• NAME
• SYNOPSIS
• DESCRIPTION

NAME

AntiVirus - simple anti-virus tests

SYNOPSIS

loadplugin     Mail::SpamAssassin::Plugin::AntiVirus

body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
body MIME_SUSPECT_NAME    eval:check_suspect_name()

DESCRIPTION

The MICROSOFT_EXECUTABLE rule works by checking for 3 possibilities in the message in any application/* or text/* part in the message:

- in text parts, look for a uuencoded executable start string

- in application parts, look for filenames ending in an executable extension

- in application parts, look for a base64 encoded executable start string