You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Dave Hennessey <da...@usitc.gov> on 2004/02/27 21:32:02 UTC

Blocking File Attachments

I wanted to write a rule to block emails with certain file attachments like 
PIF, SCR, EXE...  Kind of a poor man's AVS. 

But I couldn't figure out how to do it.  Seems like the rawbody tests exclude 
the Mime headers from regexp pattern matching.  

SOOO I hacked EvalTests.pm and made it work.  May not be elegant, and there's 
probably a simpler solution - BUT it does work.  Here's what I did:

1) sub _check_mime_header {
At the very bottom, add:

  if ($name && $ctype eq "application/octet-stream") {
    # MIME_BAD_FILE_ATTACH triggered here
    $name =~ s/.*\.//;
    if (
        ($name eq "pif") ||
        ($name eq "scr") ||
        ($name eq "bat") ||
        ($name eq "com") ||
        ($name eq "exe")
        )

    {
       $self->{mime_bad_file_attach} = 1;
    }
  }


2) sub _check_attachments {
In the #results area, add near things like it

  $self->{mime_bad_file_attach} = 0;


3) In one of your rules, add:

rawbody MIME_BAD_FILE_ATTACH    eval:check_for_mime('mime_bad_file_attach')
describe MIME_BAD_FILE_ATTACH   PIF/SCR/BAT/COM/EXE file attached
score MIME_BAD_FILE_ATTACH      200.00

P.S. 
We run SA under milter-spamd on our incoming relay.  
If you run sendmail, check out Anthony Howe's wonderful milter-ware at
http://www.snert.com/Software/index.html