[Emerging-Sigs] Bobax Spam sigs
Jack Pepper
pepperjack at afferentsecurity.com
Wed Apr 16 08:19:27 EDT 2008
Quoting Michael Scheidell <scheidell at secnap.net>:
> This might be more efficient:
>> score BOBAX_GEN_SPAM 1.800
>> header BOBAX_GEN_SPAM Message-ID =~ /EJXVWDA/m
>> describe BOBAX_GEN_SPAM Has Bobax Generated Message-ID
>
Ah. I was concerned (but uncertain) is the incorrect case sensitivity
on the "message-id" string would cause SA to not catch the event.
Have you tested this? did it work? it would be more efficient in that case.
... back to the lab ...
jp
--
Framework? I don't need no stinking framework!
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
More information about the Emerging-sigs
mailing list