Friend gave this to me this morning: uri CUSTOM_IE_URL_SPOOF /\x01\s*\@|&\#01\s*\@/ score CUSTOM_IE_URL_SPOOF (up to you, I set it to 5.0) describe CUSTOM_IE_URL_SPOOF Custom: URL tries to spoof its identity via an IE trick
Anyone care to comment on it's efficiency/complete lack of use ? :) I'm horrible at regex. -----Original Message----- From: Ivar Snaaijer [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 12:13 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] Need a rule for IE Exploit Fred wrote: >Hello, >I am out the door on my way to work but we need a rule for a new IE exploit >just released, >Visit this page, the exploit is harmless but to the spoofer, it's man's best >friend. > >http://www.zapthedingbat.com/security/ex01/vun1.htm > >I think this should be put in the next SA release!! > > Was about tu suggest something similar, any RegExp wizard that can create the rule ? any mail containing an URL with %01@ in it is most likely to be spam Ivar. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
