Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Content Filter > Rules for blank subject / body

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Content Filter  /

Rules for blank subject / body

[Devecerski, Aleksandar]
Aleksandar Deve…
Newbie
Newbie
Posts: 5
Aleksandar Devecerski - 05:00am, Dec 14 2016

Hallo everyone

As, I guess, a lot of you, I’m waging a battle with messages containing malware. I am aware that Kaspersky cannot react and update virus definitions as quickly as new variants emerge, gateway/endpoint protection vendors as well, so I’m trying to improve my chances with Content Filter. CF is, as far as I can tell, my last line of defense in MDaemon. If infected message reached CF it means greylisting haven’t stopped it and neither blacklist/spam filter/outbreak protection/.../antivirus did their job.

Various “notifications“/“invoices“/“quotes“/“transfer notifications“/“orders“ are pounding my users daily and by now I have quite a set of CF rules to deal with them. What I’m lacking, and searching Forum and Net did not provide satisfactory solution, is a way to handle messages:
1) without / blank subject
2) without text in the body message
3) blank subject&body
but having attachment(s).

I’ve found this (https://www.everything-mdaemon.com/mdaemon/detecting-a-blank-header) which in a way helped with the half of situation 1.
Additional problem is that html formed messages, even if they do not contain actual attachments, they are sometimes being detected as if attachments are present. Due to various embedded (graphic mostly) elements, of course.

So, I was wondering how are you coping with this? Anyone have a solution to this?
Can someone from Alt-N please tell us if they are planning to extend ruleset for CF to include these situations?

Thank you all

Cheers

  (older msg: 6)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron Caruth (apparently) - Dec 27, 2016 8:30 am (#7 Total: 7)  

via email  

Photo of Author
Arron Caruth
Administrator
Administrator
Posts: 1686
Thank you for sharing!

Happy Holidays!

-- 
Arron Caruth
Director of Product Development
Alt-N Technologies
http://www.altn.com
 
Sent using Alt-N's own MDaemon Messaging Server   
Now available with  BYOD Mobile Device Management, 
Document Sharing, Hijacked Account Detection and more.
Get to know the Alt-N family by liking us on Facebook!


-----Original Message-----
From: md-cfilter@altn.com [mailto:md-cfilter@altn.com] On Behalf Of Aleksandar Devecerski
Sent: Tuesday, December 27, 2016 7:15 AM
To: md-cfilter List Member
Subject: [md-cfilter] Rules for blank subject / body

First, Happy Holidays to all

I may have found (little) more elegant solution for my problem.
3 below SA rules added to local.cf and then I can either:
- use CF to do whatever I want MY_CF_BODYEMPTY, MY_CF_NOSUB and MY_CF_EMPTYSUB (including attachment extract), or
- score them so that the spam filter would do the job

###############################
# Message body empty
meta MY_CF_BODYEMPTY !__JF_BODYFULL
describe MY_CF_BODYEMPTY Message contains blank body
score MY_CF_BODYEMPTY 0.5

# No Subject
header __HAS_SUBJECT exists:Subject
meta MY_CF_NOSUB !__HAS_SUBJECT
describe MY_CF_NOSUB Message does not contain subject
score MY_CF_NOSUB 0.5

# Subject empty
header MY_CF_EMPTYSUB Subject =~ /^$/
describe MY_CF_EMPTYSUB Message contains blank subject
score MY_CF_EMPTYSUB 0.5
###############################

On 16.12.2016 18:55, Arron Caruth wrote:
> I'm glad you were able to get it working.
>
> Thanks you too!
>
> --
> Arron Caruth
> Director of Product Development
> Alt-N Technologies
> http://www.altn.com
>
> Sent using Alt-N's own MDaemon Messaging Server Now available with
> BYOD Mobile Device Management, Document Sharing, Hijacked Account
> Detection and more.
> Get to know the Alt-N family by liking us on Facebook!
>
>
> -----Original Message-----
> From: md-cfilter@altn.com [mailto:md-cfilter@altn.com] On Behalf Of
> Aleksandar Devecerski
> Sent: Friday, December 16, 2016 11:44 AM
> To: md-cfilter List Member
> Subject: [md-cfilter] Rules for blank subject / body
>
> Thanks for the suggestion Arron
>
> Funny enough it's working. I said funny because regex you suggested was among many I've tested online (for example on https://regex101.com/).
>
> If you enter ^.+$ you can see that it matches any non-empty string.
> Since originally suggested ^..+$ gives results according to my tests with actual MDaemon, I thougt that it wasn't the solution.
> As I mentioned, ^$ was online regex test sites favorite for the job, but MDaemon's CF just doesn't like it.
>
> Anyway, it seems to be working as expected now, so I'm happy
>
> Thanks again Arron, have a great weekend
>
>
> On 16.12.2016. 14.25, Arron Caruth wrote:
>> Great, I’m glad you have it working!
>>
>>
>>
>> I’m no expert when it comes to regular expressions but I think “^..+$”
>> isn’t matching when the subject is only one character long because of
>> the two periods. Try changing it to “^.+$”
>>
>>
>>
>> --
>>
>> Arron Caruth
>> Director of Product Development
>> Alt-N Technologies
>> http://www.altn.com <http://www.altn.com/>
>>
>>
>> Sent using Alt-N's own MDaemon Messaging Server
>> <http://www.altn.com/> Now available with BYOD Mobile Device
>> Management, Document Sharing, Hijacked Account Detection and more.
>>
>> Get to know the Alt-N family by liking us on Facebook
>> <https://www.facebook.com/pages/Alt-N-Technologies-MDaemon/220307374735000?ref=hl>!
>>
>>
>>
>
>
>
> ------------------------------------------------------
> View/reply at <http://lists.altn.com/WebX?13@@.598620ff/3>
>
> --MD-CFILTER---------------------------------------------------------
> This list is for questions and discussions about MDAEMON's Content Filter. To unsubscribe from this mailing list send an email to md-cfilter-unsubscribe@altn.com .
> --POWERED BY MDAEMON!------------------------------------------------
>
> ---------------------------------------------------------------------
> These forums are provided by Alt-N Technologies for user-to-user support and discussion. Alt-N staff members may participate in the forums periodically but please recognize that this is not the official method of receiving technical support. To receive personal technical support please use the form here:
> http://www.altn.com/Support/RequestSupport/
> ---------------------------------------------------------------------
>
> --MD-CFILTER---------------------------------------------------------
> This list is for questions and discussions about MDAEMON's Content
> Filter. To unsubscribe from this mailing list send an email to
> md-cfilter-unsubscribe@altn.com .
> --POWERED BY MDAEMON!------------------------------------------------
>
> ---------------------------------------------------------------------
> These forums are provided by Alt-N Technologies for user-to-user
> support and discussion. Alt-N staff members may participate in the
> forums periodically but please recognize that this is not the official
> method of receiving technical support. To receive personal technical
> support please use the form here:
> http://www.altn.com/Support/RequestSupport/
> ---------------------------------------------------------------------
>
>
>



------------------------------------------------------
View/reply at <http://lists.altn.com/WebX?13@@.598620ff/5>

--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content Filter. To unsubscribe from this mailing list send an email to md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user support and discussion. Alt-N staff members may participate in the forums periodically but please recognize that this is not the official method of receiving technical support. To receive personal technical support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content
Filter. To unsubscribe from this mailing list send an email to
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user
support and discussion. Alt-N staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------






  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.