> Maybe it would be a good idea to apply that pattern only if there is a zip > file attachment. Like this... > > if /name=[^>]*\.zip[\'\"]/ > /^UEsDB....[Q-Za-fw-z0-9\+/]/ REJECT > endif > > Would that work? If forget if the mime headers are part of the body_checks > or not?
Will not work. Header and body checks are separate, and they only do one line at a time. So if I were to have a message with this: AAAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBB And were to put in this body check: if /AAAAAAAAAAAAAAAAA/ /BBBBBBBBBBBBBBBBBBB/ REJECT endif The message would still pass because these are on separate lines. Only messages with AAAAAAAAAAAAAAAAA and BBBBBBBBBBBBBBBBBBB on the same line would get rejected. --Eric
