How can mark as spam all mails that contain a Windows executable?
Note that this is no substitute for a decent virus scanner. Using a virus scanner to catch malicious executable attachments is the right way to do this; SpamAssassin is a spam filter. There is a unsupported plugin available at ClamAVPlugin that will scan for viruses and assign a SpamAssassin score accordingly - there is also a related bug (![[WWW]](/wiki/modern/img/moin-www.png){kind=small}
bug 3010) in the SpamAssassin bug tracker on this subject.
With SpamAssassin 2.x
With SpamAssassin prior to 3.0 you could add the following line to your user-prefs (normally ~/.spamassassin/user_prefs):
score MICROSOFT_EXECUTABLE 10
With SpamAssassin 3.x
The MICROSOFT_EXECUTABLE rule was removed in 3.0.0 though.
Sidenotes
Note, however, that many systems today courteously bounce viruses back to the "From" header, despite the fact that many modern viruses forge the From header so it bears no relationship to the system sending the virus.
Bounces that contain the virus itself may be caught by the MICROSOFT_EXECUTABLE rule above, but bounces that politely tell you "the message you sent had a virus and therefore has not been delivered" do not match that rule.
Since these messages are automatically transmitted to the recipient, a recipient that does not want the message, a recipient for whom the message holds no value except as irritation, a recipient that did nothing to warrant the message, many people consider these bounces to be just another category of spam.
Some people have therefore created custom SA rules to identify and flag these bounces. One of the best maintained set of rules is Tim Jackson's at http://www.timj.co.uk/linux/bogus-virus-warnings.cf