Blocking cannibalized spam/virus mail with password-protected attachments
Nikolaos Milas
nmilas at noa.gr
Wed Jan 13 19:55:03 CET 2021
On 22/12/2020 11:18 π.μ., Matus UHLAR - fantomas wrote:
> spamassassin rule could look like this:
>
> body __ARCHIVE_PASSWORD_1 /pass(word)? archiv(e|io):/i
> body __ARCHIVE_PASSWORD_2 /archiv(e|io) pass(word)?:/i
> meta ARCHIVE_PASSWORD __ARCHIVE_PASSWORD_1 ||
> __ARCHIVE_PASSWORD_2
> describe ARCHIVE_PASSWORD provides archive password
> score ARCHIVE_PASSWORD 5
Hi Matus,
How could I modify the above to also capture the text "Archiv Passwort:
9999"
Would the following work?
body __ARCHIVE_PASSWORD_1 /pass(word|wort)? archiv(e|io)?:/i
body __ARCHIVE_PASSWORD_2 /archiv(e|io)? pass(word|wort)?:/i
meta ARCHIVE_PASSWORD __ARCHIVE_PASSWORD_1 || __ARCHIVE_PASSWORD_2
describe ARCHIVE_PASSWORD provides archive password
score ARCHIVE_PASSWORD 5
Sorry, I am struggling through these...
Thanks,
Nick
More information about the amavis-users
mailing list