On 7/25/2012 9:33 AM, Sebastijan Šilec wrote:
I'm getting a lot of AXB_XMAILER_MIMEOLE_OL_4379D and
AXB_XMAILER_MIMEOLE_OL_024C2 hits lately from legit users.
What triggers this scores?
meta AXB_XMAILER_MIMEOLE_OL_024C2 (__AXB_XM_OL_024C2 &&
__AXB_MO_OL_024C2)
header __AXB_MO_OL_024C2 X-MimeOLE =~ /Produced\ By\ Microsoft\
MimeOLE\ V6\.00\.2600\.0000/
header __AXB_XM_OL_024C2 X-Mailer =~ /Microsoft\ Outlook\ Express\
6\.00\.2600\.0000/
So it's looking for an email that contains both the X0MimeOLE string and
the X-Mailer string specified in those two rules.
--
Bowie
