mail report and so it treated it like a virus. Whether or not the "container" was "malformed" is something you might need to address with the SpamCop administration and/or Earthlink (good luck!), but I wonder if you can "whitelist" the Held Mail reports and if that will override their "Virus Blocker" (probably not).

DT

This post has been edited by DavidT: Sep 23 2004, 09:28 AM
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
lia01reg
post Apr 11 2006, 01:14 PM
Post #19


Newbie
*

Group: Members
Posts: 1
Joined: 11-April 06
Member No.: 5542



QUOTE(Wazoo @ Mar 3 2004, 09:59 AM)
Now that we have your attention <g>

From Ellen - as posted over in the newsgroups

We do *not* send mail as staff[at]spamcop.net -- if you get mail from that
address in your SpamCop account, it a new variant of a virus mailing. Please
just delete it, do not execute it. The mail system is on automatic AV dat
updates and will have new updates as soon as the AV company posts them *but*
there is always a gap between the release of a new virus and the AV dat file
updates so stay vigilant everyone!

OTOH I am sure that our users are smart enough not to fall for this -- but I
thought I would mention it for those of us who sometimes read our email with
most of brain engaged elsewhere :-)

Ellen

And as evidenced by other reports, the address doesn't have to be "staff" .. it's showing up as all sorts of "official" titles now ...
*



Hi there,

I've just received an email from staff[at]spamcop.net and I now have 'Play Casino Online' on my desktop which refers me to a premium rate number. Does anyone have any recommendable software to remove this.

cheers,

Raj

---------------
My Webpage
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
dra007
post Apr 11 2006, 01:28 PM
Post #20


Been There
Group Icon

Group: Memberp
Posts: 1561
Joined: 18-March 04
Member No.: 777



Oooops, it probably loaded some malware and/or viruses...I suggest you try any of the free softwares and/or web run removal tools you can find... a simple google should direct you to the right places..
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

2 Pages V  1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

- Lo-Fi Version Time is now: 21st April 2014 - 04:52 AM