Erik Moeller wrote:
Because of mydoom I strongly recommend using a procmail filter for killing attachments *before* they reach SpamAssassin. Before I did so SA literally killed my system because it hit internal file limits. The following rule works well:
:0 B
- ^ *Content-Disposition: attachment;
- filename=".*.(pif|exe|scr|zip|bat|cmd)"
virus
It kills zip files, too, but this shouldn't be a problem for the mailing list. In fact we might want to filter all mails that contain attachments - use URLs instead.
I suggest adding .com files, too so the rule would look like this:
:0 B * ^ *Content-Disposition: attachment; * filename=".*.(pif|exe|com|scr|zip|bat|cmd)" virus
Regards
Thomas