Re: [Exim] More windows viruses

Top Page
Delete this message
Reply to this message
Author: Ian A B Eiloart
Date:  
To: exim-users
Subject: Re: [Exim] More windows viruses

--On Thursday, March 18, 2004 6:10 pm +0000 Chris Edwards
<chris@???> wrote:

>| No, but I've had the following rule in my bogus-virus-warnings
>| SpamAssasin ruleset since earlier today; I guess you could drop the
>| regex into the DATA ACL equally well:
>
> Like this:
>
>   deny    condition = ${if match{$h_X-Priority:}{3}{yes}{no}}
>       condition = ${if match{$message_body}{<OBJECT STYLE=\"display:none\" *\
>               DATA=\"http:\/\/[0-9\.]+:81\/[0-9]+\.php\">} {yes} {no}}


Is that right? Isn't this going to look for an IP address with a trailing
dot, like 1.1.1.1.:81? Shouldn't the regexp look like this:

...\"http:\/\/[0-9\.]+[0-9]+(:[0-9]+)?\/[0-9]+\.php\"...

Note, I've made the port number variable, and optional, too, I think.


> The test of X-Priority header is meant to allow discussion of the recipe.
>
> Note we've seen some with 2 spaces before the "DATA".
>
> Chris
>
> --
> Chris Edwards, Glasgow University Computing Service
>
> --
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>## details at http://www.exim.org/ ##
>




--
Ian Eiloart
Servers Team
Sussex University ITS