Hi Nigel, on Thu, 18 Mar 2004 17:35:59 +0000 you wrote:
[Bagle Q/R]
> I'd be interested if anyone has a exiscan acl rule that kills this off
> with a high degree of certainty since theres bound to be a pile of these
> around soon.
No, but I've had the following rule in my bogus-virus-warnings SpamAssasin
ruleset since earlier today; I guess you could drop the regex into the
DATA ACL equally well:
rawbody VIRUS_WARNING_BAGLE3 /^<OBJECT STYLE="display:none"
DATA="http:\/\/[0-9\.]+:81\/[0-9]+\.php">$/
describe VIRUS_WARNING_BAGLE3 Looks like Bagle.R virus/bounce
score VIRUS_WARNING_BAGLE3 10
Tim
