I realize that and thanks because I'm going to use that rule too! :)
JM -----Original Message----- From: Steve Thomas [mailto:[EMAIL PROTECTED] Sent: August 22, 2003 4:56 PM To: John McGivern Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk] SoBig Virus On Fri, Aug 22, 2003 at 03:53:33PM -0400, John McGivern is rumored to have said: > > You ever gets a valid .pif file? I would just block them all. They are 99.9% > viruses. I do (MailScanner), but perhaps some can't/don't want to. He asked for a rule; I gave him a rule. :) > -----Original Message----- > From: Steve Thomas [mailto:[EMAIL PROTECTED] > Sent: August 22, 2003 1:52 PM > To: Patrick Bores > Cc: [EMAIL PROTECTED] > Subject: Re: [SAtalk] SoBig Virus > > > On Fri, Aug 22, 2003 at 11:41:40AM -0500, Patrick Bores is rumored to have said: > > > > I'd like to add spamassassin rules to match certain attachment > > filenames, but I can't seem to get it right. I'm trying things like: > > > > rawbody SOBIG_VIRUS > > /filename="?application.pif|document_all.pif|thank_you.pif"?/ > > > > Any ideas on how to match attachment filenames? > > This really isn't the job of SA - you should have antivirus integrated with your MTA > (if your situation allows). This isn't tested, but based on my latest Sobig catch, > this *should* work: > > rawbody SOBIG_VIRUS > /^\tfilename=\"(?:movie0045\.pif|wicked_scr\.scr|application\.pif|document_9446\.pif|details\.pif|your_details\.pif|thank_you\.pif|document_all\.pif|your_document\.pif)\"$/ > > > HTH, > Steve > > -- > "Silence is argument carried out by other means." > - Ernesto"Che"Guevara (1928-1967) > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines > at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- "If you can count your money, you don't have a billion dollars." - J. Paul Getty (1892-1976) ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
