Keith Kikta - iland Internet Solutions wrote:
>Detection in F-Secure Anti-Virus was published on January 26th, 2004 at =
>23:09 UTC in update:=20
>
>
Ummm- ok, Keith- why post this now?
><snip>
>
>The ZIP versions of the worm can be detected by matching the first line =
>of the MIME encoded attachment against one of the following regular =
>expressions=20
>
>
> '^UEsDBAoAAAAAA.{6}zy5egAlgAAAJYAA'
> '^UEsDBAoAAAAAA.{6}KJx\+eAFgAAABYAA'
>
>
and Chris Scott posted this expression on 1/27 in response to your post:
/^UEsDBAoAAAAAA/ REJECT
This matches the first part of both expressions and works quite well in my
body_checks.regexp file.
???
