Dan Tappin wrote: > Here is a custom rule for a PayPal spoof virus that is going around.
I missed that one, try this out, they work for all previous scams I've seen. header __RCVD_PAYPAL Received =~ /paypal\.com/i header __FROM_PAYPAL From =~ /paypal\.com/i uri __URI_PAYPAL /paypal\.com/i header __RCVD_EBAY Received =~ /ebay\.com/i header __FROM_EBAY From =~ /ebay\.com/i uri __URI_EBAY /ebay\.com/i header __RCVD_CITIBNK Received =~ /citibank\.com/i header __FROM_CITIBNK From =~ /citibank\.com/i uri __URI_CITIBNK /citibank\.com/i meta FVGT_m_FORGED_PAYPAL (__FROM_PAYPAL && __URI_PAYPAL && !__RCVD_PAYPAL) describe FVGT_m_FORGED_PAYPAL FROM says paypal, URI says paypal, but Received not paypal.com score FVGT_m_FORGED_PAYPAL 110.0 meta FVGT_m_FORGED_EBAY (__FROM_EBAY && __URI_EBAY && !__RCVD_EBAY) describe FVGT_m_FORGED_EBAY FROM says ebay, URI says ebay, but Received not ebay.com score FVGT_m_FORGED_EBAY 110.0 meta FVGT_m_FORGED_CITIBNK (__FROM_CITIBNK && __URI_CITIBNK && !__RCVD_CITIBNK) describe FVGT_m_FORGED_CITIBNK FROM says citibank, URI says citibank, but Received not citibank.com score FVGT_m_FORGED_CITIBNK 110.0 Watch out for line wraps! ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
