[Mimedefang] Missed executable attachments with empty Content-Type

Dianne Skoll dfs at roaringpenguin.com
Tue Apr 28 09:13:25 EDT 2015

On Tue, 28 Apr 2015 14:34:59 +0200
Tomasz Ostrowski <tometzky at batory.org.pl> wrote:

> I've just received a trojan/exploit attachment with CHM extension,
> which should be filtered by MIMEdefang but wasn't.

Well, it surely depends on your filter?

Anyway, I made a SpamAssassin rule to block these.  Feel free to use/adapt
the following:

ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader RP_D_00086 Content-Disposition =~ /SecureMessage\.chm/
score	   RP_D_00086 50
describe   RP_D_00086 SecureMessage.chm malware



More information about the MIMEDefang mailing list