bagle SpamAssassin rule [SCANNED]

Rob sysadmin at FLEETONE.COM
Wed Mar 3 19:51:41 GMT 2004


> On 3/3/04 9:31 AM, "Dustin Baer" wrote:
>
> > For those of you who want to try to catch these with SpamAssassin, I
> > think the following should work:
> >
> > body     BAGLE_PASSWORD /password.*[0-9]{4,}/i
> > describe BAGLE_PASSWORD Password.*numbers
> > score    BAGLE_PASSWORD 6.5
> >
> > If anyone has a better suggestion, let us know!
>
> Has anyone found this to work? We can't upgrade as of yet to the latest MS
> since we did a apt-get install :( Will know better next time :)
> --
> Thanks!!
> David Thurman
> List Only at Web Presence Group Net

I forwarded an infected mail with the bagle zip attatchment and it caught it
and threw it in my spam folder. The header information showed it was the
BAGLE rule set that found it.

Rob



More information about the MailScanner mailing list