Kimmie Dicaire wrote:
I found this thread while look for a way to block certain attachments.
My, isn't "Anna" causing a stir....
I developed the following, along with a few others on some SysAdmin and
AntiSpam lists:
:0
* ^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
* ^Content-Disposition: attachment;
* filename=".*\.(exe|hta|pif|scr|shs|vbs|vbe|wsf|wsh)"
{
...
}
}
The reason to use two recipes like this is so that you only do a full body
search on the ones where you already know in advance that you have an
attachment, otherwise things would get ugly.
What you do with the space in the "..."s is up to you. Some will want to
route the thang to /dev/null, others may want to try and "defang" the
thang, with something like this (UNtested by moi):
:0 fhbw
| /bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'
The object of the above is to add a .txt extension to the virus to
prohibit the execution thereof.
Aloha mai Nai`a!
--
"Please have your Internet License http://kapu.net/~mjwise/
and Usenet Registration handy..."
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail