OK..
Sorry for my bad english ... Thank you for the tip..!
Karsten Bräckelmann escreveu:
On Fri, 2008-08-01 at 15:01 -0300, Rejaine Monteiro wrote:
note: i'm not talking about block *attached* files .. (my
qmail-scanner already do this..)
i need a rule to targed as spam e-mail with *links to* dangerous files..
Yes, I did understand that, and that's exactly what I discussed and
referred to. Do you understand my reply?
Karsten Bräckelmann escreveu:
On Fri, 2008-08-01 at 14:40 -0300, Rejaine Monteiro wrote:
Hi all
How can I create a generic rule to block any e-mail with links to
dangerous files ?
Easy, just ask those folks related to tools in your mail processing
chain that actually can block mail. SA does not. SA tags mail, it does
not deliver mail in any way, including blocking.
Like http://****.zip or http://***.exe or ***.doc.exe etc...
A uri rule will be easy to write, to match this. See the docs:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
Sorry, forgot to mention: Section "Rule Definitions and Privileged
Settings.
Oh well, something like this:
uri L_URI_BADFILEEXT /\.(zip|exe)$/
An alternative approach would be, to consider using ClamAV with the
SaneSecurity phish sigs. I believe they should catch almost all of
these.
guenther