zip only spam
Steven Andrews
sandrews at andrewscompanies.com
Tue Aug 7 20:27:47 IST 2007
Grab my file just in case;
cd /etc/mail/spamassassin
wget
http://www.andrewscompanies.com/files/mailscanner/70_andrews_badzip.cf
dos2unix 70_andrews_badzip.cf
chmod 644 70_andrews_badzip.cf
Then do a test, mailwatch if you have it, mailscanner -D --lint if you
don't and make sure you see it loading.
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Chris
Yuzik
Sent: Tuesday, August 07, 2007 2:29 PM
To: MailScanner discussion
Subject: Re: zip only spam
Steven Andrews wrote:
> This code (below) is tested and working for me.
>
> full ZIP_ONLY_SPAM
> /encoding\:\s+7bit(\n?)+[\-0-9]+.{1,40}type\:\s+application\/octet-str
> ea
> m\;.{1,40}name\=.{1,40}\.zip.{1,50}disposition\:\s+attachment\;.{1,40}
> fi
> lename\=.{1,40}\.zip/is
> describe ZIP_ONLY_SPAM ZIP only Message, no text in message
> body
> score ZIP_ONLY_SPAM 5.0
Steven,
I'm using this, but so far not getting any hits.
# ZIP only spam
full ZIP_ONLY_SPAM
/encoding\:\s+7bit(\n?)+[\-0-9]+.{1,40}type\:\s+application\/octet-strea
m\;.{1,40}name\=.{1,40}\.zip.{1,50}disposition\:\s+attachment\;.{1,40}fi
lename\=.{1,40}\.zip/is
describe ZIP_ONLY_SPAM ZIP only Message, no text in message
body
score ZIP_ONLY_SPAM 3.95
Not sure what I've done wrong.
Chris
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list