Hi,
I'm having a problem with emails with short body text and a link to
malware that automatically downloads when the link is clicked. What's
the difference between the short body tests, besides the actual
character lengths:
72_active.cf
body __KAM_BODY_LENGTH_LT_128 eval:check_body_length('128')
describe __KAM_BODY_LENGTH_LT_128 The length of the body
of the email is less than 128 bytes.
KAM.cf
meta __BODY_LE_200 (__RB_LE_200 == 1) && !__RB_GT_200
rawbody __RB_LE_200 /^.{2,200}$/s
tflags __RB_LE_200 multiple maxhits=2
Here's one such example, if you're interested. The link is actually still valid.
https://pastebin.com/innRFvZt
It hit bayes00 and not many other rules. This one, or ones like it,
were hitting ANY_BOUNCE_MESSAGE (and FROM_NO_USER) in some variations
because the From field was either empty or missing entirely.
