Showing results for 
Search instead for 
Did you mean: 

Spam filters not blocking spam email containing trojons

Posts: 10,858
Thanks: 2,231
Fixes: 20
Registered: 22-08-2007

Spam filters not blocking spam email containing trojons

Received this today claiming to be from eFax - it is clearly SPAM and carries a virus payload... this threat / profile has been around for quite sometime, I would have hoped that the filters were detecting and dumping such emails by now.  See from August 2012.
Return-path: <>
Delivery-date: Thu, 20 Feb 2014 09:56:01 +0000
Received: from [] (
  by with esmtp (PlusNet MXCore v2.00) id 1WGQMK-0007Ig-Vm
  for; Thu, 20 Feb 2014 09:56:00 +0000
Received: from ([])
by with Plusnet Cloudmark Gateway
id UZvy1n00A28fpZe01Zw080; Thu, 20 Feb 2014 09:56:00 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=ZPRZmBLb c=1 sm=1 tr=0
a=5/uzZl0tz4C4NLUh0lWImA==:117 a=5/uzZl0tz4C4NLUh0lWImA==:17 a=tS228Fp5AAAA:8
a=0Bzu9jTXAAAA:8 a=tD9LQ5CGZVIA:10 a=bLan26Z4dusA:10 a=R7qOGidaiNwA:10
a=xnwAm6YiAAAA:8 a=bQeZWJATAAAA:8 a=0-cTjWCDAAAA:8 a=GGcpBh7Jt_oA:10
a=3oD72ZtMbisA:10 a=VcLggJSdRyQVs0OxFcwA:9 a=pILNOxqGKmIA:10
a=Q-fRhH0PU6gA:10 a=RGMkQnRUZHgA:10 a=ef4nlj9suAkA:10 a=FIA4VO2zAAAA:8
a=F8AvrCCBAAAA:8 a=9cqE55EhAAAA:8 a=0cGOZIAeFjO0tSUv:21 a=_W_S_7VecoQA:10
a=tXsnliwV7b4A:10 a=FkM3Vp9O4r0A:10 a=ALLr9p5pBDnc9vFzo2sA:9
a=BqBDZBPm_nQMS4hV5kwA:14 a=IKIoO-ieCDEA:10
Received: from [] (account HELO
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 981619320 for; Thu, 20 Feb 2014 04:55:49 -0500
From: "eFax Corporate" <>
To: <>
Date: Thu, 20 Feb 2014 04:55:49 -0500
MIME-Version: 1.0
X-Priority: 3
X-Mailer: iqhnbo_40
Message-ID: <>
Content-Type: multipart/mixed;
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Corporate eFax message from "unknown" - 4 page(s)

If DCT need to look into this, xxxxxxx = my PN account name.
witton@ is an email address I have not used for used for years - indeed it pre-dates the webmail hack of a few years back.
moira@ is SWMOB's active email address, - it is a bit scary how the spammer has got these two addresses tied together in a single email ('envelope-to' and 'to' addresses).
Hopefully the SPAM filters can be adjusted to filter these messages.