On Sat, 24 Mar 2012, RW wrote:
On Sat, 24 Mar 2012 16:39:51 +0530
Swati Rananaware wrote:
Sorry for bothering you guys.
Found answer to my question:
body BODY_RULE_1 /[::blank::]/
That will hit any body with a space or tab in it.
It's going to be rather hard to check for a blank body, as
On Sat, 24 Mar 2012 16:39:51 +0530
Swati Rananaware wrote:
> Sorry for bothering you guys.
> Found answer to my question:
>
> body BODY_RULE_1 /[::blank::]/
That will hit any body with a space or tab in it.
Sorry for bothering you guys.
Found answer to my question:
Cool.. this should be part of the stock SA rules
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
*
Sorry for bothering you guys.
Found answer to my question:
body BODY_RULE_1 /[::blank::]/
describe BODY_RULE_1 blank mail body
score BODY_RULE_1 1.0
mimeheader MIMEHEADER_RULE_01 Content-Type =~ /multipart\/mixed/i
describe MIMEHEADER_RULE_01 Attachments
score MIMEHEADER_RULE_01 0.5
meta META_RU
I want to create a rule to flag a mail with empty message body and
attachment. I have read about the PDFInfo plugin but I am not allowed to
enable any kind of plugin on server. So creating a rule is must for me. I
have created some rules previously, but the problem is I am not able to
understand, h