On Sat, 19 Nov 2011, Sergio wrote:
I am new to the list and want thank you in advance if you help me on this.
I am creating the following rule:
header VIRUS_DHL1 FROM =~ /dhl-usa.com/i
header VIRUS_DHL2 ALL =~ /text inside the email to check for/i
meta VIRUS_DHLTOTAL (VIRUS_DHL1 && VIRUS_DHL2)
describe VIRUS_DHLTOTAL DHL-USA Virus
score VIRUS_DHLTOTAL 11
But the rule is not working fine. Any idea what is the error with this
rule?
Please post a sample message with all headers intact to a pastebin so we
can see it.
Note that poison-pill rules are generally discouraged.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no better measure of the unthinking contempt of the
environmentalist movement for civilization than their call to turn
off the lights and sit in the dark. -- Sultan Knish
-----------------------------------------------------------------------
346 days since the first successful private orbital launch (SpaceX)
