Grreting card scams
UxBoD
uxbod at splatnix.net
Fri Jul 27 13:00:56 IST 2007
The plugin looks good, but would also mean the message is scanned twice. Also would require the new code Jules has written for setting the message as Virus when the SA ruleset is hit.
Double edged sword really as both incur a time/processing overhead IMHO.
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
----- Original Message -----
From: "Alex Broens" <ms-list at alexb.ch>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, July 27, 2007 12:42:12 PM (GMT) Europe/London
Subject: Re: Grreting card scams
On 7/27/2007 1:28 PM, Glenn Steen wrote:
> On 27/07/07, Alex Broens <ms-list at alexb.ch> wrote:
>> On 7/27/2007 12:47 PM, Julian Field wrote:
>>>
>>> Glenn Steen wrote:
>>>> On 27/07/07, UxBoD <uxbod at splatnix.net> wrote:
>>>>
>>>>> Okay, have done some testing. For the signature to trigger it has to
>>>>> have a source file that contains the message body, and the following
>>>>> headers :-
>>>>>
>>>>> MIME-Version: 1.0
>>>>> Content-Type: text/plain;
>>>>>
>>>>> otherwise it reports the file as being okay.
>>>>>
>>>> Kind of what I thought... It doesn't understand that it is a mail it
>>>> is handling.:-(
>>>>
>>>> Jules, how would you like to play this one?
>>>> I suspect that whatever we do might end up being ... less than
>>>> elegant... Unless you have some inspiration...:-)
>>>>
>>> Yuck.
>>> I would have to copy the entire message into the scanning directory as
>>> well and alter every single parser to look out for it. Nasty job.
>> Wouldn't the ClamAV SA plugin catch these?
>> for those using clamd its trivial to implement.
>>
>> maybe that plugin could be hacked to use the clam module instead.
>>
>> Alex
>>
> You've got a link to share on that one Alex (yeah, I'm exceptionally
> lazy today... It's Firday afternoon (here), after all:-)?
Its Friday afternoon here as well (CH) :-)
http://wiki.apache.org/spamassassin/ClamAVPlugin
keep us posted...
Alex
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list