You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Swati Rananaware <sw...@solutionenterprises.co.in> on 2012/03/24 07:43:23 UTC
Want help to create a rule for filtering mails with empty message
body and attachments
I want to create a rule to flag a mail with empty message body and
attachment. I have read about the PDFInfo plugin but I am not allowed to
enable any kind of plugin on server. So creating a rule is must for me. I
have created some rules previously, but the problem is I am not able to
understand, how to check for empty message body? Because even if we have
sent a empty mail, mail contains
--f46d04479717af73f704bb6c327d
Content-Type: text/plain; charset=UTF-8
--f46d04479717af73f704bb6c327d
In that case, I am not able to find a way to filter a message with empty
body.
Please suggest something to sort out this problem.
Thanks in advance.
Re: Want help to create a rule for filtering mails with empty message
body and attachments
Posted by Michael Scheidell <mi...@secnap.com>.
> Sorry for bothering you guys.
> Found answer to my question:
>
Cool.. this should be part of the stock SA rules
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________
Re: Want help to create a rule for filtering mails with empty message
body and attachments
Posted by John Hardin <jh...@impsec.org>.
On Sat, 24 Mar 2012, RW wrote:
> On Sat, 24 Mar 2012 16:39:51 +0530
> Swati Rananaware wrote:
>
>> Sorry for bothering you guys.
>> Found answer to my question:
>>
>> body BODY_RULE_1 /[::blank::]/
>
> That will hit any body with a space or tab in it.
It's going to be rather hard to check for a blank body, as the Subject
header is treated as part of the body.
Perhaps (totally untested):
body __NONSUBJ_BODY /^(?!Subject:\s)/
meta EMPTY_BODY !__NONSUBJ_BODY
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Homeland Security: Specializing in Tactical Band-aids for Strategic
Problems. -- Eric K. in Bruce Schneier's blog
-----------------------------------------------------------------------
471 days since the first successful private orbital launch (SpaceX)
Re: Want help to create a rule for filtering mails with empty
message body and attachments
Posted by RW <rw...@googlemail.com>.
On Sat, 24 Mar 2012 16:39:51 +0530
Swati Rananaware wrote:
> Sorry for bothering you guys.
> Found answer to my question:
>
> body BODY_RULE_1 /[::blank::]/
That will hit any body with a space or tab in it.
Re: Want help to create a rule for filtering mails with empty message
body and attachments
Posted by Swati Rananaware <sw...@solutionenterprises.co.in>.
Sorry for bothering you guys.
Found answer to my question:
body BODY_RULE_1 /[::blank::]/
describe BODY_RULE_1 blank mail body
score BODY_RULE_1 1.0
mimeheader MIMEHEADER_RULE_01 Content-Type =~ /multipart\/mixed/i
describe MIMEHEADER_RULE_01 Attachments
score MIMEHEADER_RULE_01 0.5
meta META_RULE_1 BODY_RULE_1 && MIMEHEADER_RULE_01
describe META_RULE_1 Empty mail body with attachment
score META_RULE_1 1.5
Thanks,
-Swati
On Sat, Mar 24, 2012 at 12:13 PM, Swati Rananaware <
swati.rananaware@solutionenterprises.co.in> wrote:
> I want to create a rule to flag a mail with empty message body and
> attachment. I have read about the PDFInfo plugin but I am not allowed to
> enable any kind of plugin on server. So creating a rule is must for me. I
> have created some rules previously, but the problem is I am not able to
> understand, how to check for empty message body? Because even if we have
> sent a empty mail, mail contains
>
> --f46d04479717af73f704bb6c327d
> Content-Type: text/plain; charset=UTF-8
>
>
>
> --f46d04479717af73f704bb6c327d
>
> In that case, I am not able to find a way to filter a message with empty
> body.
> Please suggest something to sort out this problem.
>
> Thanks in advance.
>
>
>