Have you considered making MM into an RSPAMD plugin?

[yoshimo]

RSpamD (https://github.com/rspamd/rspamd) is a powerful antispam solution that gets rid of the old amavis&spamassin duo. Its solid lua plugin infrastucture already has something similiar ( rspamd/src/plugins/lua/mime_types.lua ) that deals with just extensions, nested extensions and archives. This would be a good place for some additional checks and bonus&malus for good macros/no macros/bad macros like MacroMilter does.

[katschingg]

I read the documentation and without doubt it looks very sexy in terms of speed in comparison to spamd. But I don't see rspamd solving any problems according to macros? It supports writing own lua plugins dealing with macros, but it has nothing per default as far as I understood their docu/slides.

[yoshimo]

it has nothing per default as far as I understood their docu/slides. That's why i opened this issue.

[sbidy]

Actual we are using for our production environment the Spamd&Amavisd stack for AV and Spam. But we starting to play around with the RspamD. The MacroMilter doesn't interact with both services directly. It its is possible the use the RSpamD and the MacroMilter as additional filter instance.

I think it should be possible tho integrate the olevba/oletools into the RspamD (maybe as an additional module). The actual LUA implementation/filter for blocking "macors" is only MIME-Type based (?). Similar to the Amavis "macro blocking" capabilities.

At the very beginning of the project, one "precondition" was: No dependencies to other filter systems. It should always be possible to us the MacroMilter without an Amavis, Spamassassin or other kind of "filter software". Because the installation, updating, documentation and maintenance of an "independent" software is less "time consuming" as an module or plugin for an Amavis, Spamassassin RspamD, AVcheck, mailscanner and so one.

[yoshimo]

i think this is now done

https://github.com/HeinleinSupport/olefy/ does integrate oletools directly with rspamd