SpamPopper Helps Stop Viruses

One of the most irritating things about email these days, besides Spam, is all the virus threats you face. With SpamPopper you can help defend yourself against ALL new email-born viruses before your Antivirus program is updated. Here's how:

Email Viruses - The Mistakes

Email viruses make the same type of mistakes in sending out their nasty cargo as do the Spammers. They fake headers, send thru the wrong portals, and other such tell-tale signs of their vicious intent.

SpamPopper recognizes those mistakes and marks the virus-laden emails as Spam. So before you get a chance to download and potentially launch the virus on your computer, SpamPopper has already shown you that it's an unwanted email and lets you delete it.

Here is an example of the "Debug Log" from SpamPopper for an email carrying the SoBig virus that is terrorizing people right now:

===== Headers for Message 3 =====
Return-Path: <tempshad@hotmail.com> 
Received: from CPERRY ([66.191.192.68]) by urbanus.mspring.net (Earthlink Mail Service) with ESMTP id 19R2H72Xh3Nl5tN0 for <greyface@greyface.com>; Sun, 24 Aug 2003 17:46:40 -0400 (EDT) 
Received from cperry ([66.191.192.68])
Reported:cperry
Supplied:
Address:66.191.192.68
By urbanus.mspring.net (earthlink mail service)
Reported:urbanus.mspring.net
Supplied:
Address:
With esmtp
Id 19r2h72xh3nl5tn0
For <greyface@greyface.com>
Date sun, 24 aug 2003 17:46:40 -0400 (edt)
* Local Host on Topmost Received header
From: <tempshad@hotmail.com> 
To: <greyface@greyface.com> 
Subject: Re: Details 
Date: Sun, 24 Aug 2003 17:46:38 --0400 
X-MailScanner: Found to be clean 
Importance: Normal 
X-Mailer: Microsoft Outlook Express 6.00.2600.0000 
X-MSMail-Priority: Normal 
X-Priority: 3 (Normal) 
MIME-Version: 1.0 
Content-Type: multipart/mixed; boundary="_NextPart_000_06861035" 
Message-Id: <200308241746.19R2H72Xh3Nl5tN0@urbanus.mspring.net> 
== Full: I66.191.192.68
== Frst: I66.191.192.68
* Only one Received Header; Bulk Mailer Spam
*** Failures in Received Headers: 240
*** THIS MAIL IS SPAM ***

As you can see, at the very end SpamPopper summarizes the mistakes and identifies this email as Spam. So before you can get the SoBig virus, SpamPopper stops it and deletes it from your Email Server.

Spotting Viruses with the View Function

Because SpamPopper will download and display an email in "plain text" format, you can also check incoming email for deadly attachments and tricks that carry viruses.

Viruses often disguise their infections by making them look like image files. But in order to make them run on your computer they must also have names that are NOT image names. The trick is to spot the warning signs.

Image files will usually end with .GIF, .JPG or .BMP. But the files that contain virus attachments will always end with an extension that causes them to run when opened. These will be .EXE, .SCR, .PIF, .BAT and possibly others.

When you "View" an Email message, if you see attachments that do not have the right ending, then you know it is not a real picture but a disguised virus waiting to infect you.

Here is an example of what you might find:

Content-Type: image/gif; name="pic.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pic.exe"
Content-ID: <pic.exe>

Notice how the Content-Type is called "image/gif" but the name ends with ".exe"? That's your clue that this is NOT a real image file but a program waiting to attack you.

If SpamPopper didn't catch this on the first pass, you can mark it as Spam manually. Next time SpamPopper will remember email from this person and not let the next one get thru.

Click HERE for our FAQ Answer on how to view an Email message with SpamPopper.