You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rick Gutierrez <xs...@gmail.com> on 2018/12/17 19:18:12 UTC
rule for docx o xlsx
Hi list , happy holidays to all, I am trying to make this rule work
that a friend wrote in github, to be able to give a high score to
documents sent from different countries, like pakistan, china or india
, I have it in my spamassassin and I do not see it working, to see if
someone on the list helps me improve it
RuleWordORExcel.cf
mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i
header __RELAYCOUNTRY_SPAMMY
X-Relay-Countries=~/^(RU|CN|AR|AE|CG|FR|IR|KI|PK|AU|BS|BE|BO|BT|AI|AO|BR|KH|CL|CO|CK|CU|DM|EC|US)/i
meta WORDEXCEL_SPAMMYCOUNTRY __MIME_WORDOREXCEL && __RELAYCOUNTRY_SPAMMY
describe WORDEXCEL_SPAMMYCOUNTRY Spammy country and word/excel file
score WORDEXCEL_SPAMMYCOUNTRY 2.0
meta OLEMACRO_SPAMMYCOUNTRY OLEMACRO && __RELAYCOUNTRY_SPAMMY
describe OLEMACRO_SPAMMYCOUNTRY Spammy country and Office doc with Macro
score OLEMACRO_SPAMMYCOUNTRY 2.0
This is a test from gmail, sending a word file to an account.
https://pastebin.com/bmRq7v7h
regards
--
rickygm
http://gnuforever.homelinux.com
Re: rule for docx o xlsx
Posted by Benny Pedersen <me...@junc.eu>.
Rick Gutierrez skrev den 2018-12-19 18:44:
> Hi Benny, I am not an expert in amavisd, but I have installed a few
> and in the official documentation you can block this type of files or
> extension, but I would do it general and not on a certain pattern.
i repeat, spamassassin cant test things in deep file content scanning,
we loose
one way to solve is:
configure clamav-milter to accept all virus detected in clamav
make spamas-milter reject pattern for macro virus detected in clamav
and still reject virus in spamas-milter
or make a bug report to clamav-milter for more policy accept quarantine
reject rules
by adding more 3dr party clamav signatures one dont need spamassassin
:=)
the above is only possible if clamav multer is done before spamas-milter
if other tools is used it require more work to make work
Re: rule for docx o xlsx
Posted by Rick Gutierrez <xs...@gmail.com>.
El lun., 17 dic. 2018 a las 14:22, Benny Pedersen (<me...@junc.eu>) escribió:
>
> why not block it with default clamav installs ?
>
> spamassassin is not a virus scanner or macro detector, i still have not
> seen rules in mimedefang or amavisd, or canit, and other tools support
> deep content scanners in spamassassin
>
> just my one €
Hi Benny, I am not an expert in amavisd, but I have installed a few
and in the official documentation you can block this type of files or
extension, but I would do it general and not on a certain pattern.
--
rickygm
http://gnuforever.homelinux.com
Re: rule for docx o xlsx
Posted by Benny Pedersen <me...@junc.eu>.
Rick Gutierrez skrev den 2018-12-17 20:18:
> https://pastebin.com/bmRq7v7h
why not block it with default clamav installs ?
spamassassin is not a virus scanner or macro detector, i still have not
seen rules in mimedefang or amavisd, or canit, and other tools support
deep content scanners in spamassassin
just my one €
Re: rule for docx o xlsx
Posted by Rick Gutierrez <xs...@gmail.com>.
El lun., 17 dic. 2018 a las 13:40, RW (<rw...@googlemail.com>) escribió:
>
> Content-Type:
> application/vnd.openxmlformats-officedocument.wordprocessingml.document,
>
> doesn't contain msword|excel
Hi RW , you suggest me to make the modification?
--
rickygm
http://gnuforever.homelinux.com
Re: rule for docx o xlsx
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 17 Dec 2018, RW wrote:
> On Mon, 17 Dec 2018 13:18:12 -0600
> Rick Gutierrez wrote:
>
>> Hi list , happy holidays to all, I am trying to make this rule work
>> that a friend wrote in github, to be able to give a high score to
>> documents sent from different countries, like pakistan, china or india
>> , I have it in my spamassassin and I do not see it working, to see if
>> someone on the list helps me improve it
>>
>> RuleWordORExcel.cf
>>
>> mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i
> ...
>> https://pastebin.com/bmRq7v7h
>
>
>
> Content-Type:
> application/vnd.openxmlformats-officedocument.wordprocessingml.document,
>
> doesn't contain msword|excel
Not to mention that rule doesn't match "Application/OCTET-STREAM"
All too often I see mail clients use the catch-all MimeTyping of
"Application/OCTET-STREAM' and assume the recipient will 'do the right thing'
based on the file extension.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: rule for docx o xlsx
Posted by RW <rw...@googlemail.com>.
On Mon, 17 Dec 2018 13:18:12 -0600
Rick Gutierrez wrote:
> Hi list , happy holidays to all, I am trying to make this rule work
> that a friend wrote in github, to be able to give a high score to
> documents sent from different countries, like pakistan, china or india
> , I have it in my spamassassin and I do not see it working, to see if
> someone on the list helps me improve it
>
> RuleWordORExcel.cf
>
> mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i
...
> https://pastebin.com/bmRq7v7h
Content-Type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document,
doesn't contain msword|excel