On 2010-04-28 20:01, Chip M. wrote:
I haven't seen any since the first blast, so I suspect their
signatures were widely distributed by most anti-virus orgs.
I'm mainly publishing this for all of us who like to have backup
rules, and are willing to be more general than the sometimes too
tightly focused malware sigs.
For example, I've added "script.vbs" to my instant-death PDF word
scans.
If you still have PDFinfo in your plugin collection:
https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/axb/20_axb_pdf.cf
should hit on these in case AVs don't
