No problem. I picked a subset of the ones you described to use
myself.
Several rules can be combined into one as well ... Things
like:
A virus was detected
virus detected
can be described as .*virus.*detected.*
I don't see too many foreign ones so I dropped a lot of those.
I also had to es
This looks quite useful. I have seen several of these "AV spam"
messages. The worst ones actually contain the MIME encoded text of the
virus. They don't decode on the server because they are considered as
text. (The MIME boundary is not the same as the email MIME
boundary.) Unfortunately,
