Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

spamassassin with attachment

 

 

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


parakrama1282 at gmail

Apr 16, 2012, 6:12 AM

Post #1 of 6 (645 views)
Permalink
spamassassin with attachment

Hi guys,

Is there any way to scan mail attachment extension with spamassassin
.(exe files... etc)

and is it possible to scan attachment name using spamassassin


Thank You
Dhanushka


KMcGrail at PCCC

Apr 16, 2012, 7:01 AM

Post #2 of 6 (604 views)
Permalink
Re: spamassassin with attachment [In reply to]

On 4/16/2012 9:12 AM, dhanushka ranasinghe wrote:
> Hi guys,
>
> Is there any way to scan mail attachment extension with spamassassin
> .(exe files... etc)
>
> and is it possible to scan attachment name using spamassassin
>
Likely, yes, but you might find better results using MIMEDefang if you
know perl because with it and MIME::Tools, you can do a LOT of extension
logic.

Regards,
KAM


KMcGrail at PCCC

Apr 16, 2012, 7:05 AM

Post #3 of 6 (606 views)
Permalink
Re: spamassassin with attachment [In reply to]

On 4/16/2012 9:58 AM, dhanushka ranasinghe wrote:
> Hi...
>
> we are running spamassassin+exim, but seems like MIMEDefang have
> issue integrating to exim..., do you know any doc or guide to follow.
> i searched the google a more than week but couldn't find out way to
> do attachement name scan using spamassassin ( Can you guys point me to
> the right direction)
I believe MD can work with Postfix and Sendmail. I do not know if it can
work with exim.

For attachment name scans, it's going to be likely raw rules which are
going to be fairly slow but perhaps someone else here knows a better way.

I, for better or worse, use MD to deal with attachment issues and SA is
likely not really the right avenue. There is likely a solution but as I
haven't needed one, I have forgotten if one exists.

Regards,
KAM


dfs at roaringpenguin

Apr 16, 2012, 7:13 AM

Post #4 of 6 (604 views)
Permalink
Re: spamassassin with attachment [In reply to]

On Mon, 16 Apr 2012 10:05:57 -0400
"Kevin A. McGrail" <KMcGrail [at] PCCC> wrote:

> I believe MD can work with Postfix and Sendmail. I do not know if it
> can work with exim.

It can't. It's a milter, and AFAIK only Postfix and Sendmail implement
the milter interface.

Regards,

David.


jhardin at impsec

Apr 16, 2012, 7:37 AM

Post #5 of 6 (608 views)
Permalink
Re: spamassassin with attachment [In reply to]

On Mon, 16 Apr 2012, dhanushka ranasinghe wrote:

> Is there any way to scan mail attachment extension with spamassassin
> .(exe files... etc)

It would be difficult, there are better tools available to scan attachment
content (e.g. ClamAV).

> and is it possible to scan attachment name using spamassassin

Yes. There is a MIME header plugin that will allow you to write rules for
attachment filenames. There are some attachment filename rules in my
sandbox.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Ten-millimeter explosive-tip caseless, standard light armor
piercing rounds. Why?
-----------------------------------------------------------------------
3 days until the 237th anniversary of The Shot Heard 'Round The World


hege at hege

Apr 16, 2012, 7:46 AM

Post #6 of 6 (604 views)
Permalink
Re: spamassassin with attachment [In reply to]

On Mon, Apr 16, 2012 at 10:05:57AM -0400, Kevin A. McGrail wrote:
>
>
> On 4/16/2012 9:58 AM, dhanushka ranasinghe wrote:
> >Hi...
> >
> >we are running spamassassin+exim, but seems like MIMEDefang have
> >issue integrating to exim..., do you know any doc or guide to follow.
> >i searched the google a more than week but couldn't find out way to
> >do attachement name scan using spamassassin ( Can you guys point me to
> >the right direction)
> I believe MD can work with Postfix and Sendmail. I do not know if it
> can work with exim.
>
> For attachment name scans, it's going to be likely raw rules which
> are going to be fairly slow but perhaps someone else here knows a
> better way.
>
> I, for better or worse, use MD to deal with attachment issues and SA
> is likely not really the right avenue. There is likely a solution
> but as I haven't needed one, I have forgotten if one exists.

You are forgetting that SA pretty much does all the same MIME::Parsing than
MD. ;-)

Simplified rule..

mimeheader ATTACHMENT_EXE Content-Disposition =~ /\.exe[";]/i

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.