On Fri, 2008-08-01 at 15:01 -0300, Rejaine Monteiro wrote: > note: i'm not talking about block *attached* files .. (my > qmail-scanner already do this..) > i need a rule to targed as spam e-mail with *links to* dangerous files..
Yes, I did understand that, and that's exactly what I discussed and referred to. Do you understand my reply? > Karsten Bräckelmann escreveu: > > On Fri, 2008-08-01 at 14:40 -0300, Rejaine Monteiro wrote: > > > >> Hi all > >> > >> How can I create a generic rule to block any e-mail with links to > >> dangerous files ? > > > > Easy, just ask those folks related to tools in your mail processing > > chain that actually can block mail. SA does not. SA tags mail, it does > > not deliver mail in any way, including blocking. > > > > > >> Like http://****.zip or http://***.exe or ***.doc.exe etc... > > > > A uri rule will be easy to write, to match this. See the docs: > > http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html Sorry, forgot to mention: Section "Rule Definitions and Privileged Settings. Oh well, something like this: uri L_URI_BADFILEEXT /\.(zip|exe)$/ > > An alternative approach would be, to consider using ClamAV with the > > SaneSecurity phish sigs. I believe they should catch almost all of > > these. guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}