# joy, 2003-08-15 rawbody PIC_GIF /^Content-ID: /i describe PIC_GIF pic*.gif in attachment, common spam/virus score PIC_GIF 3 header POSSIBLEVIRUS Subject =~ /\{Virus\?\} / describe POSSIBLEVIRUS possible or cleaned virus tag found in Subject score POSSIBLEVIRUS 2 # cjwatson, 2003/09/22 2003/10/02 header AV_SCAN Subject =~ /AntiVirus scan results/ describe AV_SCAN virus fallout score AV_SCAN 4 # cjwatson, 2003/09/24 body CORREO_TERRA /Antivirus de Correo de Terra/ describe CORREO_TERRA virus fallout score CORREO_TERRA 2 # cjwatson, 2003/09/24 body WEBSHIELD /Network Associates WebShield SMTP.*detected virus/ describe WEBSHIELD virus fallout score WEBSHIELD 3 # cjwatson, 2003/09/25, joy 2003-10-01 header AV_ALERT Subject =~ /^(Anti)?Virus Alert/ describe AV_ALERT virus fallout score AV_ALERT 4.5 # cjwatson, 2003/09/29 body INFECTED_OBJ /because contains an infected object/ describe INFECTED_OBJ virus fallout score INFECTED_OBJ 4 # joy, 2003-10-01 header AV_RESULTS Subject =~ /AntiVirus scan results/i describe AV_ALERT anti-virus spam score AV_ALERT 4 # cjwatson, 2004-01-27 header IOL_ALERTA Subject =~ /IOL - ALERTA de Virus/ describe IOL_ALERTA misdirected antivirus score IOL_ALERTA 4 # blarson 2004-04-10 rawbody ZIPCOMPRESSED /application\/x-zip-compressed/i describe ZIPCOMPRESSED zip compressed attachment score ZIPCOMPRESSED 2 # blarson 2005-04-29 header MICROVIRUS subject =~ /(?:Current|Latest|Newest|New) (?:Microsoft|Internet|Net) (?:Security|Critical)? ?(?:Patch|Pack|Update|Upgrade)/i describe MICROVIRUS microsoft email virus score MICROVIRUS 4 # blarson 2006-11-21 rawbody AVGMAIL /\b\-\-\=\=\=\=\=\=\=AVGMAIL/ describe AVGMAIL avg virus claim score AVGMAIL 3 # don 2007-06-25 blarson 2007-06-28 # This is %PDF-1.1 base64 encoded full PDFATTACH /JVBERi0xLjE/ describe PDFATTACH PDF Attachment score PDFATTACH 2 # blarson 2007-06-29 header PDFNAME subject =~ /\w\.pdf\b/i describe PDFNAME pdf spam score PDFNAME 3.5 # blarson 2007-07-18 rawbody APPPDF /\bContent-Type\:\s+application\/pdf/i describe APPPDF pdf attachment score APPPDF 2 # blarson 2007-09-01 body NOVIR /^No virus found in this incoming message\./ describe NOVIR bogus no virus score NOVIR 1 # blarson 2008-08-09 header ANTIGEN subject=~/Antigen Notification/ describe ANTIGEN Antigen Notification score ANTIGEN 4