> -Original Message-
> From: Dave Koontz [mailto:[EMAIL PROTECTED]
> Sent: Sunday, 24 February 2008 5:09 p.m.
> To: users@spamassassin.apache.org
> Subject: Please help with rule
>
> I am still getting some Storm Worm messages that are not being caught,
> even wit
Thanks all for the info, the uri check is much better.
Joseph you were absolutely correct about it catching too wide. I modified
it to pattern check the end only and it now works a treat!
uri DANGEROUS_URL/\.(exe|scr|pif|cmd|bat|vbs|wsh)$/i
describe DANGEROUS_URLURL contai
--On Saturday, February 23, 2008 23:08 -0500 Dave Koontz <[EMAIL PROTECTED]>
wrote:
I am still getting some Storm Worm messages that are not being caught,
even with Sane Security / ClamAV. I thought I'd write a rule to score
any URL that has a dot exe, scr or pif extension. However, my rul
Untested, but try
uri EXECUTABLE_WEBSITE/\.(?:exe|scr|pif)$/i
Loren
- Original Message -
From: "Dave Koontz" <[EMAIL PROTECTED]>
To:
Sent: Saturday, February 23, 2008 6:52 AM
Subject: Please help with rule
I am still getting some Storm Worm messages th
On Sat, February 23, 2008 15:52, Dave Koontz wrote:
> I am still getting some Storm Worm messages that are not being caught,
> even with Sane Security / ClamAV. I thought I'd write a rule to score
> any URL that has a dot exe, scr or pif extension. However, my rule is
> not working. Can someone
I am still getting some Storm Worm messages that are not being caught,
even with Sane Security / ClamAV. I thought I'd write a rule to score
any URL that has a dot exe, scr or pif extension. However, my rule is
not working. Can someone help advise what is wrong? I want it to
pickup any http
I am still getting some Storm Worm messages that are not being caught,
even with Sane Security / ClamAV. I thought I'd write a rule to score
any URL that has a dot exe, scr or pif extension. However, my rule is
not working. Can someone help advise what is wrong? I want it to
pickup any http
