Will MailScanner pickup the W32/Bagle-Q virus? Changed Rule!

Holger Gebhard gebhard at EPOST.DE
Thu Mar 18 23:44:11 GMT 2004

Previous message: bagle-n and bagle-o worm using pictures of numbers for passwords
Next message: Scoring for Bayes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sorry... There is one little mistake in the posted rule...
Changed the ...[1-9]... to ...[0-9]...

It's late ;-)

The changed rule:

rawbody  BagleQ_Found /(?:\<object\s{1,3}style\=\Sdisplay\:none.{1,5}
data\=.http\:\/\/([0-9]+[\.|\:|\/])+\w+\.php)/i
describe BagleQ_Found Worm Bagle-Q found
score    BagleQ_Found 10.0

Holger

Previous message: bagle-n and bagle-o worm using pictures of numbers for passwords
Next message: Scoring for Bayes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the MailScanner mailing list