Getting lots of Mails with Virus names WhatsApp
Problem reported by Devang Shah - January 7, 2016 at 5:17 AM
Submitted
Hi,
 
Since last 15 days, many users on our servers have started getting Virus mails whose name says WhatsApp & they are from diff unknown mail IDs]
 
WhatsApp [festival@alahlidubai.ae]
[virus a variant of Win32/Bayrob.AT.gen trojan] An audio message has been delivered xvvcqd
 
I am using SM 11 Entp edition with latest build, rest of the server is fine except this WhatsApp mails which are attached with Virus mails 
 
Plz advice 
 
Regards,
Devan

2 Replies

Reply to Thread
0
Try adding these to CUSTOM RULES in your antispam settings:
 
TLS BLOCK - RETURN PATH
TLS BLOCK - RETURN PATH
TLD BLOCK - REPLY TO
TLD BLOCK - REPLY TO
 
TLB BLOCK 2 - FROM
TLB BLOCK 2 - FROM
 
Here's what the list will look like after they have all been added to CUSTOM RULES:
 
List of CUSTOM RULES
List of CUSTOM RULES
 
Remember to ENABLE them:
 
CUSTOM RULES - shown as ENABLED
CUSTOM RULES - shown as ENABLED
 
and then SAVE your changes to your antispam settings by clicking SAVE at the top left-hand corner of the antispam settings page:
 
Don't forget to SAVE your antispam settings!
Don't forget to SAVE your antispam settings!
 
 
 
Here's a list of the TLDs we are blocking.  Note the format:
  • link
  • rocks
  • science
  • work
  • pw
  • ninja
  • cricket
  • hu
 
DOT  ASTERISK  BACKSLASH   DOT DOMAIN  DOLLARSIGN
 
.*\.link$
.*\.rocks$
.*\.science$
.*\.work$
.*\.pw$
.*\.ninja$
.*\.cricket$
.*\.hu$
 
I am in the process of reviewing many of the changes which have been made to RBLs by RBL database providers and will be releasing a new version of my antispam document within the next few weeks.
 
The most recent version of that document can always be found at:
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce,
For some reason I cant get the rule to work. I setup a test rule to see how it worked. Any idea?
 
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP

Reply to Thread