[SAtalk] [RD] Possible rule for mimail.m

Yackley, Matt Thu, 04 Dec 2003 08:23:36 -0800

Morning everyone,

Thought I would throw this together to try and catch the latest mimail
variant that uses a password protected zip file that can bypass AV
engines.


header   _YM_HS_MIMAIL_M Subject =~ /Re\[3\]/
body     _YM_B_MIMAIL_M /I was shocked, when I found out that it wasn't
you/i
meta     YM_M_MIMAIL_M (_YM_HS_MIMAIL_M &&_YM_B_MIMAIL_M)
describe YM_M_MIMAIL_M Message contains MIMAIL.M virus
score    YM_M_MIMAIL_M 10.0

Enjoy,
matt


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] [RD] Possible rule for mimail.m

Reply via email to