|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mimail pattern?
From: Mark Jeftovic (mark
jeftovic.net)
Date: Fri Aug 01 2003 - 19:40:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I should have put in disclaimers, do your own DD, no warranties,
remove cellophane before eating, your milage may vary, etc.
But so far this is working for me, although I can think of various ways
it could be tightened up as a pattern.
-mark
On Fri, 1 Aug 2003, Mark Jeftovic wrote:
>
>
> I've noticed the subject line is "your account" followed by a bunch
> of spaces and then 8 random characters.
>
> So far this is working for me:
>
> /^Subject: your account\s{5,}.{8,8}/ REJECT Mimail Virus Detected
>
> (using pcre of course)
>
> -mark
>
> On 1 Aug 2003, Chateauneuf wrote:
>
> > On Fri, 2003-08-01 at 20:01, Mark Jeftovic wrote:
> > > New worm, mimail...
> > >
> > > http://zdnet.com.com/2100-1105_2-5059087.html
> > >
> > > Anyone gotten enough of these to analyze a pattern?
> > >
> > > Using just the subject may be too loose.
> > >
> > > -mark
> >
> > That URL wouldn't resolve but we have had some discussion in DShield.
> > The volume seems to be picking up. All that I have received have been
> > addressed to Adminyourdomain. Most of what I received came from a DSL
> > on PacBell.
> >
>
>
--
mark jeftovic
http://www.easydns.com
http://mark.jeftovic.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]