*** SPAM *** Re: [Mimedefang] Rebuild Message before running SpamAssassin
Guido
mimedefang.at.lists.roaringpenguin.com at starbase12.cjb.net
Thu May 13 05:32:47 EDT 2004
On Monday 10 May 2004 15:05, Joseph Brennan wrote:
> --On Saturday, May 8, 2004 5:50 PM +0200 Guido
>
> <mimedefang.at.lists.roaringpenguin.com at starbase12.cjb.net> wrote:
> > The problem is that I want it to also scan textual attachments which have
> > the content-type application/octet-stream.
>
> Q: What? What software does THAT? ...some file grepping ensues...
> A: Apple Mail.
<SNIP>
Apparently Apple Mail does do so too. But in my case it's an annoying Exchange
server which replaces the virus executable code with a warning and forwards
the message nicely. Blocking the server with my firewall is unfortunately not
an option since I also need to receive legit mail from it.
>
> This looks like a nice Spamassassin evasion technique. Just wait.
>
> Joseph Brennan
> Academic Technologies Group, Academic Information Systems (AcIS)
> Columbia University in the City of New York
It's indeed a nice SpamAssassin evasion technique.... but since I'd really
love to have SpamAssassin triggered for these emails I have made the
following change to SpamAssassin:
--- PerMsgStatus.pm 2004-05-10 15:20:30.000000000 +0200
+++ PerMsgStatus.pm 2004-05-10 15:26:18.000000000 +0200
@@ -933,7 +933,7 @@
# if it's non-text, just return an empty body rather than the
base64-encoded
# data. If spammers start using images to spam, we'll block 'em then!
- if ($ctype =~ /^(?:image\/|application\/|video\/)/i) {
+ if ($ctype =~ /^(?:image\/|(application\/(?!octet-stream))|video\/)/i) {
$self->{body_text_array} = [ ];
return $self->{body_text_array};
}
@@ -1014,7 +1014,8 @@
if (/^Content-Type: (\S+?\/\S+?)(?:\;|\s|$)/i) {
$ctype = $1;
- if ($ctype =~ /^(text\/\S+|message\/\S+|multipart\/alternative|
multipart\/related)/i)
+ if (($ctype =~ /^(text\/\S+|message\/\S+|multipart\/alternative|
multipart\/related)/i)
+ or ($ctype =~ /^(application\/octet-stream)$/i ))
{
$ctypeistext = 1; next;
} else {
In my case this seems to do the trick. And it was easier then rebuilding the
message before feeding it into SpamAssassin. Additionally, had I rebuilded it
first then the original HTML tags would already have been cleaned as well, so
I believe this solution is the best one for my scenario. :)
Thanks,
Kind regards,
Guido
--
What will you do if all your problems aren't solved by the time you die?
More information about the MIMEDefang
mailing list