Print Page | Close Window

Qustion re:Keyword Filtering process

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 26 September 2018 at 11:03am

Topic: Qustion re:Keyword Filtering process
Posted By: Guests
Subject: Qustion re:Keyword Filtering process
Date Posted: 25 September 2003 at 4:27pm

I'm new to SpamFilter,and have a question about the Keyword Filtering.

If a message has a file attachment, is the entire message scanned for keywords including the MIME portion containing the attachment? Or just the main message body itself?

I tried a RegEx statement to catch some of the SWEN  virus crap by looking for the more common names of the file attachment.  The virus bypasses the filtering by attaching the MS HTML Notice and infected file as file attachments.  The raw message then just has 2 MIME sections and keywords can't be used to catch a thing.

(I know I know.. I should just rely on the anti-virus engine to handle this, but we get a lot of users asking about the residual fake MS Notice still being sent to them).

The RegEx statement is:


It works in the RegExt Test region by catching the MIME info in the message:

   Content-Type: application/octet-stream; name="patch.exe"
   Content-Transfer-Encoding: base64
   Content-Disposition: attachment; filename="patch.exe"

But... it doesn't work in the actual live environment.


Print Page | Close Window