kenh Posted July 20, 2004 Share Posted July 20, 2004 Over the past three months, I have received e-mail eight times which contained a virus. My anti-virus software caught the viruses but why didn't Spamcop's filters find them? Today I received one with a false MP3 file attached. My firewall catches them as does McAfee but they got through Spamcop. How? KenH Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 20, 2004 Share Posted July 20, 2004 Are they fairly new viruses that are being caught? It takes time for definitions to be implemented. Are the messages definitely passing through the spamcop servers? Can you post the headers because maybe one of the servers needs to be updated. I have not had any viruses make it through the spamcop system to my account, but that does not mean you have not. Link to comment Share on other sites More sharing options...
kenh Posted July 21, 2004 Author Share Posted July 21, 2004 They definately went through Spamcop's servers. All of my e-mail is routed through Spamcop. The following is the header and message of the latest virus. I have x'd out my addresses to keep others who may see this message from harvesting them. The zlq extension on the virus was changed by my firewall to prevent it from being executed. This was a variant of the Bagle virus. The same virus came in a day or two earlier but I deleted the message. The prior six viruses were also deleted. I don't recall which viruses they were. The Bagle virus was new at this time but the prior ones were fairly well known. X-Persona: <Spamcop> Return-Path: <ice[at]countryrv.com> Delivered-To: spamcop-net-xxxxxxx[at]spamcop.net Received: (qmail 25749 invoked from network); 20 Jul 2004 12:46:57 -0000 Received: from unknown (192.168.1.101) by blade1.cesmail.net with QMQP; 20 Jul 2004 12:46:57 -0000 Received: from dns2.canberranet.com.au (HELO canberranet.com.au) (202.168.8.2) by mailgate.cesmail.net with SMTP; 20 Jul 2004 12:46:57 -0000 Received: from Service2.org (unverified [66.63.237.180]) by canberranet.com.au (SurgeMail 1.9b) with ESMTP id 119242 for multiple; Tue, 20 Jul 2004 22:51:14 +1000 Return-Path: <ice[at]countryrv.com> Date: Tue, 20 Jul 2004 07:41:49 -0600 To: "Kenh" <xxxx[at]xxxxx.org> From: "Ice" <ice[at]countryrv.com> Subject: Re: Message-ID: <hjgldglfbboksawuqan[at]icoste.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------znotujijepiistgtasks" X-Server: High Performance Mail Server - http://surgemail.com X-SpamDetect: *: 1.600000 X-Verify-MX present=1.6 X-Verify-MX: <ice[at]countryrv.com> senders ip (ch=66.63.237.180 msg=66.63.237.180, net=66.63.) not in mx data dom=countryrv.com ipname=port180.tb3.industryinet.com (12.14.128.126) X-IP-stats: No info recorded yet X-External-IP: 66.63.237.180 X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.9 tests=HTML_30_40,HTML_MESSAGE,MIME_HTML_ONLY version=2.63 X-SpamCop-Checked: 192.168.1.101 202.168.8.2 66.63.237.180 >foto3 and MP3 MP3.zlq KenH Link to comment Share on other sites More sharing options...
Wazoo Posted July 21, 2004 Share Posted July 21, 2004 On the other hand, why the alarm? All anti-virus stuff is pretty much reactionary, i.e., it's only after the virus has been written, collected by someone, submitted to someone, analyzed by someone, databits coded by someone, database updated by someone, and only then does one have the opportunity to "update your copy" of the database .... some where in there is a factor called "time" .... On the flip side, how much e-mail do you get from (usually) unknown folks that include attachments that aren't spam? Link to comment Share on other sites More sharing options...
agsteele Posted July 21, 2004 Share Posted July 21, 2004 Over the past three months, I have received e-mail eight times which contained a virus. My anti-virus software caught the viruses but why didn't Spamcop's filters find them? Personally, although I'm happy enough for SpamCop to catch viruses, I don't have a high expectation that each and every one will be trapped. In fact I anticipate that some viruses will slip through. I'd say eight in 3 months isn't too bad a record - not brilliant but OK. If you have AV software on your machine then you're being rightly cautious but I expect that even then, you'd still be careful not to open file attachments from uncertain sources. I have one mail account which isn't filtered by SpamCop. It receives viral attachments every week or two - about half of these are not caught by my AV software unless I try to actually open them so presumably some viruses are not so readily identified unless an attempt to open the infected attachment . Andrew Link to comment Share on other sites More sharing options...
kenh Posted July 22, 2004 Author Share Posted July 22, 2004 I am extremely careful (obviously) but I am surprised that these things got through Spamcop. If it is a new virus found within the past day or two, I can understand it but not when it is a well known virus. In terms of volume of e-mail, I get an incredible volume, often from people I do not know but which have legitimate attachments. I do a lot of volunteer work internationally and many people from many countries send me files. I have to be extremely cautious about them which Is why I use Spamcop plus McAfee plus ZoneAlarm plus a router with a firewall. KenH Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.