[Mimedefang] scanning message body
Michael Sims
michaels at crye-leike.com
Fri Mar 19 15:05:29 EST 2004
Rick Mallett wrote:
> Does anyone know if this code posted by Joseph will prevent the
> Bagle.Q virus from infecting machines running an unpatched version of
> Outlook/IE?
Bagle.Q, Beagle.O, Borgle.Z, jeez who can keep up with this crap!? :)
Are you using SpamAssassin? This is working for me:
rawbody SA_CUSTOM_BEAGLE_O_R_OR_T /<OBJECT +STYLE="display:none"
+DATA=".*?\/[0-9]+\.php">/i
describe SA_CUSTOM_BEAGLE_O_R_OR_T Email appears to be generated by
W32.Beagle.O, R, or T
score SA_CUSTOM_BEAGLE_O_R_OR_T 0.1
I only score at 0.1 because I'm discarding the message altogether in
mimedefang-filter if SA found this rule...
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
More information about the MIMEDefang
mailing list