Largely "stolen" from one I'd read on the 'net somewhere, but this works
well and has blocked tons of virii:

/^(Content-(Type|Disposition):.*|[[:space:]]*(file)?)name=("[^"]*|[^[:space:]]*)\.(exe|s(ys|cr|hm)|pif|bat|lnk|vb[es]|jse?|hta|cmd|vxd)[[:>:]]/
  REJECT This message appears to contain an executable attachment which may be a virus 
or trojan.  Please remove it and re-send.

Use it in your header_checks.

Note that I do not include "*.com" attachments in the list, because Netscape
for a time had the annoying feature of allowing someone to forward a web
page and it would name the attachment after the url.  So if someone sent
you the "yahoo.com" web page.. bam, this got triggered.  So ideally you
want to have some other mechanisms (virus scanners, smart users, etc.) in
place as well.

HTH.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to