diff --git a/Changes b/Changes
index 97423880c..3cf620aeb 100644
--- a/Changes
+++ b/Changes
@@ -3012,3 +3012,5 @@ seen. gmtime warning still there
 - Fixed a bug regarding the new HOOKTYPE_PRE_LOCAL_JOIN reported by bla
 - Fixed a compile problem on Solaris due to tar not supporting the z option
 *** RC2fix release ***
+- spamfilter.conf: fixed fyle sig (was bad!), some minor updates to the rest,
+  added mirc 6.12 exploit sig. Reported by PHANTOm.
diff --git a/spamfilter.conf b/spamfilter.conf
index 047b4938e..34849826f 100644
--- a/spamfilter.conf
+++ b/spamfilter.conf
@@ -7,15 +7,28 @@
  * $Id$
  */
 
+/* Guidelines on the 'action' field:
+ * As a general rule we use 'action block' for any newly added
+ * spamfilters at first, later on (after knowing about false
+ * positives) we might change some to viruschan/kill/gline/etc..
+ */
+
 spamfilter {
-	regex ".* .* .* .* .* .* .* .* .* .* .* .* .* .*";
+	regex "(.+ ){20}";
 	target dcc;
-	reason "mIRC exploit attempt";
+	reason "mIRC 6.0-6.11 exploit attempt";
 	action kill;
 };
 
 spamfilter {
-	regex "Come watch me on my webcam and chat w/me";
+	regex ".{225}";
+	target dcc;
+	reason "mIRC 6.12 exploit attempt";
+	action block;
+};
+
+spamfilter {
+	regex "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
 	target private;
 	reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
 	action block;
@@ -91,7 +104,6 @@ spamfilter {
 	action block;
 };
 
-
 spamfilter {
 	regex "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
 	target { channel; private; };