Maybe you could hand over that task to something like MailScanner (http://www.mailscanner.info). It does the job for us.
Phil --------------------------------------------- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Dave Hennessey > Sent: 19 February 2004 15:57 > To: [EMAIL PROTECTED] > Subject: Rules for File Attachments in multipart/mixed ?? > > > Hi! > > I'd like mark messages which contain .SCR .PIF .BAT .COM file > attachments as > Spam, and reject them before they enter our mail system. > > Yes, I know that SA is not a Virus Scanner, but there is no > reason that any > valid message should contain them. > > I've tried - in vain - to write a rule for this. > > It appears that SA will look in the message header, but won't > look in the > headers for each part of a multipart/mixed. > > Or am I doing something horribly wrong (most likely)??? > > Here's an example of one part of a multipart/mixed: > > # Content-Type: application/octet-stream; name="www.paypal.com.pif" > # Content-Transfer-Encoding: base64 > # Content-Disposition: attachment; filename="www.paypal.com.pif" > > How do I write a rule? > > > David M. Hennessey > Office of the Deputy CIO > U.S. International Trade Commission > 500 E. Street, SW > Washington, DC 20436 > 202-205-2518 Fax: 202-205-2024 > E-mail: [EMAIL PROTECTED] > >
