Dr Robert Young wrote:
We had a very short spam come in (actually it had a virus attachment
named "updated-password.zip"). There is not much to grab onto
Content analysis details: (1.5 points, 5.0 required)
____
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 NO_REAL_NAME From: does not include a real name
0.2 HTML_20_30 BODY: Message is 20% to 30% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME
parts
1.1 PRIORITY_NO_NAME Message has priority, but no X-Mailer/
User-Agent
0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no
X-MimeOLE
so I wonder if one can use a rule to look for the name of the
attachment in the header/body of the email to ID this (see below).
Any thoughts on how to approach? Using SA 3.0.4 with Razor2 installed.
How about running a virus scanner like clamav ?
Regards,
Rick
