On 09/02/2016 10:59 PM, Robert Boyl wrote:
Hi, guys
Recently I saw this.
http://jrs-s.net/2013/06/14/block-common-trojans-in-spamassassin/
My idea was to create a rule in the way mentioned in this site, such as,
for example, certain attachment file type (such as HTML or ZIP) and a
certain subject, score the message.
The rule works. But I found that it causes false positives for emails that
have HTML in the body and not necessarily attached (internally, I guess its
the same, right?).
Example
--_000_2C3280CB5B1A584F8E4B3E0E263D843251617ACAMBXTB921Cvcarem_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
This the system detects in the mimeheader content type = html rule as an
HTML attachment...
Is there a way to check only really file types that are attached explicitly
to the email using Spamassassin and the mimeheader plugin?
take a look at the Content-Disposition mime headers
