'twas said:
> How can I protect my mail of virus in help of /etc/procmailrc?
> The subject of virus is exactly: Here you have, ;0)
Correction: that's a LOWERCASE ;o)
Not that procmail is being case sensitive unless you tell it to, but it's
worth noting that _exactly_ should be taken to mean _exactly_.
> What must I write to my procmailrc?
I'd advise against filtering against the subject in this case, and just
filter on attachments. Visit the list archives for the past couple of
months and check the various discussions of filtering for VBS scripts.
Here's what I use (well, a cut down version of it), and I know it captures
this specific virus, as well as many other VBS viruses. It will also find
it in forwarded messages (which is how I received my first copy of this
particular virus -- someone forwarded it to me asking me if I knew what it
was).
# Various .VBS, .BAT, and .PIF virus/worms/trojans
:0:
* 9876543210^0 ^Content-[-a-z0-9_]+:.*="?[^"]*\.(vbs|bat|pif)
* 9876543210^0 B ?? ^Content-[-a-z0-9_]+:.*($[ ].*)*="?[^"]*\.(vbs|bat|pif)
$MAILDIR/infected.mbx
The scoring is used here to say "if we found it in the header, don't bother
wasting the cycles to look for it in the body."
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail