[Mimedefang] Using values in X- headers for filtering
Murray Hunter
mimedefang at bitscribe.com
Wed Aug 20 10:39:00 EDT 2003
I have just installed MD on our system to combat the flood of SO_BIG that
was arriving. Because we needed a quick fix to just discard malicious
attachments, and because we have a large amount of newsletter traffic, I did
not add in the SpamAssassin part.
So far it is working well, however there are still a large number of emails
coming in that appear to be sent from a SO_BIG infected pc, but they did not
contain the virus attachment when it was sent. All of these messages have
the following header lines that seem to be specific to SO_BIG mails:
X-MailScanner: Found to be clean
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
I have looked through the man pages and forum, but have not found how one
can create a rule within MD to check the values of X- headers. I know I can
add/change/remove headers and test the Subject using $Subject, but is there
a way to check the X-Mailer and X-MailScanner headers for the offending
values?
Thanks,
Murray Hunter
More information about the MIMEDefang
mailing list