search for: anything_different_of_line_break

...le of rule with regular expressions: <rule> ip dst(email) tcp dst(25) tcp regex(filename="[^\n]+\.scr") message=(mailvirus-1-re) .scr attach action=virus </rule> In short, all TCP traffic destined to port 25 of the e-mail server will be filtered. If the text: filename="anything_different_of_line_breaks.scr" is found inside the packet, that means there are an attachment .scr in the e-mail (virus). So this packet will suffer the action named 'virus'. This action logs the event, dumps the malicious traffic in tcpdump format and drops the packet. Below is an example of rule against a t...