[BlueOnyx:14172] Re: Solarspeed AV-SPAM V5
Colin Jack
colin at mainline.co.uk
Mon Dec 30 16:07:00 -05 2013
Hi Michael,
>
>One way to deal with this is to have SpamAssassin prevent emails with
>ZIP or EXE attachments passing through.
>
>This is a bit drastic, but if you have users who use HTML emails and who
>blindly open any attachment without thinking first, then this might be
>the way to go.
>
>Here is some code that I am using. Just create the file
>/etc/mail/spamassassin/attachments.cf and paste this into it:
>
>#-----------------------------------------------------
>loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
>
>mimeheader ZIP_ATTACHED Content-Type =~ /zip/i
>describe ZIP_ATTACHED email contains a zip file attachment
>score ZIP_ATTACHED 7.5
>
>mimeheader EXE_ATTACHED Content-Type =~ /exe/i
>describe EXE_ATTACHED email contains a zip file attachment
>score EXE_ATTACHED 7.5
>
>uri DANGEROUS_URL /\.(exe|zip|scr|pif|php|cmd|bat|vbs|wsh)$/i
>describe DANGEROUS_URL URL contains executable content
>score DANGEROUS_URL 7.5
>#-----------------------------------------------------
>
I have put this in with a score of 17.5 but the zip & exe files are still
coming through.
Any thoughts?
Regards
Colin
More information about the Blueonyx
mailing list