[Mimedefang] blocking
Kevin A. McGrail
KMcGrail at PCCC.com
Fri Feb 26 12:04:28 EST 2010
On 2/26/2010 11:41 AM, Joseph Brennan wrote:
>> Yes I would like to block ".exe" containing an URL for downloading an
>> .exe. That's what I want.
>>
>> For example
>> http://wwww.xxxx./download.exe
>
> Since Spamassassin already parses uris, you might create a local.cf
> Spamassassin rule and score high enough to reject.
>
> uri LOCAL_EXE /https?:\/\/.*\/.*\.exe$/
> score LOCAL_EXE 10.0
>
> I think that's right. Make sure dot "exe" comes after at least one /
> and at the end of the uri.
Correct. The bad_filename routines won't help because it is a URI not
an attachment. And I made a similar rule just a few days ago!
#EXE LINK
uri KAM_EXEURI /.exe$/i
score KAM_EXEURI 0.5
describe KAM_EXEURI EXE embedded link
More at http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
regards,
KAM
More information about the MIMEDefang
mailing list