^[ ]*name\=\".*\.(pif|bat|scr|exe|vbs)\"
(kill 'em all! :o)
b
Noel J. Bergman wrote:
How do you defend?
I use a regex matcher, and then if there is an attachment I block it.
I haven't tried it for this latest worm, but for other systems, someone had suggsted:
/^Subject:[ ]*((Current|La(te)?st|New(est)?) ?)(Critical|(Internet|Microsoft|Net(work)?)( Critical|Security)?) (Pack|Patch|Up(date|grade)) *$/o
I believe that our equivalent would be something like:
Subject:^.*((Current|La(te)?st|New(est)?) ?)(Critical|(Internet|Microsoft|Net(work)?)( Critical|Security)?) (Pack|Patch|Up(date|grade)).*$
But I haven't tried it.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
