Print Page | Close Window

attachment filename

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=7135
Printed Date: 22 November 2017 at 10:37pm


Topic: attachment filename
Posted By: yapadu
Subject: attachment filename
Date Posted: 06 June 2016 at 10:20pm

I noticed this in the release notes.

// New to VersionNumber = '4.7.2.196';

{TODO -cNew : Added the attachment filename to the message parts that SpamFilter scans for keywords, allowing the blacklisting/whitelisting of attachment filenames using keywords as well}


This means we can do something like this in the keyword rules:

attachment:*.exe


Something like that?  Is there any example or documentation on how to use this new feature?  I would be interested in using it.



-------------
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.



Replies:
Posted By: LogSat
Date Posted: 07 June 2016 at 9:02am
In the past, if an email had this content:


------=_NextPart_000_0023_01C7D2C3.DADB76A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

this is a test for a pdf

------=_NextPart_000_0023_01C7D2C3.DADB76A0
Content-Type: application/pdf;
name="SCADAWhitepaperfinal1.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Whitepaperfinal1.pdf"

JVBERi0xLjINJeLjz9MNCjMxIDAgb2JqDTw8IA0vTGluZWFyaXplZCAxIA0vTyAzMyANL0ggWyAx

SpamFilter would normalize the content and search for keywords in this new text:

content-type: text/plain
content-transfer-encoding: 7bit
content-type: application/pdf
content-transfer-encoding: base64
content-disposition: attachment
this is a test for a pdf

Prior to this version, there was a bug in SpamFilter where the name and filename portions of the Content-Type and Content-Disposition would not be included in the normalized text if they appeared (as is in most cases) in a separate indented line.

From this version on, we're specifically adding the filename and name in the normalized text:

content-type: text/plain
content-transfer-encoding: 7bit
content-type: application/pdf
content-transfer-encoding: base64
content-disposition: attachment
filename="scadawhitepaperfinal1.pdf"
name="scadawhitepaperfinal1.pdf"
this is a test for a pdf

so they can be searched along with other keywords.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: yapadu
Date Posted: 07 June 2016 at 12:06pm
Oh OK, that explains why I have never had much luck filtering on filenames/attachments in the past.

Using this new information I looked up  what type of attachments gmail does not allow and built a rule that stops any mail from gmail.com that contains one of their restricted attachment types.

So far it has stopped 1 message, so looks like it is at least working.



-------------
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.



Print Page | Close Window