All the Perl that's Practical to Extract and Report

W32/Bagle.j@MM SpamAssassin Rules

mattriffle on 2004-03-03T14:56:08

These are admittedly not pretty (or condensed as much as they could be), but they work:

http://www.jennandmatt.com/misc/bagle/

On a post formatting note: is there any way I'm missing to do something similar to <pre> tags in a post? I couldn't get the rules to format correctly inline, hence the URL.

-Matt

Much simpler rule

merlyn on 2004-03-03T15:44:09

Message-ID matches
<[a-z]{19}@

&lt;ecode&gt;

schwern on 2004-03-03T20:30:37

Can't use <pre> tags because someone might screw up the formatting of a page by posting a comment that's one big long line. Really has more to do with Slashdot users than it being a real problem on use.perl.org.

What you want is <ecode>.

header   BAGLE_WORM_SUBJ1  Subject =~ /E-?mail account (security|utilization|disabling) warning\./
describe BAGLE_WORM_SUBJ1  Virus - Appears to be the W32/Bagle.j@MM worm
score    BAGLE_WORM_SUBJ1  5

header   BAGLE_WORM_SUBJ2  Subject =~ /((Important )?[Nn]otify|Warning) (about your|(about )?using the) e-mail account( utilization)?/
describe BAGLE_WORM_SUBJ2  Virus - Appears to be the W32/Bagle.j@MM worm
score    BAGLE_WORM_SUBJ2  5