> EF> header MIME_VER_RATTY Mime-Version =~ /^1\.0 \(produced
by [a-z]{1,20}
>
> I suspect it ovelaps significantly a SARE rule or two, but I'll be
> running that check this weekend.
It actually overlaps a rule that is almost identical that is targeted at
exactly the same pattern.
Hello Eric,
Friday, December 17, 2004, 11:00:12 AM, you wrote:
EF> I've noticed an interesting ratware pattern in the Mime-Version field
EF> that uses "produced by" and then a combination of two random words and a
EF> random version number. ...
EF> header MIME_VER_RATTY Mime-Versi
Hello,
I've noticed an interesting ratware pattern in the Mime-Version field
that uses "produced by" and then a combination of two random words and a
random version number. Here are a few examples:
MIME-Version: 1.0 (produced by nightgownbunyan 8.2)
MIME-Version: 1.0 (produced by lamellartramway
