On Thu, Jul 26, 2001 at 01:05:35PM -0500, Felipe wrote:
> Alan Thew quoted a securityfocus posting:
> > In the header of the message, everything looks dynamic, and so tracking it
> > seems to be hard. However, there is a slip -- the Date: header actaully
> > appears as 'date:'.
> How can I compouse the right filter...?
Perhaps a filter stanza like:
# The W32/Sircam virus is sending messages with lower case date: headers
if $message_headers CONTAINS "\ndate: "
then
freeze text "Suspect W32/Sircam virus message"
endif
(The upper-case CONTAINS makes the string comparison case
sensitive.)
--
Jim Tittsler, Tokyo
Python Starship http://starship.python.net/crew/jwt/
