I have an email that didn't hit on anything. It had one sentence "Please read the attached file (Dkaufman.zip)." And of course a zip virus attached. The from is <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] with a message ID from Hotmail... I would assume that something should have hit. I have aggressively high scoring/rules so I have -5 to allow personal email to come thru.
Does anyone have a way to block this email? (Header below)
Is there a way to score zip attachments or score attachment by file size ie <50K?
How about using a virus scanner to block it? clamav is free, and you can implement it on the MTA level.
I use MailScanner to process my mail through clamav, a commercial AV, and spamassassin. The AV tools take care of the viruses, and spamassassin takes care of the spam. Both get their subjects modified, and viruses are stripped off and quarantined on the server for me. The combination works very well.
Unless there's some reason you can't do this (ie: you don't have a mailserver) you're substantially better off using the right tools for the job.
