ms-list at alexb.ch
Mon Aug 25 08:02:22 IST 2008
On 8/25/2008 12:33 AM, Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Alex Broens wrote:
>> On 8/24/2008 9:47 PM, Hugo van der Kooij wrote:
>>>> SpamAssassin Rule Actions =
>>> That will store the URL but by the time I can look at that URL to fetch
>>> the file the infected system might be cleaned out allready. So I need to
>>> automate this a bit further.
>> Seems to me you want to do too much within MailScanner...
>> I'd forward the msg with the malware URI to a separate account, process
>> that account with procmail/ripmime/snersoft's "URI" tool/GET and bingo
>> you have the malware to do whatever you want with it and you're very
> Sounds nice. But most message never make it as far as procmail. Most are
> shot down by significant amount of SA points.
I assume this could be avoided if you use a SA rule to catch the
executables, shortcircuit that - to save on SA processing, and set an MS
action to forward those msgs to you processing account, procmail will
see them. Would that work?
More information about the MailScanner