rule word doc

[rickygm]

I find some of your spamassassin rules interesting, sorry to write here in issue, but it is possible that you could add a rule for word or excel files from some spammy countries , I currently catalog some countries based on this documentation of spamassassin https://wiki.apache.org/spamassassin/RelayCountryPlugin

thanks for all help.

[steadramon]

I'd do something like this...

mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i
header     __RELAYCOUNTRY_SPAMMY   X-Relay-Countries=~/^(RU|CN)/i

meta     WORDEXCEL_SPAMMYCOUNTRY __MIME_WORDOREXCEL && __RELAYCOUNTRY_SPAMMY
describe WORDEXCEL_SPAMMYCOUNTRY Spammy country and word/excel file
score    WORDEXCEL_SPAMMYCOUNTRY 1.0

This doesn't include my plugin mind you - to add the additional detection:

meta     OLEMACRO_SPAMMYCOUNTRY OLEMACRO && __RELAYCOUNTRY_SPAMMY
describe OLEMACRO_SPAMMYCOUNTRY Spammy country and Office doc with Macro
score    OLEMACRO_SPAMMYCOUNTRY 1.0

Note that this isn't the only way - have a look at including dynamic senders metas who send most of this type of spam.

[rickygm]

Hi , add the rule to my spamassassin, and I made an attempt from a gmail account, but spamassassin does not add it to the filtering.

mimeheader __MIME_WORDOREXCEL Content-Type =~ /msword|excel/i header __RELAYCOUNTRY_SPAMMY X-Relay-Countries=~/^(RU|CN|AR|AE|CG|FR|IR|KI|PK|AU|BS|BE|BO|BT|AI|AO|BR|KH|CL|CO|CK|CU|DM|EC|US)/i

meta WORDEXCEL_SPAMMYCOUNTRY __MIME_WORDOREXCEL && __RELAYCOUNTRY_SPAMMY describe WORDEXCEL_SPAMMYCOUNTRY Spammy country and word/excel file score WORDEXCEL_SPAMMYCOUNTRY 2.0

meta OLEMACRO_SPAMMYCOUNTRY OLEMACRO && __RELAYCOUNTRY_SPAMMY describe OLEMACRO_SPAMMYCOUNTRY Spammy country and Office doc with Macro score OLEMACRO_SPAMMYCOUNTRY 2.0

see the log https://pastebin.com/bmRq7v7h

thank for you help.