Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - attachment filename
  FAQ FAQ  Forum Search   Register Register  Login Login

attachment filename

 Post Reply Post Reply
Author
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Topic: attachment filename
    Posted: 06 June 2016 at 10:20pm

I noticed this in the release notes.

// New to VersionNumber = '4.7.2.196';

{TODO -cNew : Added the attachment filename to the message parts that SpamFilter scans for keywords, allowing the blacklisting/whitelisting of attachment filenames using keywords as well}


This means we can do something like this in the keyword rules:

attachment:*.exe


Something like that?  Is there any example or documentation on how to use this new feature?  I would be interested in using it.

--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2016 at 9:02am
In the past, if an email had this content:


------=_NextPart_000_0023_01C7D2C3.DADB76A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

this is a test for a pdf

------=_NextPart_000_0023_01C7D2C3.DADB76A0
Content-Type: application/pdf;
name="SCADAWhitepaperfinal1.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Whitepaperfinal1.pdf"

JVBERi0xLjINJeLjz9MNCjMxIDAgb2JqDTw8IA0vTGluZWFyaXplZCAxIA0vTyAzMyANL0ggWyAx

SpamFilter would normalize the content and search for keywords in this new text:

content-type: text/plain
content-transfer-encoding: 7bit
content-type: application/pdf
content-transfer-encoding: base64
content-disposition: attachment
this is a test for a pdf

Prior to this version, there was a bug in SpamFilter where the name and filename portions of the Content-Type and Content-Disposition would not be included in the normalized text if they appeared (as is in most cases) in a separate indented line.

From this version on, we're specifically adding the filename and name in the normalized text:

content-type: text/plain
content-transfer-encoding: 7bit
content-type: application/pdf
content-transfer-encoding: base64
content-disposition: attachment
filename="scadawhitepaperfinal1.pdf"
name="scadawhitepaperfinal1.pdf"
this is a test for a pdf

so they can be searched along with other keywords.


Edited by LogSat - 07 June 2016 at 9:03am
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2016 at 12:06pm
Oh OK, that explains why I have never had much luck filtering on filenames/attachments in the past.

Using this new information I looked up  what type of attachments gmail does not allow and built a rule that stops any mail from gmail.com that contains one of their restricted attachment types.

So far it has stopped 1 message, so looks like it is at least working.

--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.055 seconds.