"tagged" content class?
Michael Scheidell
michael.scheidell at secnap.com
Wed Apr 25 16:00:50 CEST 2012
On 4/25/12 5:39 AM, Patrick Ben Koetter wrote:
> Marc,
>
> I would like to detect and quarantine messages that contain special content
> e.g. having a Subject:-header with "foo" in it or a special word in the body.
>
> Such content is neither spam, badh, etc.. So even if it were possible to do
> detect such content today I would have to abuse a content class to store it in
> quarantine.
>
> Do you think it would be possible to add a new content class especially for
> tagged messages?
>
we do it here, for DLP. we can 'tag', whitelist, blacklist, or quarantine.
start with an amavisd.custom
change %Amavis::Conf::subject_tag_maps_by_ccat and
Amavis::Conf::quarantine_method_by_ccat (unless you never need to
quarantine by cat)
know what your rule will add to X-Spam-Status
look for that in sub checks() and sub before_send() (if you need
quarantine).
do magic, including putting [CONTENT] in Subject line on inbound (like
[SPAM] in subject in inbound)
can I share EXACTLY how I did it?
no, not really. but this should get you started.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120425/d4dd25d8/attachment.html>
More information about the amavis-users
mailing list