Re: [Exim] More windows viruses

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDennis Davis at <-
M\Tony Finch at ->
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: Tim Jackson
CC: exim-users
Subject: Re: [Exim] More windows viruses
| No, but I've had the following rule in my bogus-virus-warnings SpamAssasin
| ruleset since earlier today; I guess you could drop the regex into the
| DATA ACL equally well:

Like this: 

  deny    condition = ${if match{$h_X-Priority:}{3}{yes}{no}}
      condition = ${if match{$message_body}{<OBJECT STYLE=\"display:none\" *\
              DATA=\"http:\/\/[0-9\.]+:81\/[0-9]+\.php\">} {yes} {no}}


The test of X-Priority header is meant to allow discussion of the recipe.

Note we've seen some with 2 spaces before the "DATA".

Chris

--
Chris Edwards, Glasgow University Computing Service


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] More windows virusesRe: [Exim] More windows viruses->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)