I am experiencing a problem with one of my rules that I cannot seem to find.
I have the following rules defined.
rawbody __RAW_EXE_ATTACHMENT /filename=\".*\.exe\"/i rawbody __RAW_VBS_ATTACHMENT /filename=\".*\.exe\"/i rawbody __RAW_COM_ATTACHMENT /filename=\".*\.com\"/i rawbody __RAW_PIF_ATTACHMENT /filename=\".*\.pif\"/i rawbody __RAW_CMD_ATTACHMENT /filename=\".*\.cmd\"/i rawbody __RAW_BAT_ATTACHMENT /filename=\".*\.bat\"/i
meta ATTACHMENT_RULES (__RAW_EXE_ATTACHMENT || __RAW_VBS_ATTACHMENT || __RAW_COM_ATTACHMENT || __RAW_PIF_ATTACHMENT || __RAW_CMD_ATTACHMENT || __RAW_BAT_ATTACHMENT)
score ATTACHMENT_RULES 25.00
Any attachments listed above will be properly identified as and the tests run with the exception of an EXE attachment. A filename with an .exe extension is not flagged.
I have added an additional rule that checks for an .exe attachment, that is not part of the meta rule, and I receive the same results. This leads me to believe there is something wrong with my test for .exe attachments.
I am running SA 2.64, spamd, and it is invoked from q-mail.
Any suggestions would be greatly appreciated.
Thanks in advance for your assistance.
Jay Hall
