procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Antivirus Recipe

2001-04-23 11:53:31
from [Chris Cook] [Permanent Link] 
Hello All,
        I am using a recipe to filter emails that contain known attached
viruses.  The problem is that the recipe is also dumping messages that
have "joke" or "emanuel", etc... in the subject line.  Can anyone help
me fine tune this recipe to only dump the emails that have the virus
name as the attachment?  I have a feeling it is configuring :0 "blah"
correctly but I am new at this and I have a feeling some other syntax is
incorrect.  

PS - If anyone could point me to a script that has a feature to also
send a notification email that the message was infected with a virus,
that would be great.  Thanks!

Thanks everyone in advance!



Recipe:



:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*creative\.exe.*
 :0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*KDDKNHKD\.EXE.*
 :0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*Navidad\.exe.*
:0
/dev/null
}
:0 hBHw
*^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*\.(vbs|wsf|shs|scr).*
:0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*dwarf4you\.exe.*
:0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*porno\.exe.*
:0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*joke\.exe.*
:0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*atchim\.exe.*
:0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*Emanuel\.exe.*
:0
/dev/null
}
:0 hBHw
 *^Content-type: (multipart/mixed|application/octet-stream)
 {
     :0 B
     * .*NakedWife\.exe.*
:0
}
/dev/null
}


-- 
Chris

o----< ccook(_at_)tcworks(_dot_)net >------------------------------------o
|Chris Cook - Admin     |TCWORKS.NET - http://www.tcworks.net |
|The Computer Works ISP |FreeBSD - http://www.freebsd.org     |
o-------------------------------------------------------------o
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Adding Reply-To to list messages, Stan Ryckman
Next by Date:  Re: Adding Reply-To to list messages, Trevor Jenkins
Previous by Thread:  Double delivery of messages, Forrest Aldrich
Next by Thread:  Re: Antivirus Recipe, Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]