On 2/26/2010 11:41 AM, Joseph Brennan wrote:
Yes I would like to block ".exe" containing an URL for downloading an
.exe. That's what I want.
For example
http://wwww.xxxx./download.exe
Since Spamassassin already parses uris, you might create a local.cf
Spamassassin rule and score high enough to reject.
uri LOCAL_EXE /https?:\/\/.*\/.*\.exe$/
score LOCAL_EXE 10.0
I think that's right. Make sure dot "exe" comes after at least one /
and at the end of the uri.
Correct. The bad_filename routines won't help because it is a URI not
an attachment. And I made a similar rule just a few days ago!
#EXE LINK
uri KAM_EXEURI /.exe$/i
score KAM_EXEURI 0.5
describe KAM_EXEURI EXE embedded link
More at http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
