Will MailScanner pickup the W32/Bagle-Q virus?

Holger Gebhard gebhard at EPOST.DE
Thu Mar 18 21:59:46 GMT 2004

Previous message: Phatbot
Next message: Will MailScanner pickup the W32/Bagle-Q virus?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Peter...

Try this SA-Rule:

rawbody  BagleQ_Found /(?:\<object\s{1,3}style\=\Sdisplay\:none.{1,5}
data\=.http\:\/\/([1-9]+[\.|\:|\/])+\w+\.php)/i
describe BagleQ_Found Worm Bagle-Q found
score    BagleQ_Found 10.0



Holger

Previous message: Phatbot
Next message: Will MailScanner pickup the W32/Bagle-Q virus?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the MailScanner mailing list