Will MailScanner pickup the W32/Bagle-Q virus? Changed Rule!
Mike Norton
mike.norton at JOBSITE.CO.UK
Fri Mar 19 08:40:04 GMT 2004
Are the first two lines of this rule supposed to be on the same line ?
Thanks
Mike
-----Original Message-----
From: Holger Gebhard [mailto:gebhard at EPOST.DE]
Sent: 18 March 2004 23:44
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Will MailScanner pickup the W32/Bagle-Q virus? Changed
Rule!
Sorry... There is one little mistake in the posted rule...
Changed the ...[1-9]... to ...[0-9]...
It's late ;-)
The changed rule:
rawbody BagleQ_Found /(?:\<object\s{1,3}style\=\Sdisplay\:none.{1,5}
data\=.http\:\/\/([0-9]+[\.|\:|\/])+\w+\.php)/i
describe BagleQ_Found Worm Bagle-Q found
score BagleQ_Found 10.0
Holger
More information about the MailScanner
mailing list