Re: scan an HTML file, possible?
On Wed, 3 Aug 2016, Robert Boyl wrote: Hi, everyone I have a very nice regex a friend passed me that catches those emails that have an HTML attached with a redirect html command to some malefic website. He has some tool in Exim that scans text in attachments. But I wanted to use a spamassassin rule. Is there some plugin/way in Spamassassin to scan text of an html attachment? You can write 'full' rules that will work with raw HTML in recognized html attachments. The problem is that SA has business logic that ignores non-textural attachments, and that can be fooled by mime-typing. So if the attachment has a mime-type of "text/html" SA will scan it. If it has a mime-type of "application/octet-stream" SA will ignore it but if the attachment has a filename ending in ".htm" most client programs will treat it as HTML and open it as such. I once wrote a rule to detect such obfuscation but it had too many FPs. -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: scan an HTML file, possible?
On 2016-08-03 14:13, Robert Boyl wrote: I have a very nice regex a friend passed me that catches those emails that have an HTML attached with a redirect html command to some malefic website. bravo He has some tool in Exim that scans text in attachments. But I wanted to use a spamassassin rule. clamav ? google foxhole 3dr party signature, tell clamav-milter to accept virus, and then in mta stage REJECT official virus, what is left is unofficiel sigs to be spam handled later Is there some plugin/way in Spamassassin to scan text of an html attachment? yes clamav plugin, its just ram hungry, so take the clamav-milter way in spamassassin then create rules based on clamav-milter headers just remember to in mta stage reject virus
scan an HTML file, possible?
Hi, everyone I have a very nice regex a friend passed me that catches those emails that have an HTML attached with a redirect html command to some malefic website. He has some tool in Exim that scans text in attachments. But I wanted to use a spamassassin rule. Is there some plugin/way in Spamassassin to scan text of an html attachment? Thanks! Rob