On 31/03/11 19:07, Michael Scheidell wrote:
On 3/31/11 1:46 PM, Adam Katz wrote:
On 03/31/2011 08:59 AM, Michael Scheidell wrote:
What rules? Running `grep -Pri '\b\w?ups' rules*` ('\w?' allows for
matching '\bups') hits only one related rule, DOS_FAKE_UPS_TRACK_NUM,
which is still in testing (and keys on the word 'UPS' in the subject,
an, mine.
suggest meta rule to look for __SHIPPER && __STUPID_ATTACHMENT
__ header rule: @(ups|fedex|dhl)\.com
meta header to look for an attachment of .zip|rar|exe|
no way ups should be emailing you an exe...
I'd go a step further and say no way you should be accepting executables
at the smtp level, so no reason to be passing them to SA for scanning in
the first place. These should be rejected or quarantined elsewhere in
the mail chain.
