ms-list at alexb.ch
Sat Aug 4 13:05:10 IST 2007
On 8/4/2007 1:27 PM, Glenn Steen wrote:
> On 04/08/07, Hugo van der Kooij <hvdkooij at vanderkooij.org> wrote:
>> On Sat, 4 Aug 2007, Gerard wrote:
>>> On August 03, 2007 at 08:27AM Douglas Ward wrote:
>>>> We block .zip and .rar at the mta. I finally ducked a new spam wave! :)
>>> Unconditionally blocking "zip or rar' files is not a viable option
>> Is there a method to detect extension spoofing?
>> I would block all message with extension spoofing.
> That would have to rely on the file command in an even more ...
> dependant... manner than the filetype checking does already... Or some
> other "file magic facility". Could be ... Less than perfect.
> I'd imagine that making that as a CustonFunction, _could_ work, or
> perhaps type up your own SA plugin for it:-)
It can be done quite easily with full and mimeheader rules meta'd together.
More information about the MailScanner