On Wed, September 13, 2006 20:48, Fábio Gomes wrote:
I didn't mean removing EXE attachments, but blocking/high scoring messages
with links to executables in its body.
Is it possible?
perldoc Mail::SpamAssassin::Plugin::AntiVirus
Or - if you are using procmail:
#Delete all messages with exe
Correction! That should be:
/htt(p|ps):\/\/.*?\/.*\.com$/i
and slightly more efficient (doesn't capture backreference):
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Or maybe more simply and readably:
m'https?://.*/.*\.com$'i
But the .* things really should stop on something reasonable like or \s
Em Quarta 13 Setembro 2006 18:00, [EMAIL PROTECTED] escreveu:
Bill Randle wrote:
Amavisd-new will also drop attachments with a configurable list
of file extentions, but the question refered to links to exe's,
not actual exe attachments.
Good point -- everyone's primed to think of
On 2006-09-13, Fábio Gomes [EMAIL PROTECTED] wrote:
I didn't mean removing EXE attachments, but blocking/high scoring messages
with links to executables in its body.
Is it possible?
I would think it would be a little tricky, as the filter would have to
follow the link to determine if it is
Loren Wilton wrote:
Correction! That should be:
/htt(p|ps):\/\/.*?\/.*\.com$/i
and slightly more efficient (doesn't capture backreference):
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Or maybe more simply and readably:
m'https?://.*/.*\.com$'i
But the .* things really should
Hi list,
Is there any way to block messages with links to executables like
*.exe,
*.com and *.scr?
Best Regards,
Fábio Gomes
At 11:09 AM 9/13/2006, you wrote:
Hi list,
Is there any way to block messages with links to
executables like *.exe,
*.com and *.scr?
Not with SpamAssassin, but possibly with whatever MUA you have.
At 11:10 AM Wednesday, 9/13/2006, Michel Vaillancourt wrote -=
Fábio Gomes wrote:
Hi list,
Is there any way to block messages with
links to executables like *.exe,
*.com and *.scr?
Best Regards,
Fábio Gomes
If you are using Postfix as your MTA, this isn't hard
I didn't mean removing EXE attachments, but blocking/high scoring messages
with links to executables in its body.
Is it possible?
BTW, I'm using qmail.
Regards,
Fábio Gomes
Em Quarta 13 Setembro 2006 15:34, Ed Kasky escreveu:
At 11:10 AM Wednesday, 9/13/2006, Michel Vaillancourt wrote -=
At 11:10 AM Wednesday, 9/13/2006, Michel Vaillancourt wrote -=
Fábio Gomes wrote:
Hi list,
Is there any way to block messages with
links to executables like *.exe,
*.com and *.scr?
If you are using Postfix as your MTA, this isn't hard to do at
all.
Or - if you are
Bill Randle wrote:
Amavisd-new will also drop attachments with a configurable list
of file extentions, but the question refered to links to exe's,
not actual exe attachments.
Good point -- everyone's primed to think of attachments, it seems.
Here's a stab at it: set up a URI rule.
uri
On Wed, 13 Sep 2006, [iso-8859-1] F?bio Gomes wrote:
Is there any way to block messages with links to executables like
*.exe,
*.com and *.scr?
I will be adding that to my email security tool this week.
http://www.impsec.org/email-tools/procmail-security.html
--
John Hardin KA7OHZ
.com will, of course, be a challenge.
/htt[p|ps]:\/\/.*?\/.*\.com$/i
.com will, of course, be a challenge.
/htt[p|ps]:\/\/.*?\/.*\.com$/i
Correction! That should be:
/htt(p|ps):\/\/.*?\/.*\.com$/i
and slightly more efficient (doesn't capture backreference):
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Bill Randle wrote:
Amavisd-new will also drop attachments with a configurable list
of file extentions, but the question refered to links to exe's,
not actual exe attachments.
Good point -- everyone's primed to think of attachments, it seems.
Here's a stab at it: set up a URI rule.
Steve Thomas wrote:
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Why not /https?:\/\/.*?\/.*\.com$/i
?
Visit Wiki. Look for ClamAVPlugin. To save you some effort:
http://wiki.apache.org/spamassassin/ClamAVPlugin
This uses ClamAV as a scanner for virus laden email.
SpamAssassin NEVER blocks email. You probably can, however, setup a
simple filter for .exe etc in your MDA. You certainly can do it
On 13 Sep 2006 [EMAIL PROTECTED] wrote:
the other way round - it is very easy to create a php that offers
an exe for download So jut scoring direct .exe links might
cause the bad guys to produce better download links
True. As I said in an earlier post, scoring on bare executable URIs is
a
Steve Thomas wrote:
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Why not /https?:\/\/.*?\/.*\.com$/i
Because I always forget that the question mark can be used that way, and
if I can't seem to remember it, nobody else gets to use it! That's why. :)
Nice catch.
Steve atrophying perl skills Thomas
19 matches
Mail list logo
