On Mon, Aug 14, 2006 at 01:59:59PM -0500, [EMAIL PROTECTED] wrote: > therefore I'm loading the antivirus plugin in order to make use of > check_microsoft_executable rule. However that rule doesn't fire > if the attacker is disguising the .exe with a non sensical content type > primarily because the code currently assumes it wouldn't happen.
Yes, that does get skipped by MICROSOFT_EXECUTABLE, which looks for only an application or text part as documented in the plugin. Feel free to open a bugzilla ticket and include a sample message (attached to the ticket, not cut/paste), though I'm not sure what our plans are for the AntiVirus plugin (split off as extra, etc?) so the ticket may or may not get addressed in the near future. -- Randomly Generated Tagline: "I don't like rap because I'm stuffy and british." - James Burke
pgpSkiLYzJxAt.pgp
Description: PGP signature
