[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spamassassin rules for swen? OT: mailfilter

Michael A. Miller wrote:
"Amal" == Amal Phadke <NOSPAM@NOSUCHHOST.hydrodyn.org> writes:

    > I am currently using combination of Spamassassin and access
    > control via /etc/mail/access (I use sendmail) with good
    > success. Now "MS Patches" are down to one or two per
    > day. Before I used to get about 80 or more in a day.

What spamassassin rules are you using for swen?  After googling
for a while, I assembled the following rules that seem to work
pretty well.  But I wonder if there is something more elegant
that I could do.  For example, I expect this message to get
scored high when spamassassin sees the body ;-)



body  SWENVIRUS          /allow an malicious user to run code on your computer/
score SWENVIRUS          +5.5

body  SWENVIRUS2         /Microsoft C.*mer/i
score SWENVIRUS2         +2

body  SWENVIRUS3         /You don't need to do anything after installing this item/i
score SWENVIRUS3         +2

header SWENHEADER        Subject =~ /Microsoft Critical/i
score  SWENHEADER        +2

header SWENHEADER2       Subject =~ /New Microsoft Security Update/i
score  SWENHEADER2       +2

For mailfilter, I block all of the swen shit by doing


Be sure to have this somewhere in the .mailfilterrc file, also:

REG_TYPE = extended

Yeah, the default is REG_TYPE = basic.
I noticed that the swen doesn't tend to send directly to me, so that rule above helps alot. Just to make sure though, I DENY things like MS Micrisoft, alert, error advice, etc.


Reply to: