W32.Sober… spamassassin?

Okay seems like new variants of Sober are really hitting the mail servers badly. The problem is that, while they don’t really do anything to non-Windows users as a virus, they are a great bore for everyone. I receive daily ten or more Sober.* mails (and I just kill the Paris Hilton thing using maildrop), and some of them is able to get around SpamAssassin’s detection.

Last time I had something like this was with Sober.P, and Dirk’s rule did his job right that time.

Update: I was able to get it working, don’t ask me what I did wrong before, the code for the rule follows

header __SOBER_P_MSGID Message-ID =~ /<[0-9a-f.]{15,22}@/
header __SOBER_P_CTYPE Content-Type =~ /text/plain.*charset=“us-ascii“/
header __SOBER_P_PRIO X-Priority =~ /^3 /
header __SOBER_P_IMP Importance =~ /^Normal/

score SOBER_P_SPAM 18.0
describe SOBER_P_SPAM Rassistische Mail Sober-P

header __SOBER_OTH_CTYPE Content-Type =~ /multipart/mixed.*boundary=“=+[0-9a-f.]+“$/

describe SOBER_OTH_VIRUS Some W32-Sober virus

Thanks slarti for helping me on #gentoo-dev 🙂
Finally, no more Sobers! 😀