[Mimedefang] I give up on blocking this one
Brent J. Nordquist
b-nordquist at bethel.edu
Mon Feb 23 13:14:20 EST 2004
On Mon, 23 Feb 2004, David Prestwich <dprestwich at pacsim.com> wrote:
> The emails are the viagra, xanax, and valium ones with variants on this
> subject line: FWD: All Meds Here. v1 at GRA = X+A+Nax . Va1ium , Fi`0ric3t
> \ So|m|a * .Pntermin. TBSJO
There's Matt Ketler's antidrug.cf ruleset for SA you could try; it is in
development and not super comprehensive yet, but catches some of mine:
http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
Like David said, you can use that web-based tool to produce SA rules that
will catch every kind of obfuscation under the sun for a given input
string. But have you seen the output? I've been wondering about the
performance hit I'd take for just a few of the common drugs.
--
Brent J. Nordquist <b-nordquist at bethel.edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
More information about the MIMEDefang
mailing list