You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Sharma, Ashish" <as...@hp.com> on 2010/06/10 15:37:05 UTC
Scanning attachments with spamassassin
Hi,
I am a newbie in this.
I have configured spamassassin for my postfix server invoked via amavisd. (I used the link: http://wiki.centos.org/HowTos/Amavisd)
Here my question is:
Since by default spamassassin and it's default plugins do not check email attachments for spam, are there custom plugins available for scanning attachments for spam?
Do I really need email attachment scanning for anti spam solution to work?
Thanks
Ashish Sharma
RE: Scanning attachments with spamassassin
Posted by "Sharma, Ashish" <as...@hp.com>.
Frank,
So if I am correct, the body rules are applied once all the email is demimed and if the demimed content is in text that the rule can lock on then the rule hits.
Moreover since I am writing custom rules for spamassassin can you point me to good references where I can understand how spamassassin works.
Thanks
Ashish Sharma
-----Original Message-----
From: Frank Heydlauf [mailto:fh-sa2004@lf.net]
Sent: Friday, June 11, 2010 1:02 PM
To: Sharma, Ashish
Cc: users@spamassassin.apache.org
Subject: Re: Scanning attachments with spamassassin
Hi,
On Thu, Jun 10, 2010 at 03:16:02PM +0000, Sharma, Ashish wrote:
> Can you tell me what all kind of attachment scanning spamassassin does.
sorry, not in detail - but you're free to read the code yourself
> Can you point me to some good reference that can give me a good idea about attachment scanning et all.
Just as an example: 80_additional.cf
rawbody __TVD_BODY /\S{4}/
...
TVD_PDF_FINGER01
in general: search for rawbody or Content-Type in the ruleset.
This may be not what you expected. The attachments (more precise:
mime-parts) are demimed but (by default) not unzipped, doc2text
converted, ocr-read or whatever else could be done with attachments.
You can do such things with additional modules if you really need
(i.e. FuzzyOcrPlugin).
--
Regards Frank
Re: Scanning attachments with spamassassin
Posted by Frank Heydlauf <fh...@lf.net>.
Hi,
On Thu, Jun 10, 2010 at 03:16:02PM +0000, Sharma, Ashish wrote:
> Can you tell me what all kind of attachment scanning spamassassin does.
sorry, not in detail - but you're free to read the code yourself
> Can you point me to some good reference that can give me a good idea about attachment scanning et all.
Just as an example: 80_additional.cf
rawbody __TVD_BODY /\S{4}/
...
TVD_PDF_FINGER01
in general: search for rawbody or Content-Type in the ruleset.
This may be not what you expected. The attachments (more precise:
mime-parts) are demimed but (by default) not unzipped, doc2text
converted, ocr-read or whatever else could be done with attachments.
You can do such things with additional modules if you really need
(i.e. FuzzyOcrPlugin).
--
Regards Frank
RE: Scanning attachments with spamassassin
Posted by "Sharma, Ashish" <as...@hp.com>.
Frank,
Thanks for the reply.
Can you tell me what all kind of attachment scanning spamassassin does.
Can you point me to some good reference that can give me a good idea about attachment scanning et all.
Thanks
Ashish Sharma
-----Original Message-----
From: Frank Heydlauf [mailto:fh-sa2004@lf.net]
Sent: Thursday, June 10, 2010 8:22 PM
To: users@spamassassin.apache.org
Subject: Re: Scanning attachments with spamassassin
Hi,
On Thu, Jun 10, 2010 at 01:37:05PM +0000, Sharma, Ashish wrote:
>
> Since by default spamassassin and it's default plugins do not check email attachments for spam, are there custom plugins available for scanning attachments for spam?
why do you think so?
> Do I really need email attachment scanning for anti spam solution to work?
I do. Some/many spams come with html attachment (multipart message)
and SA out of the box scans them by default.
Just send yourself an EICAR as attachment to test
your setup.
--
Regards, Frank
Re: Scanning attachments with spamassassin
Posted by Frank Heydlauf <fh...@lf.net>.
Hi,
On Thu, Jun 10, 2010 at 01:37:05PM +0000, Sharma, Ashish wrote:
>
> Since by default spamassassin and it's default plugins do not check email attachments for spam, are there custom plugins available for scanning attachments for spam?
why do you think so?
> Do I really need email attachment scanning for anti spam solution to work?
I do. Some/many spams come with html attachment (multipart message)
and SA out of the box scans them by default.
Just send yourself an EICAR as attachment to test
your setup.
--
Regards, Frank
RE: Scanning attachments with spamassassin
Posted by "Sharma, Ashish" <as...@hp.com>.
Martin,
Thanks for the advice but I am already doing what you have suggested.
Thanks
Ashish Sharma
-----Original Message-----
From: Martin Gregorie [mailto:martin@gregorie.org]
Sent: Thursday, June 10, 2010 7:20 PM
To: Sharma, Ashish
Subject: Re: Scanning attachments with spamassassin
On Thu, 2010-06-10 at 13:37 +0000, Sharma, Ashish wrote:
> Hi,
>
> I am a newbie in this.
>
> I have configured spamassassin for my postfix server invoked via amavisd. (I used the link: http://wiki.centos.org/HowTos/Amavisd)
>
> Here my question is:
>
> Since by default spamassassin and it's default plugins do not check email attachments for spam, are there custom plugins available for scanning attachments for spam?
>
> Do I really need email attachment scanning for anti spam solution to work?
>
Add the Clamav anti-virus scanner to your system. You can configure
Amavis to run it alongside SA.
Martin