http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5052
Summary: check_microsoft_executable doesn't handle disguised
content-type's
Product: Spamassassin
Version: 3.1.1
Platform: All
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Plugins
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
spammers seem to know that can can avoid check_microsoft_executable in the
AntiVirus.pm plugin if
they use a non-sensicle content type when attaching executable code. the plugin
is too specific about
what content-types it checks and for this check I don't see why you cannot
check all types.
Instead of
foreach my $p ($pms->{msg}->find_parts(qr/^(application|text|audio|image)\b/)
I prefer
foreach my $p ($pms->{msg}->find_parts(qr/^\w+\b/))
or alternatively don't use find just use the parts list all together and check
all parts.
check_microsoft_executable and it's use in determining if a message is spam or
not does not really
relate to virus checkers and so this all could be performed outside of the
context of "virus checking"
some people might want the rule to indicate spam whilst others simply don't
care especially those using
windows so consider making the set of content types to check configurable thru
user_prefs
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
