On Mon, 14 Aug 2006 [EMAIL PROTECTED] wrote: > I don't understand your point.
Spamassassin is a tool to determine the spamminess of a message, not to check whether attachments to that message pose security risks. > I run a Mac. I don't care for _any_ .exes period. Fine. Your site email policy, then, is "no emails with executable attachments will be accepted". This is the default policy of the sanitizer. Take a look at the link. > therefore I'm loading the antivirus plugin in order to make use of > check_microsoft_executable rule. However that rule doesn't fire > if the attacker is disguising the .exe with a non sensical content type > primarily because the code currently assumes it wouldn't happen. That's a very heavyweight solution to "I don't want any .exes at all". > Q. Why do you keep talking about Spam Assassin not being an anti > virus tool... I never said it was I'm simply enabling the plugin > to get the rule to fire. I follow the UNIX philosophy: write a small tool that does one job and does it extremely well, and chain it with other similar tools. Adding antivirus and other security-related processing to SA dilutes its effectiveness and distracts the developers from making it the best anti-bulk-unsolicited-email tool around. I'd rather have SA be the best antispam tool available anywhere than a swiss army knife that does many things and none of them well. > Quoting "John D. Hardin" <[EMAIL PROTECTED]>: > > > SA is not an antivirus tool, and an attached executable is not spam, > > it is a security attack. > > > > If you're not willing to run a traditional virus scanner, may I > > suggest this as an alternative for attachment policy enforcement: > > > > http://www.impsec.org/email-tools/procmail-security.html -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Windows and its users got mentioned at home today, after my wife the psych major brought up Seligman's theory of "learned helplessness." -- Dan Birchall in a.s.r -----------------------------------------------------------------------
