I have the following rules defined in local.cf
Code:
mimeheader LOCAL_7Z_ATTACHED1 Content-Type =~ /\.7z/i
describe LOCAL_7Z_ATTACHED1 email contains a 7z file attachment
score LOCAL_7Z_ATTACHED1 2.5
mimeheader LOCAL_7Z_ATTACHED2 Content-Disposition =~ /\.7z/i
describe LOCAL_7Z_ATTACHED2 email contains a 7z file attachment
score LOCAL_7Z_ATTACHED2 2.5
Yet spamassassin is not catching emails with .7z attachments. Here is an example of a message containing such an attachment:
Code:
From Karin.Mother.HsI@persianpad.com Wed Oct 11 06:45:12 2017
Return-Path: <Karin.Mother.HsI@persianpad.com>
Received: from [42.114.229.71] ([42.114.229.71])
by mail.hprs.local (8.15.2/8.15.2) with ESMTP id v9BAjAjx008954
for <ccarter@ohprs.org>; Wed, 11 Oct 2017 06:45:11 -0400
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.99.2 at mail
From: Karin Mother <Karin.Mother.HsI@persianpad.com>
To: (local user)
Subject: Supplement payment 248834596
Thread-Topic: Supplement payment 248834596
Date: Wed, 11 Oct 2017 17:45:05 +0700
Message-ID: <418CEC5061165CACD2F1BEB58A14987D768E6DE7@190CA231.persianpad.com>
Accept-Language: en-US
Content-Language: en-US
X-Spam-Status: No, score=2.5 required=3.0 tests=BAYES_50,FROM_WORDY,
HELO_MISC_IP,RDNS_NONE autolearn=no autolearn_force=no
version=3.4.1-_revision__1.24__
X-Spam-Report:
* 1.5 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.4500]
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.2 HELO_MISC_IP Looking for more Dynamic IP Relays
* 0.0 FROM_WORDY From address looks like a sentence
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.1-_revision__1.24__ (2015-04-28) on
mail.hprs.local
Status: R
--_002_418CEC5061165CACD2F1BEB58A14987D768E6DE7190CA231persianpad.com_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
This E-mail is confidential
Internet communications cannot be guaranteed to be timely secure, error or
virus-free. The sender does not accept liability for any errors or
ommisions.
--_002_418CEC5061165CACD2F1BEB58A14987D768E6DE7190CA231persianpad.com_
Content-Type: application/octet_stream; name="F248834596_11102017.7z"
Content-Description: F248834596_11102017.7z
Content-Disposition: attachment; filename="F248834596_11102017.7z";
Content-Transfer-Encoding: base64
Obbiously, I have my rule(s) defined wrong. Can someone straighten me out?