4. Moved my Microsoft IE/Outlook HTML engine IFRAME exploit from experimental to production for viruses to get rid of the broken Klez variant and other similar viruses that ship attachments which may not be caught by Glenn's attachment filters or my STF filter rules.

5. More IP blacklist ranges have been added. Rationale on DNSbl is multiple spams received here (or forwarded to us) across multiple days, no open relay and no response after reporting spam; OR spam received here (or forwarded to us), no open relay and 2 or more DNSbls on http://relays.osirusoft.com/cgi-bin/rbcheck.cgi? confirming; OR spam received here (or forwarded to us), no open relay and spamcop confirming and showing a history of spam/nospam/spam/nospam and not a major like aol or yahoo.

6. Note, that we have received no feedback on our confidence rating of rules. Your feedback is appreciated. Send mail to STFRuleConfidence@oitc.com.

7. General feedback on the rules is appreciated. Please send mail to STFRules@oitc.com

8. Viral samples can be forwarded (with complete headers) to UBESamples@oitc.com.

9. Next rule update will transfer certain rules to the 45 day retirement list based upon their inactivity.

Tom