dealing with email from "Mydoom" worm

[Fred Yankowski]

I'm wondering how others are dealing with the onslaught of e-mail from
the "Mydoom" worm.  A bunch of the messages got through my bogofilter
instance this morning as both "No" (ham/false-negative) and "Unsure".
I trained on those messages as spam and now not much is getting
through as "No" but quite a bit still gets classified as "Unsure".
I'm continuing to train on those, as usual.

But something feels wrong about using bogofilter to process
worm-generated email as akin to spam.  I'm concerned that the "Mydoom"
triggered messages are a bit too close to real non-spam messages for
comfort.  (On the other hand, I get so many bounce messages as a
result of spammer's forging "from" headers with my domain names, that
I'm mostly ignoring such messages anyway.)

-- 
Fred Yankowski