Craig R Hughes writes:
> Sounds like a nice rule. Is this an eval which reads mailcap? Or
> an apache-style mime.types file? Or just a simple rule where you're
> encoding the type<->extension rules? I think if the rule looked
> like:
>
> full MIME_SUSPECT eval:mime_suspect('/path/to/mime.types')
I looked at those MIME types that tended to be connected to unsolicited
email (spam and viruses) or generally frequent and hard-coded those
types. I also try to avoid opening additional files as much as
possible. :-)
The rules are also somewhat more lenient because MIME types don't seem
to be as uniform as they should be. Sometimes they have different names
and sometimes there's a "x-" or a "vnd." that I strip off.
Here's the current test:
# text, documents, and images
($name =~ /^html?$/ && $ctype ne "text/html") ||
($name =~ /^jpe?g$/ && $ctype ne "image/jpeg") ||
($name eq "pdf" && $ctype ne "application/pdf") ||
($name eq "gif" && $ctype ne "image/gif") ||
($name eq "txt" && $ctype ne "text/plain") ||
($name eq "vcf" && $ctype ne "text/vcard") ||
# application programs
($name =~ /^(?:bat|com|exe|pif|scr|swf|vbs)$/ && $ctype !~ m@^application/@)||
# microsoft formats
($name eq "doc" && $ctype !~ m@^application/.*word$@) ||
($name eq "ppt" && $ctype !~ m@^application/.*(powerpoint|ppt)$@) ||
($name eq "xls" && $ctype !~ m@^application/.*excel$@)
Here are all of the emails that correctly triggered the rule. All are
the application test. I think we should put the test into SA, but the
far more effective test is the MIME_MISSING_BOUNDARY one.
------- start of cut text --------------
Content-Type: audio/x-wav; name="CVS概况、管理制度和设置情况.doc.exe"
Content-Type: audio/x-wav; name="CVS概况、管理制度和设置情况.doc.exe"
Content-Type: audio/x-wav; name="功氢魂 救龋措(咯抚).jpg.exe"
Content-Type: audio/x-wav;
name="sample.exe"
Content-Type: audio/x-wav;
name="readme.exe"
Content-Type: audio/x-midi;
name=Network.bat
Content-Type: audio/x-midi;
name=Dd5.exe
Content-Type: audio/x-midi;
name=Miuie.bat
Content-Type: audio/x-wav;
name=Dwdc.exe
Content-Type: audio/x-midi;
name=ゅン.exe
Content-Type: audio/x-wav;
name=Nslp[23].scr
Content-Type: audio/x-midi;
name=in6.bat
------- end ----------------------------
Dan
_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
