Quoting Justin Mason :

>
> Jack Pepper writes:
>> I guess I don't need those rules. I see now that INVALID_MSGID was
>> already catching them.
>>
>> apologies for the noise on the list.

>


I found my problem in the faq. I was missing the "m" on the end ogf
the regex:

score BOBAX_GEN_SPAM 1.800
header BOBAX_GEN_SPAM ALL =~ /^Message-Id:.*EJXVWDA/m
describe BOBAX_GEN_SPAM Has Bobax Generated Message-Id

getting hits on it now. nice.




--
Framework? I don't need no steenking framework!

----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com