Re: multiple maxhits to detect multiple attachments
On Thu, 13 Oct 2016, RW wrote: On Tue, 11 Oct 2016 17:02:35 -0400 Olivier Coutu wrote: I was wondering if mimeheader is designed to work with tflags multiple maxhits or did I overlook something? If it is not designed to work with it, would there be any workarounds to detect multiple attachments? A "full" rule would probably support "multiple". Most of the base rule types do (not, of course, meta). -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Where are my space habitats? Where is my flying car? It's 2010 and all I got from the SF books of my youth is the lousy dystopian government. -- perlhaqr --- 296 days since the first successful real return to launch site (SpaceX)
Re: multiple maxhits to detect multiple attachments
On Tue, 11 Oct 2016 17:02:35 -0400 Olivier Coutu wrote: > I was wondering if mimeheader is designed to work > with tflags multiple maxhits or did I overlook something? If it is > not designed to work with it, would there be any workarounds to > detect multiple attachments? > A "full" rule would probably support "multiple".
Re: multiple maxhits to detect multiple attachments
On Tue, 11 Oct 2016, Olivier Coutu wrote: I was wondering if mimeheader is designed to work with tflags multiple maxhits or did I overlook something? I don't think it is. The tflags multiple handling is in the RE processing code per-rule-type (e.g. "meta" doesn't implement it), and I think the mimeheader plugin implements its own special RE code that didn't get the tflags multiple changes... ...yeah, it looks like the loop exits as soon as it finds a hit: lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm at line 199. File a bug to implement "tflags multiple" in MIMEHeader.pm If it is not designed to work with it, would there be any workarounds to detect multiple attachments? perhaps: rawbody __MIME_ATTACH_MULT /^Content-Disposition: / tflags__MIME_ATTACH_MULT multiple maxhits=3 but that has obvious drawbacks. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- [For Earth Day] Obama flew a 747 all the way to the Everglades then rode in a massive SUV motorcade to tell you to cut carbon emissions.-- Twitter satirist @hale_razor --- 294 days since the first successful real return to launch site (SpaceX)
