Open Bug 218942 Opened 21 years ago Updated 2 years ago

W32.Mimail worm's emails never learned by the spam/junk filter

Categories

(MailNews Core :: Filters, defect)

Product:
MailNews Core
Component:
Filters
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

People

(Reporter: adam, Unassigned)

References

Details

Attachments

(2 files)

an example W32.Mimail email
33.60 KB, text/plain
Details
another example W32.Mimail email
30.02 KB, text/plain
Details 
I'm receiving several large emails a day -- sometimes dozens -- from the
W32.Mimail worm.

While I don't much care from a security point of view, since I'm not running a
platform that it targets, if I mark it as 'junk' (as often as I like) it still
never gets 'learned' by Mozilla MailNews' spam filter and always gets through,
despite having a very characteristic unobfuscated opening paragraph (and then an
attachment -- I don't know if the attachment is randomized).

I think that the spam filter really should be able to 'learn' this spam.

    
    

    
  


  

    
    

    
  
Hmm, yes, even the attachments of the worm's emails are virtually the same (one
just has a little more cruft on the end for some reason).


    
    

    
  
*** Bug 218941 has been marked as a duplicate of this bug. ***

    
    

    
  
This also applies to W32.Swen.A@mm virus. I have received 7 in the last two
hours and have manually marked each of them as junk. Still, Mozilla does not
mark them as such as they come in.

    
    

    
  
See also: "JunkMail Controls seem to becomming less effective - not catching
Microsoft Patch spam" (W32.Swen.A@mm) thread in n.p.m.mail-news.

    
    

    
  
I trained it yesterday and the day before and today I had 6 of them
automatically marked as spam. I use mozilla 1.4

    
    

    
  
After a couple of days of training it seems to catch W32.Swen about 50% of the
time.  BUT, it correspondingly starts to drop a bunch of pretty obvious 'normal'
spams.  :)

And it's still not learning W32.Mimail.


    
    

    
  
*** Bug 223472 has been marked as a duplicate of this bug. ***

    
    

    
  
It been noticed that the virus is being altered or being copy-cat repeatly.  (It
even defy the Norton Anti-Virus temporary when I'm using MS-Outlook until the
DAT was updated nightly - Not related to this Mozilla).  The question here is
how to write a better programming for the Spam/Junk Filter to adapt to the
changing nature of the spam mail?

    
    

    
  
Well, no, that's not really the question -- Mozilla doesn't even seem to learn
the vanilla virus.  Adapting to mutants would be a different bug.

Product: MailNews → Core

    
    

    
  
sorry for the spam.  making bugzilla reflect reality as I'm not working on these bugs.  filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody

    
    

    
  
Filter on "Nobody_NScomTLD_20080620"
QA Contact: laurel → filters
Product: Core → MailNews Core

    
  
Severity: normal → S3

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: