On Wed, Sep 08, 2004 at 10:49:09PM -0700, Loren Wilton wrote: > However, it has been removed from 3.0. And while I agree with removing > binary attachments before scanning in SA, I consider that removing the > mime-part header that contained the type and name is a mistake. There have > been any number of times I've wanted to use that info for spam signs, and it > just isn't there.
There's a few things here.
First, the body-mime headers aren't typically visible to the user via MUA,
so they're not included in the data that the standard rules run against.
Second, viruses and worms aren't spam, and body-mime headers have not
historically provided enough useful anti-spam information to have a
special ruletype to look at them.
Third, it's trivial to write a plugin to go through them if you really need
them for something. Something ala:
foreach my $p ($self->{msg}->find_parts([EMAIL PROTECTED]/octet-stream@)) {
my ($ctype, $boundary, $charset, $name) =
Mail::SpamAssassin::Util::parse_content_type($p->get_header("content-type"));
$name ||= '';
$name = lc $name;
return 1 if ($name =~ /\.(?:scr|bat|com|pif)$/);
}
return 0;
that'll return true for any application/octet-stream attachment with a
filename ending in scr, bat, com, or pif. You can get any other parts of the
body-mime headers out in a similar fashion.
--
Randomly Generated Tagline:
It takes two to lie. One to lie and one to listen.
-- Homer Simpson
Colonel Homer
pgpokHlFIi8s9.pgp
Description: PGP signature
