spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David B Funk <dbf...@engineering.uiowa.edu>
Subject Re: The Impossible Rule??? Bug???
Date Tue, 23 Mar 2010 22:24:53 GMT
On Tue, 23 Mar 2010, --[ UxBoD ]-- wrote:

> ----- "corpus.defero" <corpus.defero@idnet.com> wrote:
>
> > I was looking at a piece of irritating pill spam this morning
> > ((http://pastebin.com/qzj83QKq)) and noticed this in the body, just
> > after a random excerpt from chapter 58 of 'The Awakening':
> >
> > -----------34AD8EF316667417464496762D36F3502061F3
> > Content-Type: image/bmp; name="transistor.jpg"
> > Content-Transfer-Encoding: base64
> > Content-Disposition: inline
> >
> > Having some time to play I was interested to see a slight mismatch
> > there
> > in the content type. Claims to be a bmp, but has a .jpg extension.
> > Feeling it was worthy of a couple of points (it scored 0 when it
> > first
> > arrived) I tried to create a custom rule for it.
[snip..]

> I use this one :-
>
> mimeheader __ANY_IMAGE_ATTACH    Content-Type =~ /image\/(?:gif|jpe?g|png|bmp)/
> mimeheader MIME_IMAGE_JPG        Content-Type =~ /image\/jpg/
> describe   MIME_IMAGE_JPG        Contains wrong MIME type image\/jpg
> score      MIME_IMAGE_JPG        1.0

Um, that rule will fire on any jpg image attachment, not quite what the
OP was looking for. I think that he wanted a rule that will look for an
implicit mis-match between the declared mime type and the file extension.
You can do that with the mimeheader type but need to be careful. Cannot do
it with METAs w/o risk of FPs, as there could be a message with both a
"bmp" and "jpg" attachment.
So need to do it with one long pattern-match.

Untested but try:

mimeheader MIME_MISMATCH_JPG	Content-Type =~ m!image/bmp;\s+name="?[^.]{1,40}\.jpg"?$!i
describe MIME_MISMATCH_JPG	Contains wrong MIME type image\/bmp
score MIME_MISMATCH_JPG		1.0


-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Mime
View raw message