You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by dhanushka ranasinghe <pa...@gmail.com> on 2012/04/16 15:12:54 UTC
spamassassin with attachment
Hi guys,
Is there any way to scan mail attachment extension with spamassassin
.(exe files... etc)
and is it possible to scan attachment name using spamassassin
Thank You
Dhanushka
Re: spamassassin with attachment
Posted by John Hardin <jh...@impsec.org>.
On Mon, 16 Apr 2012, dhanushka ranasinghe wrote:
> Is there any way to scan mail attachment extension with spamassassin
> .(exe files... etc)
It would be difficult, there are better tools available to scan attachment
content (e.g. ClamAV).
> and is it possible to scan attachment name using spamassassin
Yes. There is a MIME header plugin that will allow you to write rules for
attachment filenames. There are some attachment filename rules in my
sandbox.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Ten-millimeter explosive-tip caseless, standard light armor
piercing rounds. Why?
-----------------------------------------------------------------------
3 days until the 237th anniversary of The Shot Heard 'Round The World
Re: spamassassin with attachment
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 4/16/2012 9:12 AM, dhanushka ranasinghe wrote:
> Hi guys,
>
> Is there any way to scan mail attachment extension with spamassassin
> .(exe files... etc)
>
> and is it possible to scan attachment name using spamassassin
>
Likely, yes, but you might find better results using MIMEDefang if you
know perl because with it and MIME::Tools, you can do a LOT of extension
logic.
Regards,
KAM
Re: spamassassin with attachment
Posted by Henrik K <he...@hege.li>.
On Mon, Apr 16, 2012 at 10:05:57AM -0400, Kevin A. McGrail wrote:
>
>
> On 4/16/2012 9:58 AM, dhanushka ranasinghe wrote:
> >Hi...
> >
> >we are running spamassassin+exim, but seems like MIMEDefang have
> >issue integrating to exim..., do you know any doc or guide to follow.
> >i searched the google a more than week but couldn't find out way to
> >do attachement name scan using spamassassin ( Can you guys point me to
> >the right direction)
> I believe MD can work with Postfix and Sendmail. I do not know if it
> can work with exim.
>
> For attachment name scans, it's going to be likely raw rules which
> are going to be fairly slow but perhaps someone else here knows a
> better way.
>
> I, for better or worse, use MD to deal with attachment issues and SA
> is likely not really the right avenue. There is likely a solution
> but as I haven't needed one, I have forgotten if one exists.
You are forgetting that SA pretty much does all the same MIME::Parsing than
MD. ;-)
Simplified rule..
mimeheader ATTACHMENT_EXE Content-Disposition =~ /\.exe[";]/i
Re: spamassassin with attachment
Posted by "David F. Skoll" <df...@roaringpenguin.com>.
On Mon, 16 Apr 2012 10:05:57 -0400
"Kevin A. McGrail" <KM...@PCCC.com> wrote:
> I believe MD can work with Postfix and Sendmail. I do not know if it
> can work with exim.
It can't. It's a milter, and AFAIK only Postfix and Sendmail implement
the milter interface.
Regards,
David.
Re: spamassassin with attachment
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 4/16/2012 9:58 AM, dhanushka ranasinghe wrote:
> Hi...
>
> we are running spamassassin+exim, but seems like MIMEDefang have
> issue integrating to exim..., do you know any doc or guide to follow.
> i searched the google a more than week but couldn't find out way to
> do attachement name scan using spamassassin ( Can you guys point me to
> the right direction)
I believe MD can work with Postfix and Sendmail. I do not know if it can
work with exim.
For attachment name scans, it's going to be likely raw rules which are
going to be fairly slow but perhaps someone else here knows a better way.
I, for better or worse, use MD to deal with attachment issues and SA is
likely not really the right avenue. There is likely a solution but as I
haven't needed one, I have forgotten if one exists.
Regards,
KAM