Craig Zeigler wrote: > I have been getting hundreds of these messages per day and don't know > how to stop them. The bayes is only come back at 60%. > > They are the messages advertising drugs with a random subject (yes, I > know, one of the many) The filename is Part 1.1.jpg. There is no virus > that I can find. > > Does anyone have a rule to kill these?
Well I'm sick of seeing these too, so here's a rule to make them stop, now you realize that they'll change their tactics in a few days and this rule won't be of any use to us say in a month. This rule didn't cause any FPs in our testing but that doesn't mean it'll work for you. full __FULL_MIME_IMAGE m'\bContent-Type: image/(?:jpeg|gif)'i full __TEST_20_URL m'http://[^\r\n]{10,50}(?:\r\n){1,2}=20\r\n' meta LOCAL_HAS_IMAGES (__FULL_MIME_IMAGE && __TEST_20_URL) score LOCAL_HAS_IMAGES 3.75
