Updated regex from my friend: uri CUSTOM_IE_URL_SPOOF /\x01\s*\@|&\#01\s*\@|\%01\s*\@/
He missed the %01 encoding. -----Original Message----- From: Ivar Snaaijer [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 12:13 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] Need a rule for IE Exploit Fred wrote: >Hello, >I am out the door on my way to work but we need a rule for a new IE exploit >just released, >Visit this page, the exploit is harmless but to the spoofer, it's man's best >friend. > >http://www.zapthedingbat.com/security/ex01/vun1.htm > >I think this should be put in the next SA release!! > > Was about tu suggest something similar, any RegExp wizard that can create the rule ? any mail containing an URL with %01@ in it is most likely to be spam Ivar. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
