On Mon, 23 Feb 2004, Michele Neylon :: Blacknight Solutions wrote:
> We're still seeing a lot of these even with BigEvil, RBLs etc.
> Has anybody found a "cure" before our CTO deep sixes the rest of Asia?
Funny, I get rid of mine by nuking 'snapshut.com' and watching
for obfuscations of 'logo'.....
uri LOC_LOGOSITE /snapshut\.com/i
describe LOC_LOGOSITE Logo Site
score LOC_LOGOSITE 0.5
body LOC_LOGOOBFU /(?!logo)[l1I][o0][gq][o0]/i
describe LOC_LOGOOBFU Logo Obfuscated
score LOC_LOGOOBFU 0.5
Didn't even have to score them too high.....
- C
> We're still seeing a lot of these even with BigEvil, RBLs etc.
> Has anybody found a "cure" before our CTO deep sixes the rest of Asia?
Funny, I get rid of mine by nuking 'snapshut.com' and watching
for obfuscations of 'logo'.....
uri LOC_LOGOSITE /snapshut\.com/i
describe LOC_LOGOSITE Logo Site
score LOC_LOGOSITE 0.5
body LOC_LOGOOBFU /(?!logo)[l1I][o0][gq][o0]/i
describe LOC_LOGOOBFU Logo Obfuscated
score LOC_LOGOOBFU 0.5
Didn't even have to score them too high.....
- C