> The title is actually in the body, not the header. (Possibly > you need the "rawbody" directive. I'm not sure) For SA, your > first recipe is enough to score any email for Sobig.E.
Oh, that was just for testing - I'm pretty sure I tried BODY and RAWBODY - neither were caught, but I'll try again to be sure. I'm sure I've tried catching specific attachments before and failed. > I think it is a mistake to try to identify viruses with > Spamassassin, both because it is inefficient and because > viruses often have very large binary attachments which can > cause SA to crash with an out of memory error, and let the > attachment through in any case. For example, Sobig.E. is > about 115k. It's much better to pre-filter for potential > viruses & attachments before the email gets to SA, either > with procmail or another filtering program. Well followed the tutorial for doing a sitewide MTA using postfix, Amavisd, and Spamassassin - so all the usual .scr, .exe etc files are blocked from even being accepted - but since Sobig was in a Zip, it makes it through. My exchange server has the nightly-updated antivirus so they do get cleaned, I just wanted to eliminate the entire message from cluttering my mailboxes. If anyone has a quick idea, feel free to email off-list if it's not considered on-topic. Thanks, Geoff ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
