On Wed, 3 Mar 2004, Sylvain Robitaille wrote:
> For what it's worth, I append my contribution to the matter below my
> signature. I do hope folks will let me know if they see any problems
> with it. ...
Gah! This is what I get for reading the thing *after* I already sent
it!
Patch appended ...
--
----------------------------------------------------------------------
Sylvain Robitaille [EMAIL PROTECTED]
Systems analyst / Postmaster Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
--- 90_bagle.cf Wed Mar 3 14:29:54 2004
+++ 90_bagle.cf.NEW Wed Mar 3 14:36:23 2004
@@ -7,10 +7,10 @@
header __CONCORDIA_BAGLE_FROM From =~
/(?:abuse|management|administration|staff|noreply|support)[EMAIL PROTECTED]/
body __CONCORDIA_BAGLE_GREETING /^(?:dear|hello)\s+user/i
-header __CONCORDIA_BAGLE_MSGID Message-ID =~ /[a-z]{11,[EMAIL PROTECTED]/
+header __CONCORDIA_BAGLE_MSGID Message-ID =~ /[a-z]{11,[EMAIL PROTECTED]/
describe __CONCORDIA_BAGLE_MSGID Message-ID in format used by Bagle variants
-rawbody __CONCORDIA_ATTACH /^Content-Type: application/octet-stream;
name=".+\.(pif|zip)"$/
+rawbody __CONCORDIA_ATTACH /^Content-Type: application\/octet-stream;
name=".+\.(pif|zip)"$/
describe __CONCORDIA_ATTACH Message contains suspicious attachment.
# NOTE that this might be worth using in other contexts, but for now I'm
# including only those I've seen with this particular virus.
