[Mimedefang] SA - MIME attachments?

Damrose, Mark mdamrose at elgin.edu
Thu Oct 27 08:22:48 EDT 2005


-----Original Message-----
From: Jon Fullmer 

> body       PORN_SPAM       /(?:porn.com|porn-site.com|pr0n.com)/I
> describe   PORN_SPAM      Some jerk sending me porn spam
> score PORN_SPAM 10.0
> 
> I've noticed that when I do this, though, if the e-mail is a multipart
> MIME message (with, say, one part "text/plain" and one part 
> "text/html"), it won't find the string I'm having it search for.  

You're using the wrong test.

body strips out all the HTML tags before doing a scan.
rawbody doesn't strip out the tags.

But what you really want is the uri test.  It does all the work of
identifying uri/url for you and searches only in those.


More information about the MIMEDefang mailing list