“Spam

Pre-spam protection on ALL email accounts!

You may have noticed in the subject lines of your emails items like Spam? or Definitely Spam? or Disarmed.

Why is there Spam? or Definitely Spam? in my email subject?

  • Spam? - means it has been reported as spam by many
  • Definitely Spam? - means it has been verified as spam

*The above will give you the opportunity to create a rule in your Outlook or Apple mail to place these in a spam folder automatically.

 

Why is there Disarmed in my email subject?

  • The tag Disarmed in the subject of an email means that the MailScanner anti-virus system has removed potentially dangerous content — in the same way that you’d say “He disarmed the bomb”.

MailScanner will automatically remove the following kinds of content from email:
File attachments which are frequently used to distribute malicious software, such as Windows .exe files. 


# These are known to be dangerous in almost all cases.


.reg Possible Windows registry attack
.chm Possible compiled Help file-based virus
.cnf Possible SpeedDial attack
.hta Possible Microsoft HTML archive attack
.ins Possible Microsoft Internet Comm. Settings attack
.jse_ Possible Microsoft JScript attack
.lnk Possible Eudora *.lnk security hole attack
.ma_ Possible Microsoft Access Shortcut attack
.pif Possible MS-Dos program shortcut attack
.scf Possible Windows Explorer Command attack
.sct Possible Microsoft Windows Script Component attack
.shb Possible document shortcut attack
.shs Possible Shell Scrap Object attack
.vbe or .vbs Possible Microsoft Visual Basic script attack
.wsc .wsf .wsh Possible Microsoft Windows Script Host attack
.xnk Possible Microsoft Exchange Shortcut attack

 

# These 2 added by popular demand - Very often used by viruses


.com Windows/DOS Executable
.exe Windows/DOS Executable

 

# These are very dangerous and have been used to hide viruses

.scr Possible virus hidden in a screensaver
.bat Possible malicious batch file script
.cmd Possible malicious batch file script
.cpl Possible malicious control panel item
.mhtml Possible Eudora meta-refresh attack

 

# Deny filenames ending with CLSID's


[a-hA-H0-9-]25,\ Filename trying to hide its real extension
Examples:

A977FF0C-8757-4E76-8533-482F91946233
000209FF-0000-0000-C000-000000000046

 

# Deny filenames with lots of contiguous white space in them.


Filename contains lots of white space

 

# Deny all other double file extensions. This catches any hidden filenames.


Found possible filename hiding
Examples:

.txt.pif
.doc.pif
.doc.com
.txt.exe