Jim wrote:
On Sat, Sep 20, 2003 at 09:30:27AM -0400, Steven W. Orr wrote:

So what I was asking for was a rule to add to my local.cf which would recognize the fact that the remaining elements of the virus that're getting through contain a MIME attachment of type Application/X-MSDOWNLOAD and the filename that is attached has an extension of type .exe


That is not what you were asking about.  Try reading your own posts, and see.
You just keep moaning that you want to "block" it with SA, and everyone here
has to keep explaining to newbies over and over again that SA doesn't "block"
anything.  So, if that is not _exactly_ what you are trying to do, then you
should explain yourself better next time around.

But the spamass-milter for sendmail DOES let you block e-mail if the SA score is high enough. Steven may not have been entirely clear about that, but that doesn't negate the fact that it IS in fact possible to block with SA. They key in this particular case is to figure out a custom SA rule that will identify these worms without generating false positives. Then you just set the score for that rule high enough and spamass-milter will tell sendmail to reject the e-mail.


-Bruce




------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to