http://bugzilla.spamassassin.org/show_bug.cgi?id=3781
------- Additional Comments From [EMAIL PROTECTED] 2004-09-16 06:08 ------- Subject: Re: There should be a rule type for mime part headers > - -0: that doesn't make much sense; why would a plugin intended to > detect MS executables, also allow third-parties to match against > arbitrary data in MIME part headers? that usage isn't exactly > suggested by the name/purpose of "MSExec". > > However making the MSExec plugin depend *on* another plugin that > allows this, now *that* makes sense. It's not even named MSExec in my tree anymore. I'm still tweaking it, though. It's becoming a plugin for doing MIME tests, I'm not sure what the exact scope is going to be, but right now, it tests the decoded MIME part data for file(1)-style functionality. Writing a plugin for just MSExec satisfies a long-standing bug, but it has easily become a much more generally useful plugin without the hard-coded values in the .pm. I'm still playing with the format, but it might be something like this: loadplugin Mail::SpamAssassin::Plugin::Binary magic MICROSOFT_EXECUTABLE (0, 'MZ') magic MICROSOFT_EXECUTABLE (128, 'PE\x00\x00') body MICROSOFT_EXECUTABLE eval:check_binary() magic PNG_IMAGE (0, '\x89PNG') body PNG_IMAGE eval:check_binary() Don't worry too much about the format. >> 2. we could clean up the header test types a bit and allow something >> like "full" on just the body. > Not sure how that effects MIME part headers? A stupid line-by-line pristine raw untouched undecoded unrendered body test would be sufficient for 99% of MIME header tests, especially of the type desired by most rule writers. I wasn't even close to suggesting that we make people write an eval test. Daniel ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
