On Sun, 22 Jul 2007 01:55:20 +0200
"Chr. v. Stuckrad" wrote:
>On Sun, 22 Jul 2007, Robert Schetterer wrote:
>
>> > investors news-76212.xls, et all
>> >
>> > no real challenge
>> >

>> jep , got 3 xls spams today

>
>well, here too,
>
>but I think soon we'll get the whole mix ...
>a combinatoric explosion of envelope formats
>and content variants, meaning
> 'any windows-showable-fileformat' *
> 'all the already known picture-tricks embedded'
>
>Anybody working on generic detectors yet?
>(I really would like to plug that (w)hole :-)
>
>Something like amavis or clamav to first unpack
>and then spamassassin to analyze it?
>
>Stucki


You might also want to keep in mind if some versions of
Outlook are being
used to generate these spams, you could start seeing just
a winmail.dat
attachment. This would indicate a message was generated in
RTF (rich text
format). See:

http://en.wikipedia.org/wiki/TNEF

If that's the case, non Outlook users won't be able to
open the attachments
period. That is unless they have loaded the proper tools
to extract what's
inside.