Re: [Exim] Regex for catching RAR flavour of Bagle/beagle

Etusivu
Poista viesti
Vastaa
Lähettäjä: Marcin Owsiany
Päiväys:  
Vastaanottaja: Exim users mailing list
Aihe: Re: [Exim] Regex for catching RAR flavour of Bagle/beagle
On Fri, Mar 19, 2004 at 12:58:15PM +0000, Bruce Richardson wrote:
> --
> On Fri, Mar 19, 2004 at 01:40:46PM +0100, Marcin Owsiany wrote:
> > Might be useful for someone...
> >
> > condition = ${if and{\
> >               {eq{${lookup{$h_subject:}lsearch{CONFDIR/lists/virus-subjects-beagle}{$value}}}{yes}}\
> >               {match{$message_body:}{  UmFyIRoHA[A-P]..c[wxyz0-9\+/]...............[HXn3][Q-T][EMUcks08]}}\
> >             }{yes}{no}}

> >
> > My current list of subjects is:
>
> The exiscan patch plus a decent av scanner (e.g. clamav) are both more
> reliable and considerably less work than this method, imho.


Do you happen to know how clamav copes with this kinds of viruses? Isn't
the zip generated with some random salt added, to make it impossible to
generate signatures for the virus?

Marcin
--
Marcin Owsiany
porridge@???