[Mimedefang] blocking
Salem, Hadi (Hadi)** CTR **
hadi.salem at alcatel-lucent.com
Fri Feb 26 12:13:17 EST 2010
Hi all,
Thank you guys for your help, thanks a lot. I'm relay happy :)
But we are not using Spamassassin :(
Is there's any other way to do it with out involving Spamassassin ?
Hadi Salem
Alcatel-Lucent
Global Messaging Operations - Mail Relay
Hadi.Salem at alcatel-lucent.com
OnNet: 2777 3122
Phone: +918030733122
-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com [mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Kevin A. McGrail
Sent: Friday, February 26, 2010 10:34 PM
To: mimedefang at lists.roaringpenguin.com
Cc: Joseph Brennan
Subject: Re: [Mimedefang] blocking
On 2/26/2010 11:41 AM, Joseph Brennan wrote:
>> Yes I would like to block ".exe" containing an URL for downloading an
>> .exe. That's what I want.
>>
>> For example
>> http://wwww.xxxx./download.exe
>
> Since Spamassassin already parses uris, you might create a local.cf
> Spamassassin rule and score high enough to reject.
>
> uri LOCAL_EXE /https?:\/\/.*\/.*\.exe$/
> score LOCAL_EXE 10.0
>
> I think that's right. Make sure dot "exe" comes after at least one /
> and at the end of the uri.
Correct. The bad_filename routines won't help because it is a URI not
an attachment. And I made a similar rule just a few days ago!
#EXE LINK
uri KAM_EXEURI /.exe$/i
score KAM_EXEURI 0.5
describe KAM_EXEURI EXE embedded link
More at http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list