Development info?

Alex Broens ms-list at
Mon Aug 25 08:02:22 IST 2008

On 8/25/2008 12:33 AM, Hugo van der Kooij wrote:
> Hash: SHA1
> Alex Broens wrote:
>> On 8/24/2008 9:47 PM, Hugo van der Kooij wrote:
>>>> SpamAssassin Rule Actions =
>>>> TRAP_LINK_EXEC=>store-/var/spool/MailScanner/evidence
>>> That will store the URL but by the time I can look at that URL to fetch
>>> the file the infected system might be cleaned out allready. So I need to
>>> automate this a bit further.
>> Seems to me you want to do too much within MailScanner...
>> I'd forward the msg with the malware URI to a separate account, process
>> that account with procmail/ripmime/snersoft's "URI" tool/GET and bingo
>> you have the malware to do whatever you want with it and you're very
>> flexible.
> Sounds nice. But most message never make it as far as procmail. Most are
> shot down by significant amount of SA points.

I assume this could be avoided if you use a SA rule to catch the 
executables, shortcircuit that - to save on SA processing, and set an MS 
action to forward those msgs to you processing account, procmail will 
see them. Would that work?


More information about the MailScanner mailing list