From: Rich Shepard [mailto:[EMAIL PROTECTED]
>
> On Sun, 28 Jan 2007, John D. Hardin wrote:
>
> > Please don't ask SA to become an antivirus or attachment file type
> > security policy enforcement tool. There are already very effective tools
> > to do perform those tasks.
>
> We run only linux here, so I ignore Microsoft virii and the like. But,
> when I get an empty message with an attached .exe file I see it as another
> form of obfuscated spam.
>
> Empty message bodies aren't legitimate SA targets?
Yes, they are. But I see often legitimate messages like this. They are probably
used when sending something to somebody while having a voice conversation with
him/her. I did it, too.
If you could turn network tests on, you probably may at least reduce the number
of accepted viral e-mails: most of them come from infected dialup hosts and get
the score they deserve.
Anyway, this may work to you:
body EMPTY_BODY m'^[^\n]+\n\s*$'
describe EMPTY_BODY Message has subject but no body
score EMPTY_BODY 0.001
Your score mileage may vary... :)
giampaolo
>
> Rich
>
> --
> Richard B. Shepard, Ph.D. | The Environmental Permitting
> Applied Ecosystem Services, Inc. | Accelerator(TM)
> <http://www.appl-ecosys.com> Voice: 503-667-4517 Fax:
> 503-667-8863
