[Mimedefang] spams slipping by, because they bigger than the SA size cutoff
Stephen J. Smoogen
smooge at gmail.com
Wed Feb 1 19:21:56 EST 2006
On 2/1/06, Gary Funck <gary at intrepid.com> wrote:
>
>
> I've had a couple of spams drop in my inbox recently,
> and at first, I couldn't see how they made it past SA.
> I looked at the headers, and to my surprise, the message
> hadn't been scanned by Spamassassin(!). Why? How?
> I looked further, and noticed that one message was 800K
> bytes, and the other 140K. The first had an attached
> .wmv file (hopefully not one of _those_ .wmv files, but
> I didn't click on it to find out).
>
Well depending on how patched your system is.. and what application
you are using for email you do not have to click on the wmv file. Just
having some clients process the email can cause problems (according to
one write up about WMV). I would recommend that you put wmv on the
extensions block list and your problem is solved.
I would also recommend a grey-list or other mechanism.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the MIMEDefang
mailing list