Tom Kinghorn skrev den 12-12-2012 14:19:
the .tld also changes between .ru & .su
make it a logical signature where it match all domains that you see
spamming, that will be one sigture for this spammer :)
echo "pisem.ru" | sigtool --hex-dump >hex.1
echo "example.org" | sigtoo --hex-dump >hex.2
join hex.1 and hex.2 into a logical or signature so it is just one
signature, then if there is more toplevel spam domain, add this as one
more hex.x to the logical, spammers do use subdomains free, thats why it
does not make sense to make signature for this part
send me samples in private if i should have a look with a signature
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
