"tagged" content class?

Michael Scheidell michael.scheidell at secnap.com
Wed Apr 25 16:00:50 CEST 2012


On 4/25/12 5:39 AM, Patrick Ben Koetter wrote:
> Marc,
>
> I would like to detect and quarantine messages that contain special content
> e.g. having a Subject:-header with "foo" in it or a special word in the body.
>
> Such content is neither spam, badh, etc.. So even if it were possible to do
> detect such content today I would have to abuse a content class to store it in
> quarantine.
>
> Do you think it would be possible to add a new content class especially for
> tagged messages?
>
we do it here, for DLP.  we can 'tag', whitelist, blacklist, or quarantine.

start with an amavisd.custom
change %Amavis::Conf::subject_tag_maps_by_ccat and 
Amavis::Conf::quarantine_method_by_ccat (unless you never need to 
quarantine by cat)
know what your rule will add to X-Spam-Status

look for that in sub checks() and sub before_send() (if you need 
quarantine).

do magic, including putting [CONTENT] in Subject line on inbound (like 
[SPAM] in subject in inbound)

can I share EXACTLY how I did it?

no, not really.  but this should get you started.

-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120425/d4dd25d8/attachment.html>


More information about the amavis-users mailing list