NAME

AntiVirus - simple anti-virus tests

SYNOPSIS

  loadplugin     Mail::SpamAssassin::Plugin::AntiVirus
  body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
  body MIME_SUSPECT_NAME    eval:check_suspect_name()

DESCRIPTION

The MICROSOFT_EXECUTABLE rule works by checking for 3 possibilities in the message in any application/* or text/* part in the message:

- in text parts, look for a uuencoded executable start string

- in application parts, look for filenames ending in an executable extension

- in application parts, look for a base64 encoded executable start string