At 13:45 2001-04-23 -0500, Chris Cook wrote:
I am using a recipe to filter emails that contain known attached
viruses. The problem is that the recipe is also dumping messages that
What I do below doesn't address the base problem with your filter -- the
logic isn't adequate. There have been rather good attachment filters
discussed on this list in the not too distant past.
PS - If anyone could point me to a script that has a feature to also
send a notification email that the message was infected with a virus,
that would be great. Thanks!
You should consider checking the list archives. Notably, where you
currently /dev/null the message, you'd use a pipe delivery to the standard
syntax for an autoreply.
Turn on verbose logging and send some messages through which SHOULD trigger
it, and some which SHOULDN'T, but do. Then examine the log.
The first thing I see wrong is that in your braced rules, you have one rule
that checks for a certain text in the body (though notably, you're NOT
checking to see if it is the filename) -- and do NOTHING for delivery,
following that with another rule that says "throw this bugger away just
because".
When you haven't yet debugged a script, it's a good idea to toss the
filtered messages into a file rather than sending them directly to trash.
Note, since every one of your rules has the same content type check, you
should just wrap them. Also, .* at the END of a line regexp is um,
unneeded. Think about it.
:0 hBHw
* ^Content-type: (multipart/mixed|application/octet-stream)
{
:0B
* .*creative\.exe
/dev/null
:0B
* .*KDDKNHKD\.EXE
/dev/null
:0B
* .*Navidad\.exe
/dev/null
# let me point out this is TERRIBLY vague
:0B
* .*\.(vbs|wsf|shs|scr)
:0B
* .*dwarf4you\.exe
/dev/null
:0B
* .*porno\.exe
/dev/null
:0B
* .*joke\.exe
/dev/null
:0B
* .*atchim\.exe
/dev/null
:0B
* .*Emanuel\.exe
/dev/null
:0B
* .*NakedWife\.exe
/dev/null
}
The above rewrite could be consolodated further by combining the filenames
in an OR arrangement:
* .*(Emamuel\.exe|NakedWife\.exe)
etc.
:0 hBHw
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 B
* .*NakedWife\.exe.*
:0
}
/dev/null
}
This syntax is screwed as well - follow your braces. See what your logfile
says about unmatched braces.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail