Ted Mittelstaedt-2 wrote: > > > > On 7/20/2010 10:46 PM, Gnanam wrote: >> >> >> Ted Mittelstaedt-2 wrote: >>> >>> Generally, no. SA skips messages that are larger than a size that you >>> set in the config file. Most attachments are larger than that size. >>> Obviously if you have a really small attachment then it will scan it. >> >> Thanks for that update. >> >> Assuming my use case need to do test/scan on attachments as well, thereby >> I >> set a large size in the config file, say 5 MB for example. I also >> understand that it will take few more seconds to test/scan. >> >> How does SA scan binary attachments like .doc, .docx, .rtf, .xls, .zip, >> etc. >> in that case? >> > > It doesn't. At least, not like what you are thinking. > > As you know an encoded attachment is a series of lines like: > > XXHUBKJVHLSJFWSJNDL:SANFKJHSBFSLJRWKSBF > DSKJNBFSHNF:LSJFLKSNFLKJSBFLK:SNFLKSNFS > FJSHBFLKSHNFLKNSFL:SF:LSNFLKSNFLK:SNFL: > KFSLKHFDSHNFKDNFLDKNFLKDNFLKJHDBIAVFBUB > > SA scans that. Of course, there is nothing there that matches > anything. > > Your thinking SA works like for example clamav. clamav takes the > attachments, mimedecodes them, then unzips them (or unrars them > or whatever) then scans the decoded, extracted, result. SA does not > do this. > > This is why spammers tried hiding spams in graphic images. (URLs > and such) Of course, since it was a URL in a graphic image there > wasn't anything for the dumb users to click on that would send them > off to some compromised website. So even the stupidest spammers > finally figured out that that trick, while bypassing SA, also > made the spams equally unusable to the victims they were trying > to nail. >
Well in that case, I revoke my adoption regarding the mime types ;) But what's the meaning of scanning attachments then at all? Daniel -- View this message in context: http://old.nabble.com/Does-SpamAssassin-perform-tests-scans-on-attachments--tp29222058p29222545.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
