This rule catches all of the Beagle variants seen so far:
header MIME_BOUND_BEAGLE Content-Type =~ /^multipart\/mixed;
+boundary="--------([0-9]{15}|[a-z]{20})"$/
describe MIME_BOUND_BEAGLE Beagle worm pattern in MIME boundary
score MIME_BOUND_BEAGLE 150
Since it looks only at the header it won't catch the bounces you get
when your e-mail address is forged as the sender, but those are rare
in my experience.
:: Jeff Makey
[EMAIL PROTECTED]
