> However, I was unable to match the filename in the MIME header, even with a "full" rule. According to Matt Kettler: > > full - entire message, with all headers, all mime segments, > > and no decoding. Just raw, as it was on the wire.
What version are you using? 2.6x pulled attachments out of 'full' before
the rules could see it. This changed in 3.0.
Loren
