[Mimedefang] Missed executable attachments with empty Content-Type
Dianne Skoll
dfs at roaringpenguin.com
Tue Apr 28 09:13:25 EDT 2015
On Tue, 28 Apr 2015 14:34:59 +0200
Tomasz Ostrowski <tometzky at batory.org.pl> wrote:
> I've just received a trojan/exploit attachment with CHM extension,
> which should be filtered by MIMEdefang but wasn't.
Well, it surely depends on your filter?
Anyway, I made a SpamAssassin rule to block these. Feel free to use/adapt
the following:
#==========================================================================
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader RP_D_00086 Content-Disposition =~ /SecureMessage\.chm/
score RP_D_00086 50
describe RP_D_00086 SecureMessage.chm malware
endif
#==========================================================================
Regards,
Dianne.
More information about the MIMEDefang
mailing list