I've had a couple of spams drop in my inbox recently, and at first, I couldn't see how they made it past SA. I looked at the headers, and to my surprise, the message hadn't been scanned by Spamassassin(!). Why? How? I looked further, and noticed that one message was 800K bytes, and the other 140K. The first had an attached .wmv file (hopefully not one of _those_ .wmv files, but I didn't click on it to find out).
Both messages avoided being scanned by SA because they were larger than the 100K limit we currently impose via MdF. What to do? I can bump the size limit, or have no limit at all. I could consider building a temporary copy of the message with non text and/or html attachments removed, and feed that to SA, although that sounds a bit complicated and computationally expensive. BTW, a couple of years ago, I experiment with simpiy peeling off the first N bytes off the front of large messages and tacking on the last N bytes (where N = approx. 50K). This actually worked rather well, modulo the occassional malformed MIME content. I could do that, but it is a bit of hack, and could result in having some valid ham messages mis-filed as spam, partly because the MIME parts are garbled. Thoughts? _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
