Put the directive:
score MICROSOFT_EXECUTABLE 5.0
in your local.cf file.
If you want something more fine-tuned than that, then it can't be done, I'm sorry to report - see the thread in this list 'MyDoom E-mail' for the gruesome details.
Dave Hennessey wrote:
Hi!
I'd like mark messages which contain .SCR .PIF .BAT .COM file attachments as Spam, and reject them before they enter our mail system.
Yes, I know that SA is not a Virus Scanner, but there is no reason that any valid message should contain them.
I've tried - in vain - to write a rule for this.
It appears that SA will look in the message header, but won't look in the headers for each part of a multipart/mixed.
Or am I doing something horribly wrong (most likely)???
Here's an example of one part of a multipart/mixed:
# Content-Type: application/octet-stream; name="www.paypal.com.pif" # Content-Transfer-Encoding: base64 # Content-Disposition: attachment; filename="www.paypal.com.pif"
How do I write a rule?
David M. Hennessey Office of the Deputy CIO U.S. International Trade Commission 500 E. Street, SW Washington, DC 20436 202-205-2518 Fax: 202-205-2024 E-mail: [EMAIL PROTECTED]
