Not with SA, but in proccmail, I use a canned recipe fetched off the net: In .procmailrc:
# # eliminate virus mail. # MYVIRUS=virus-trap INCLUDERC=/etc/mail/procmail/virussnag.rc In virussnag.rc is located here: http://www.spamless.us/pub/procmail/virussnag.rc Leading comments: ######################### Virus Snaggers, ver. 1.31 ########################## ##################### by Dallman Ross <[EMAIL PROTECTED]> ##################### #################### Copyright (c) 9/2003, by the author ##################### ########## MAY BE USED WITH ATTRIBUTION & INTACT COPYRIGHT NOTICE; ########### ##################### PLEASE COMMENT ANY CHANGES AS YOURS #################### ###################### NO WARRANTIES, EXPRESS OR IMPLIED ##################### ####################### Tech Support Available for Fee ####################### # Virus Snaggers is intended to be run under procmail -- www.procmail.org # Place this file in its entirety somewhere reasonable. Then run it from # your .procmailrc with a line like this (remove the leading comment char): # # INCLUDERC = /somewhere/reasonable/virussnag.rc # Caught mail is saved by default to a file called "VIRUS". You can run # as-is or pre-set $MYVIRUS to something other than the default. Or set # it to /dev/null if you're feeling macho. E.g., # # MYVIRUS = /dev/null # optional line in your .procmailrc to change default # INCLUDERC = /somewhere/reasonable/virussnag.rc # # Other options include saving only virus headers (see "$h" variable); # or declining filewrites from inside this file (see "$NONDEL") while # nonetheless allowing viruses to be flagged ("$VIR_A", "$VIR_B") for # custom handling later. See Variables Section for details. > From: Kang, Joseph S. > Sent: Friday, January 09, 2004 6:56 AM > > > We're being hit by MS security update emails. I know they're > > not spam, > > but rather more accurately described as virii or worms. > > > > However, I'm wondering if anyone has a good rule that will mark these? > > That's a good question. I got a few of those yesterday (day > before?), too. > I was freaking out trying to figure out how they got through until I > remembered that they were over the 256K size limit for e-mails > and bypassed > SA. :) ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
