Thursday, June 13, 2002

Teaching SpamAssassin about the Microsoft KLEZ virus.

Adding lines like the ones below does a pretty good job about tagging
the KLEZ virus as spam. It does miss some of the KLEZ variations
because the KLEZ_CONTENT is slightly different.


$ grep -i klez /usr/share/spamassassin/*
/usr/share/spamassassin/20_body_tests.cf:rawbody KLEZ_IFRAME /iframe
src=3Dcid:/i
/usr/share/spamassassin/20_body_tests.cf:describe KLEZ_IFRAME Frame u
sed by the KLEZ virus
/usr/share/spamassassin/20_body_tests.cf:rawbody KLEZ_CONTENT /TVqQAA
MAAAAEAAAA/i
/usr/share/spamassassin/20_body_tests.cf:describe KLEZ_CONTENT Content
of part of the KLEZ virus
/usr/share/spamassassin/50_scores.cf:score KLEZ_IFRAME 10.0
/usr/share/spamassassin/50_scores.cf:score KLEZ_CONTENT 10.0

1 comment:

  1. I?m impressed, I must say. Really rarely do I encounter a blog that?s both educative and entertaining, and let me tell you, you have hit the nail on the head. Your idea is outstanding; the issue is something that not enough people are speaking intelligently about. I am very happy that I stumbled across this in my search for something relating to this.

    Best Web Development Company in Bhopal

    ReplyDelete