Okay seems like new variants of Sober are really hitting the mail servers badly. The problem is that, while they don’t really do anything to non-Windows users as a virus, they are a great bore for everyone. I receive daily ten or more Sober.* mails (and I just kill the Paris Hilton thing using maildrop), and some of them is able to get around SpamAssassin’s detection.
Last time I had something like this was with Sober.P, and Dirk’s rule did his job right that time.
Update: I was able to get it working, don’t ask me what I did wrong before, the code for the rule follows
header __SOBER_P_MSGID Message-ID =~ /<[0-9a-f.]{15,22}@/
header __SOBER_P_CTYPE Content-Type =~ /text/plain.*charset=“us-ascii“/
header __SOBER_P_PRIO X-Priority =~ /^3 /
header __SOBER_P_IMP Importance =~ /^Normal/
meta SOBER_P_SPAM (__SOBER_P_MSGID && __SOBER_P_CTYPE && __SOBER_P_PRIO && __SOBER_P_IMP )
score SOBER_P_SPAM 18.0
describe SOBER_P_SPAM Rassistische Mail Sober-P
header __SOBER_OTH_CTYPE Content-Type =~ /multipart/mixed.*boundary=“=+[0-9a-f.]+“$/
meta SOBER_OTH_VIRUS (__SOBER_P_MSGID && __SOBER_OTH_CTYPE && __SOBER_P_PRIO && __SOBER_P_IMP )
score SOBER_OTH_VIRUS 6.0
describe SOBER_OTH_VIRUS Some W32-Sober virus
Thanks slarti for helping me on #gentoo-dev 🙂
Finally, no more Sobers! 😀
