hi i am using this rule to catch spam with a google group link, uri __GOOGLEGROUPS_15 m'http://[^.]{15}\.googlegroups\.com'i meta NN_GOOGLEGROUPS_15 __GOOGLEGROUPS_15 && __GOOGLEGROUPS_NUM describe NN_GOOGLEGROUPS_15 Contains a suspicious googlegroups URI. score NN_GOOGLEGROUPS_15 2
but now i am getting a new type of one which the rules doesnt catch "http://groups.google.com/group/ can someone please help me write a rule for this link? __________ Information from ESET NOD32 Antivirus, version of virus signature database 3973 (20090329) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
