[Spambayes] idea for tokenizer.crack_filename change
Skip Montanaro
skip@pobox.com
Thu, 19 Sep 2002 17:07:30 -0500
Neil> Here's a simple script that looks for executable attachments:
Neil> http://arctrix.com/nas/find_executables.py
Neil> Run like this:
Neil> python find_executables.py Data/Spam/*/*
Neil> If anyone is interested, I have a qmail filter that rejects
Neil> messages with executable attachments at SMTP-time.
It seems to me that base64-encoded, all DOS/Windows executables start with
(reciting from memory, since I've deleted all viruses and haven't received
any new ones in the last 15 minutes or so) "TPqAAA" or something similar.
Why rely on finding specific file extensions? They can just change.
Skip