Opinions, please, on the following procmail recipe to quarantine
potential virii from being pop-3'ed into a Win system:
:0
* ^content-type:.*(multipart/mixed|application/octet-stream)
{
:0 HB
* ^content-(?:type|disposition):
(?:.|\n\s)*(?:file)?name=("?)[^"]+\.(?:vbs|wsf|vbe|wsh|hta|shs|scr|pif|com|exe|doc|html|chm|hlp|jse|js$^begin
\d+ \S+\.(?:vbs|wsf|vbe|wsh|hta|shs|scr|pif|com|exe|doc|html|chm|hlp|jse|js)$
* ^content-(?:type|disposition): (?:.|\n\s)*(?:file)?name=("?)winmail.dat\1
* ^begin \d+ winmail.dat
{
quarantine code ...
}
}
Thanks,
John
--
John Conover Tel. 408.370.2688 conover(_at_)rahul(_dot_)net
631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/
Campbell, CA 95008 Fax. 408.379.9602
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail