Teaching SpamAssassin about the Microsoft KLEZ virus.
Adding lines like the ones below does a pretty good job about tagging
the KLEZ virus as spam. It does miss some of the KLEZ variations
because the KLEZ_CONTENT is slightly different.
$ grep -i klez /usr/share/spamassassin/*
/usr/share/spamassassin/20_body_tests.cf:rawbody KLEZ_IFRAME /iframe
src=3Dcid:/i
/usr/share/spamassassin/20_body_tests.cf:describe KLEZ_IFRAME Frame u
sed by the KLEZ virus
/usr/share/spamassassin/20_body_tests.cf:rawbody KLEZ_CONTENT /TVqQAA
MAAAAEAAAA/i
/usr/share/spamassassin/20_body_tests.cf:describe KLEZ_CONTENT Content
of part of the KLEZ virus
/usr/share/spamassassin/50_scores.cf:score KLEZ_IFRAME 10.0
/usr/share/spamassassin/50_scores.cf:score KLEZ_CONTENT 10.0
Tags: laptop
This entry was posted
on Thursday, June 13th, 2002 at 10:43 pm and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.
Teaching SpamAssassin about the Microsoft KLEZ virus
Adding lines like the ones below does a pretty good job about tagging
the KLEZ virus as spam. It does miss some of the KLEZ variations
because the KLEZ_CONTENT is slightly different.
$ grep -i klez /usr/share/spamassassin/*
/usr/share/spamassassin/20_body_tests.cf:rawbody KLEZ_IFRAME /iframe
src=3Dcid:/i
/usr/share/spamassassin/20_body_tests.cf:describe KLEZ_IFRAME Frame u
sed by the KLEZ virus
/usr/share/spamassassin/20_body_tests.cf:rawbody KLEZ_CONTENT /TVqQAA
MAAAAEAAAA/i
/usr/share/spamassassin/20_body_tests.cf:describe KLEZ_CONTENT Content
of part of the KLEZ virus
/usr/share/spamassassin/50_scores.cf:score KLEZ_IFRAME 10.0
/usr/share/spamassassin/50_scores.cf:score KLEZ_CONTENT 10.0
Tags: me
This entry was posted
on Thursday, June 13th, 2002 at 10:43 pm and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.