[Mimedefang] blocking

Salem, Hadi (Hadi)** CTR ** hadi.salem at alcatel-lucent.com
Fri Feb 26 12:13:17 EST 2010

Hi all,

Thank you guys for your help, thanks a lot. I'm relay happy :)

But we are not using Spamassassin :( 

Is there's any other way to do it with out involving Spamassassin ?

Hadi Salem
Global Messaging Operations - Mail Relay
Hadi.Salem at alcatel-lucent.com
OnNet: 2777 3122
Phone: +918030733122

-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com [mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Kevin A. McGrail
Sent: Friday, February 26, 2010 10:34 PM
To: mimedefang at lists.roaringpenguin.com
Cc: Joseph Brennan
Subject: Re: [Mimedefang] blocking

On 2/26/2010 11:41 AM, Joseph Brennan wrote:
>> Yes I would like to block ".exe" containing an URL for downloading an
>> .exe. That's what I want.
>> For example
>> http://wwww.xxxx./download.exe
> Since Spamassassin already parses uris, you might create a local.cf
> Spamassassin rule and score high enough to reject.
> uri LOCAL_EXE      /https?:\/\/.*\/.*\.exe$/
> score LOCAL_EXE   10.0
> I think that's right. Make sure dot "exe" comes after at least one /
> and at the end of the uri.
Correct.  The bad_filename routines won't help because it is a URI not 
an attachment.  And I made a similar rule just a few days ago!

uri             KAM_EXEURI      /.exe$/i
score           KAM_EXEURI      0.5
describe        KAM_EXEURI      EXE embedded link

More at http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf

NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com

More information about the MIMEDefang mailing list