Mailing List Archive

[SpamAssassin Wiki] Updated: MarkingAllWindowsExecutables
Date: 2004-05-18T18:34:45
Editor: 24.234.126.34 <>
Wiki: SpamAssassin Wiki
Page: MarkingAllWindowsExecutables
URL: http://wiki.apache.org/spamassassin/MarkingAllWindowsExecutables

no comment

Change Log:

------------------------------------------------------------------------------
@@ -7,3 +7,4 @@
}}}

Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a _spam_ filter.
+dlkdsalkj
[SpamAssassin Wiki] Updated: MarkingAllWindowsExecutables [ In reply to ]
Date: 2004-05-18T18:34:58
Editor: 24.234.126.34 <>
Wiki: SpamAssassin Wiki
Page: MarkingAllWindowsExecutables
URL: http://wiki.apache.org/spamassassin/MarkingAllWindowsExecutables

no comment

Change Log:

------------------------------------------------------------------------------
@@ -7,4 +7,3 @@
}}}

Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a _spam_ filter.
-dlkdsalkj
[SpamAssassin Wiki] Updated: MarkingAllWindowsExecutables [ In reply to ]
Date: 2004-05-18T23:19:17
Editor: 66.60.163.44 <>
Wiki: SpamAssassin Wiki
Page: MarkingAllWindowsExecutables
URL: http://wiki.apache.org/spamassassin/MarkingAllWindowsExecutables

Added commentary about virus bounces and Tim Jackson's rules

Change Log:

------------------------------------------------------------------------------
@@ -6,4 +6,14 @@
score MICROSOFT_EXECUTABLE 10
}}}

-Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a _spam_ filter.
+Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a __spam__ filter.
+
+----
+
+Note, however, that many systems today courteously bounce viruses back to the "From" header, despite the fact that many modern viruses forge the From header so it bears no relationship to the system sending the virus.
+
+Bounces that contain the virus itself may be caught by the MICROSOFT_EXECUTABLE rule above, but bounces that politely tell you "the message you sent had a virus and therefore has not been delivered" do ''not'' match that rule.
+
+Since these messages are automatically transmitted to the recipient, a recipient that does not want the message, a recipient for whom the message holds no value except as irritation, a recipient that did nothing to warrant the message, many people consider these bounces to be just another category of spam.
+
+Some people have therefore created custom SA rules to identify and flag these bounces. One of the best maintained set of rules is Tim Jackson's at http://www.timj.co.uk/linux/bogus-virus-warnings.cf
[SpamAssassin Wiki] Updated: MarkingAllWindowsExecutables [ In reply to ]
Date: 2004-05-26T15:26:14
Editor: MalteStretz <mss@apache.org>
Wiki: SpamAssassin Wiki
Page: MarkingAllWindowsExecutables
URL: http://wiki.apache.org/spamassassin/MarkingAllWindowsExecutables

no comment

Change Log:

------------------------------------------------------------------------------
@@ -1,14 +1,20 @@
= How can mark as spam all mails that contain a Windows executable? =

-Add the following line to your user-prefs (normally ~/.spamassassin/user_prefs):
+'''Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a __spam__ filter.'''
+
+== With SpamAssassin 2.x ==
+
+With SpamAssassin prior to 3.0 you could add the following line to your user-prefs (normally ~/.spamassassin/user_prefs):

{{{
score MICROSOFT_EXECUTABLE 10
}}}

-Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a __spam__ filter.
+== With SpamAssassin 3.x ==
+
+That rule was removed in 3.0.0 though. An Anti-Worm-Plugin as suggested in [http://bugzilla.spamassassin.org/show_bug.cgi?id=3010 bug 3010] might be created by some third party one day.

-----
+== Sidenotes ==

Note, however, that many systems today courteously bounce viruses back to the "From" header, despite the fact that many modern viruses forge the From header so it bears no relationship to the system sending the virus.