On Sun, 22 Jul 2007 01:55:20 +0200
"Chr. v. Stuckrad" wrote:
>On Sun, 22 Jul 2007, Robert Schetterer wrote:
>> > investors news-76212.xls, et all
>> >
>> > no real challenge
>> >

>> jep , got 3 xls spams today

>well, here too,
>but I think soon we'll get the whole mix ...
>a combinatoric explosion of envelope formats
>and content variants, meaning
> 'any windows-showable-fileformat' *
> 'all the already known picture-tricks embedded'
>Anybody working on generic detectors yet?
>(I really would like to plug that (w)hole :-)
>Something like amavis or clamav to first unpack
>and then spamassassin to analyze it?

You might also want to keep in mind if some versions of
Outlook are being
used to generate these spams, you could start seeing just
a winmail.dat
attachment. This would indicate a message was generated in
RTF (rich text
format). See:


If that's the case, non Outlook users won't be able to
open the attachments
period. That is unless they have loaded the proper tools
to extract what's