VIR/W32.Petch

These are old archives. They are kept for historic purposes only.
Post Reply
PHANTOm
Posts: 7
Joined: Sun Mar 07, 2004 8:43 pm
Contact:

VIR/W32.Petch

Post by PHANTOm »

Code: Select all

spamfilter {
	regex "\/britney\.jpg <- uuh, check it out !! :D$";
	target { channel; };
	action viruschan;
	reason "VIR/W32.Petch";
};
codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr »

That's the same as the "Fagot" worm which we already detect. And actually we detect more than just britney.jpg, there are many varieties. jessica_alba.jpg, jenna_jameson.jpg, etc.
-- codemastr
PHANTOm
Posts: 7
Joined: Sun Mar 07, 2004 8:43 pm
Contact:

Post by PHANTOm »

i actually agree the regexp provided in spamfilter.conf for this is more comprihensive but may lead to false positives.

Code: Select all

spamfilter {
	regex "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
	target private;
	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
	action block;
};
codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr »

Perhaps, but only in very rare incidents.
-- codemastr
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop »

<0.001% (prolly even less) false positives are acceptable to me.
Let's please stay realistic and not pissed at each other if someone else's regex / spamfilter block is better ;).
Tracer
Posts: 5
Joined: Mon Mar 08, 2004 6:06 pm
Location: UnrealIRCD Database
Contact:

Post by Tracer »

Couldn't agree more on you Syzop




Cheers! :D
Post Reply