Rob, I use procmail here and use a procmail recipe to tag the EXE
such files. It's easier there than in SpamAssassin. I use the
"nkvir" scripts to some good effect.
(Of course, Earthlink recently got "angry" with all the Sober nonsense
and turned on everybody's SpamBlocker. My first reaction was a
As I'm on a mac there's a lot of file types I don't care about so I just have
perl scripts that go thru the mail using MIME::Entity etc and remove them.
I based my code of some code Randall Schwartz wrote once to remove the annoying
WINMAIL.DAT attachments etc.
Quoting Rob Blomquist <[EMAIL PROTE
>-Original Message-
>From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
>Sent: Friday, September 10, 2004 2:30 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Catching Windows executables as attachments
>
>
>On Fri, Sep 10, 2004 at 03:48:17AM -0700, Loren Wilton wrote:
&
ng mime headers are to
> classify virui and worms. While that is the origin of this thread, I find
Since the subject of this thread is "Catching Windows executables as
attachments", yes, that's what I was talking about. :)
> Well, its trivial if your name is Theo or Justin or
> From: "Theo Van Dinter" <[EMAIL PROTECTED]>
>
> There's a few things here.
>
> First, the body-mime headers aren't typically visible to the user via MUA,
> so they're not included in the data that the standard rules run against.
Normal headers in their full glory also aren't typically visible to
On Thu, Sep 09, 2004 at 11:13:49AM -0500, ROY,RHETT G wrote:
> You could block them with your MTA (Postfix, Qmail etc).
In exim with exiscan-acl:
deny message = $found_extension files are not accepted here \n \
If you have questions please contact [EMAIL PROTECTED]
demime = com
You could block them with your MTA (Postfix, Qmail etc).
> -Original Message-
> From: Rob Blomquist [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 09, 2004 12:08 AM
> To: users@spamassassin.apache.org
> Subject: Catching Windows executables as attachments
>
At 09:33 AM 9.9.2004 -0400, Theo Van Dinter wrote:
>On Wed, Sep 08, 2004 at 10:49:09PM -0700, Loren Wilton wrote:
>> However, it has been removed from 3.0. And while I agree with removing
>> binary attachments before scanning in SA, I consider that removing the
>> mime-part header that contained t
On Wed, 8 Sep 2004 22:07:53 -0700, you wrote:
>I have currently tuned my SARE spam filters, and am humming right along, I get
>one or 2 uncaught spams a day which is no big deal. But I would like to catch
>the virus emails that have Win exe, scr, bat, and the like for attachments,
>but I can't
On Wed, Sep 08, 2004 at 10:49:09PM -0700, Loren Wilton wrote:
> However, it has been removed from 3.0. And while I agree with removing
> binary attachments before scanning in SA, I consider that removing the
> mime-part header that contained the type and name is a mistake. There have
> been any n
>-Original Message-
>From: Rob Blomquist [mailto:[EMAIL PROTECTED]
>Sent: Thursday, September 09, 2004 1:08 AM
>To: users@spamassassin.apache.org
>Subject: Catching Windows executables as attachments
>
>
>I have currently tuned my SARE spam filters, and am humm
> I have currently tuned my SARE spam filters, and am humming right
> along, I get
> one or 2 uncaught spams a day which is no big deal. But I would like
> to catch
> the virus emails that have Win exe, scr, bat, and the like for
> attachments,
> but I can't find a rule for them.
>
> Is there one?
Rob Blomquist wrote:
> I have currently tuned my SARE spam filters, and am humming right
> along, I get one or 2 uncaught spams a day which is no big deal. But
> I would like to catch the virus emails that have Win exe, scr, bat,
> and the like for attachments, but I can't find a rule for them.
To: [EMAIL PROTECTED]
Subject: Re: Catching Windows executables as attachments
Use something like mimedefang. It blocks attachments you don't want and
will run clamav, SA etc on incoming mail.
Chris
On Thu, 2004-09-09 at 06:49, Loren Wilton wrote:
> > But I would like to catch
> > the
From: "Christof Damian" <[EMAIL PROTECTED]>
> > On Thu, 2004-09-09 at 06:49, Loren Wilton wrote:
> > > In 2.63 there is the MICROSOFT_EXECUTABLE check that triggers on a
> > > number (but by no means all) viruses, and can be useful for
> > > various things. However, it has been removed from 3.0.
> On Thu, 2004-09-09 at 06:49, Loren Wilton wrote:
> > In 2.63 there is the MICROSOFT_EXECUTABLE check that triggers on a
> > number (but by no means all) viruses, and can be useful for
> > various things. However, it has been removed from 3.0.
That is a shame, I use that at the moment to score+2
Use something like mimedefang. It blocks attachments you don't want and
will run clamav, SA etc on incoming mail.
Chris
On Thu, 2004-09-09 at 06:49, Loren Wilton wrote:
> > But I would like to catch
> > the virus emails that have Win exe, scr, bat, and the like for
> attachments,
> > but I can't
> But I would like to catch
> the virus emails that have Win exe, scr, bat, and the like for
attachments,
> but I can't find a rule for them.
>
> Is there one? How can I catch them otherwise?
Sadly there really isn't one. People will tell you to simply use a more
appropriate tool for virus catchi
I have currently tuned my SARE spam filters, and am humming right along, I get
one or 2 uncaught spams a day which is no big deal. But I would like to catch
the virus emails that have Win exe, scr, bat, and the like for attachments,
but I can't find a rule for them.
Is there one? How can I cat
19 matches
Mail list logo
