procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: happy.exe

1999-03-05 14:35:21
from [Christopher Lindsey] [Permanent Link] 
Does someone has a "magic solution" to avoid the happy.exe trojan virus
being propagated via mailing list???


Depends on your MLM, MTA, and OS.  Gosh, so many acronyms.  
Here's what I do for my majordomo and mailman mailing lists;
presumably you can wrap your wrapper alias as well (example
below from mailman for sendmail):

   listname         :"|/usr/bin/procmail -m LIST='listname' EXTRA='' 
MLM='mailman' /etc/mail/procmailrc.lists"
   listname-admin   :"|/home/staff/mailman/mail/wrapper mailowner listname"
   listname-request :"|/home/staff/mailman/mail/wrapper mailcmd listname"
   owner-listname   :listname-admin
   listname-owner   :listname-admin

/etc/mail/procmailrc.lists looks like this:

   PATH=/usr/bin:/usr/local/bin:/bin
   HOME=/etc/mail
   SHELL=/bin/sh

   # if EXTRA isn't set to an archiver or something, set to devnull
   # so that we have another address to hide the -outgoing address
   # in the Received: headers -- another ugly majordomo-required
   # hack
   :0
   * ! MLM ?? mailman
   * EXTRA ?? ^^^^
   { EXTRA="devnull" }

   # check against message-id database to make sure that this isn't
   # a duplicate post
   :0 Wh: $HOME/list-cache/${LIST}.lock
   | formail -D 8192 $HOME/list-cache/${LIST}.cache

   # check for happy.exe
   :0:
   * ^X-Spanska:
   {
      FILE="HAPPY.EXE.txt"
      FROM="postmaster"
      INCLUDERC=/etc/mail/autoresponder/procmailrc.autoreply
   }

   # mail people to let them know that I don't like attachments
   # on the list
   :0
   * ^(Content-Type: multipart/mixed;|X-MS-Attachment: WINMAIL.DAT)
   {
      FILE="mimereply.txt"
      FROM="owner-$LIST"
      INCLUDERC=/etc/mail/autoresponder/procmailrc.autoreply
   }

   :0
   * MLM ?? mailman
   | /home/staff/mailman/mail/wrapper post $LIST,$EXTRA

   :0
   * MLM ?? majordomo
   | /var/majordomo/wrapper resend -l $LIST $LIST-sekrit,$EXTRA

   # hmmm, couldn't find the MLM
   :0
   ! sysadmin

And of course, here's /etc/mail/autoresponder/procmailrc.autoreply:

   HOME=/etc/mail/autoresponder
   :0 h
   * !^FROM_DAEMON
   * !^From: (Majordomo|root)
   * !^X-Loop: $FROM(_at_)mallorn(_dot_)com
   | (formail -r -A"Precedence: junk" \
      -A"X-Loop: $FROM(_at_)mallorn(_dot_)com" \
      -A"From: $FROM(_at_)mallorn(_dot_)com" ;\
       cat $HOME/$FILE) | $SENDMAIL -t -f $FROM

You'll need to create your /etc/mail/autoresponder/$FILE replies,
too...

Hope this makes sense -- a little more than you were asking for, but
maybe it'll help.

Chris
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  expansion of $\, Andy Rowan
Next by Date:  Re: Using procmail to requeue incoming email? (fwd), cueman
Previous by Thread:  Re: happy.exe, Jeff
Next by Thread:  Happy99.exe virus/worm filter for mail server gateways, Michael Rawls
Indexes:  [Date] [Thread] [Top] [All Lists]