[Mimedefang] custom SA rules
Lucas Albers
admin at cs.montana.edu
Wed Dec 31 13:10:03 EST 2003
#11-03-13
YOUR MILEAGE MAY VARY.
Some score changes I made, basically doubling the value.
score HTML_FONTCOLOR_UNKNOWN 2.5
score NORMAL_HTTP_TO_IP 1.0
score HTTP_EXCESSIVE_ESCAPES .5
score HTML_FONTCOLOR_UNSAFE .5
score HTML_FONTCOLOR_UNSAFE 3
score HTML_FONT_INVISIBLE 3
Catch mail with listwashing tokens in them.
http://www.wot.no-ip.com/show.me/Projects/Listwashing_Tokens/#Solutions
http://www.wot.no-ip.com/cgi-bin/detoken.pl
catch html with garbage html tags.
look at the popcorn rules, they work really really well.
popcorn rules:
http://www.merchantsoverseas.com/wwwroot/gorilla/popcorn.cf
additional rules:
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list