Great... they give us compilable code to use if we want to make a virus out
of this.
John, I thought that your filters checked for excessive header stuff. (?)
Anyway, something like this should do the trick, shouldn't it?
# ==============
DATEHEADERCOUNT=`grep -e "^Date:" -i | wc -c`
DATEHEADERFLAG=`expr 50 - $DATEHEADERCOUNT | sed s/[0-9].*//`
:0
* DATEHEADERFLAG ?? ^^-^^
/dev/null
# ==============
Obviously, we'd want this to do some other action other than /dev/null ,
but isn't this the general idea? Is 50 characters in a Date: header
sufficient?
Thanks.
Lee Howard
At 03:10 PM 7/19/00 -0400, Jason Allen wrote:
Has anyone cooked-up a nice recipe to filter the new Outlook/Outlook Express
exploit? If so, please post.
http://www.securityfocus.com/bid/1481
Thanks,
Jason Allen
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail