At 9:50 PM -0600 2/17/01, Philip Guenther wrote:
Justin Shore <listuser(_at_)vinnie(_dot_)ksu(_dot_)ksu(_dot_)edu> writes:
...
Whoops, I missed one other thing: by default, variables are not expanded
on condition lines. So that second condition won't work because the
$VIRUSADDR won't be expanded. To solve that, put a '$' before the
regexp itself. I also like indenting things to show their structure
and/or similarity, so:
VIRUSADDR=virus-alert(_at_)sktc(_dot_)net
:0 h c
* ! ^FROM_DAEMON
* ! $ ^X-Loop: $\VIRUSADDR
* ^Subject: Test bounce message
| (formail -r \
-I"From: SKTC Virus Alert Daemon <$VIRUSADDR>" \
-I"Subject: [Virus Alert] You've been infected" \
-A"X-Loop: $VIRUSADDR" ; \
cat /etc/mail/vbs.ss-txt ) | $SENDMAIL $SENDMAILFLAGS -t
(The backslash in $\VIRUSADDR makes procmail escape all the special
regexp characters in the expanded value, such that it'll match just the
literal text. In this case, it'll make the '.' in "sktc.net" match just
a period, and not any character like it normally does in a regexp.)
Excellent. I see now. I just changed everything around to fix the
variable expanding problem and all seems to be working well. Here's
the current recipe:
VIRUSADDR=virus-alert(_at_)sktc(_dot_)net
:0 h
* ! ^FROM_DAEMON
* ! $ ^X-Loop: $\VIRUSADDR
* ^(Subject: Here you have, \;o\)|Subject: Neues von Ihrem
Internetdienstleister - Robert T. Online informiert)
| (formail -r \
-I"From: SKTC Virus Alert Daemon <$VIRUSADDR>" \
-I"Subject: [Virus Alert] You've been infected" \
-A"X-Loop: $VIRUSADDR" ; \
/bin/cat "/etc/mail/vbs.ss-txt") | $SENDMAIL -t
It wrapped the subject matching line. I have this in place on the
production server now. It's matching both variants A & C of the
VBS(_dot_)SST(_at_)mm virus (AnnaKournikova.jpg.vbs virus) and variant B which
is in German. I also removed the "c" so it wouldn't send the message
on to the recipient. Everything seems to be working well right now.
I think I'll migrate my generic Sendmail subject line filters to this
later tonight (for Melissa and the original Hybris variant). This
leaves me with two questions. If I wanted to send the form letter
like it does now and dump the incoming message (matching message)
into a different mail spool (like a quarantine) what would be the
best way to do that? I imagine I can find a way, just curious if
there's a recommended way that causes the least overhead.
The last question is about logging. I turned off verbose
logging once the recipe was working correctly and watched the
logfile. Is there any way to make it only log message that match a
recipe? The log file is currently logging all messages, matching a
recipe or not. I could probably set LOGFILE to /dev/null, but I'd
like to know when procmail actually does something.
Thanks to everyone for their assistance. Procmail is a beast I
haven't done much with before. Thanks!
Justin
--
--
Justin Shore K-State Linux Distro Mirror, Sysadmin
macdaddy(_at_)vinnie(_dot_)ksu(_dot_)ksu(_dot_)edu
<http://vinnie.ksu.ksu.edu/mirror/rpm2html>
<ftp://vinnie.ksu.ksu.edu/pub/mirror/linux>
*Internet2 Users*
<ftp://quest.ksu.ksu.edu/pub/mirror/linux>
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail