Aram Mirzadeh <[EMAIL PROTECTED]> writes: > I just got this base64 spam and it seems the base64 check doesn't catch > it, I have included the header info: [ with 2.41 or 2.43 ]=20 > [...] > X-Spam-Status: No, hits=0.8 required=4.5 > tests=INVALID_MSGID,MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET, > MIME_SUSPECT_NAME,MISSING_HEADERS,RELAYING_FRAME, > SPAM_PHRASE_00_01,SUBJECT_HAS_DATE > version=2.41
It's an email virus, not spam. SA intentionally does not try to filter out email viruses. Just the same, these rules (especially in the same message) are highly indicative of viruses: MICROSOFT_EXECUTABLE MIME_SUSPECT_NAME RELAYING_FRAME We use the first two rules to aid when manually removing viruses from our test corpuses. There are plenty of solutions for filtering viruses such as MIMEdefang, but I just use a procmail rule like this one. (There are better ways, but the simple way works fine for me because I never receive legitimate Windows executables via email.) ------- start of cut text -------------- :0 B * > 75000 * base64 * ^TVqQAAMAAAAEAAAA reject ------- end ---------------------------- Dan ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
