From: McDonald, Dan [mailto:dan.mcdon...@austinenergy.com] >From: John Hardin [mailto:jhar...@impsec.org] >>On Sun, 19 Jul 2009, Mike Wallace wrote: >> >>> I got one today that wasn't caught by your rule >> >>Whose, mine or Dan's? >> >>> it had 22232 for the domain name inside of www and net and used bracket >>> dot bracket for the separator.
looks like the clamav sanesecurity signatures helped me out. I had 990 of those numeric ones at work that my rule missed but Sanesecurity.Spam.10673 caught. Well, you have to expect them to change their technique. I thought it odd that they were being awfully quiet this weekend. I am expecting [dot] to mutate into something else soon... -- Dan
