++ed by:
SREZIC VOEGELAS SHLOMIF SYP

4 PAUSE users

Kevin A. McGrail
and 1 contributors

NAME

AntiVirus - simple anti-virus tests

SYNOPSIS

  loadplugin     Mail::SpamAssassin::Plugin::AntiVirus

  body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
  body MIME_SUSPECT_NAME    eval:check_suspect_name()

DESCRIPTION

The MICROSOFT_EXECUTABLE rule works by checking for 3 possibilities in the message in any application/* or text/* part in the message:

- in text parts, look for a uuencoded executable start string
- in application parts, look for filenames ending in an executable extension
- in application parts, look for a base64 encoded executable start string