These are old archives. They are kept for historic purposes only.
PHANTOm
Posts: 7 Joined: Sun Mar 07, 2004 8:43 pm
Contact:
Post
by PHANTOm » Sun Mar 07, 2004 9:04 pm
Code: Select all
spamfilter {
regex "\/britney\.jpg <- uuh, check it out !! :D$";
target { channel; };
action viruschan;
reason "VIR/W32.Petch";
};
codemastr
Former UnrealIRCd head coder
Posts: 811 Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:
Post
by codemastr » Sun Mar 07, 2004 9:11 pm
That's the same as the "Fagot" worm which we already detect. And actually we detect more than just britney.jpg, there are many varieties. jessica_alba.jpg, jenna_jameson.jpg, etc.
-- codemastr
PHANTOm
Posts: 7 Joined: Sun Mar 07, 2004 8:43 pm
Contact:
Post
by PHANTOm » Sun Mar 07, 2004 9:24 pm
i actually agree the regexp provided in spamfilter.conf for this is more comprihensive but may lead to false positives.
Code: Select all
spamfilter {
regex "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
action block;
};
codemastr
Former UnrealIRCd head coder
Posts: 811 Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:
Post
by codemastr » Sun Mar 07, 2004 9:40 pm
Perhaps, but only in very rare incidents.
-- codemastr
Syzop
UnrealIRCd head coder
Posts: 2116 Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:
Post
by Syzop » Mon Mar 08, 2004 12:44 am
<0.001% (prolly even less) false positives are acceptable to me.
Let's please stay realistic and not pissed at each other if someone else's regex / spamfilter block is better ;).
Tracer
Posts: 5 Joined: Mon Mar 08, 2004 6:06 pm
Location: UnrealIRCD Database
Contact:
Post
by Tracer » Mon Mar 08, 2004 6:24 pm
Couldn't agree more on you Syzop
Cheers!