On Tue, 13 Sep 2011, Jose Sanchez wrote:
Hello guys,
I would like to know how can I create a SA rule to search for a certain domain
inside a .txt attachment. Im getting spam emails with no text on the body and
.txt attachment only, the .txt attachment contains the spam email and I would
like to tag it as spam if the attachment contains a certain domain on it.
Is this possible? If it isnt do you have any suggestions for mitigating this
type of spam?
Thanks in advance!
I'm betting that your "txt attachment" is also MIME-typed in a way
to bypass SA, something like "Application/OCTET-STREAM"?
If it were properly MIME-typed as "Text/PLAIN" SA should automagically
decode it and place it in the text body to match normal rules.
These attachment-obfuscating spammers bork the MIME-typed to try
to prevent that and rely on the mail client's automagic guess-timation
decoding of the attachment as text due to the file's ending in ".txt"
So does anybody know of a way to get SA to treat these attachments
as text, inspite of the attachment-MIME-obfuscation?
It would be nice if Bayes, URIBL, etc tools could score their contents.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
