procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Filter virus

2001-07-23 09:53:34
from [Don Hammond] [Permanent Link] 
On 23 Jul, Babe Meneses Beltran wrote:
| Hi All
| 
| I need to block the virus SirCam(_at_)MM, I can to stop virus using the 
following 
| in the sendmail rules: HSubject: $>Check_Subject, the problem is that with 
| virus I can't do it with subject because is this is random.
| 

This has been working for me for the last couple of days:

:0 c
* ! ^X-BeenThere: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
* B ?? Hi\! How are you\?
* B ?? I send you this file in order to have your advice
* B ?? See you later. Thanks
| gzip -c >>$LOGFILEDIR/virii.gz

I (just moments ago) added the following in response to spanish
versions received:

:0 c
* ! ^X-BeenThere: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
* B ?? Hola como estas *\?
* B ?? Te mando este archivo para que me des tu punto de vista
* B ?? Nos vemos pronto, gracias\.
| gzip -c >>$LOGFILEDIR/virii.gz

and the following in response to some further (unverfified) information
on the possible forms it takes:

:0 c
* ! ^X-BeenThere: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
* B ?? Hi\! How are you\?
* 1^0 B ?? I send you this file in order to have your advice
* 1^0 B ?? I hope you like the file that I send( t)?o you
* 1^0 B ?? This is the file with the information that you ask for
* B ?? See you later. Thanks
| gzip -c >>$LOGFILEDIR/virii.gz

N.B The second two have not been up long enough for me to actually see
them work.

These simply prevent the message from being delivered and save the
header and body to a file for later examination. If you need
notification that they've been tripped, that'll have to be added. You
will also want to change the target file for each of the gzip pipes,
unless you have $LOGFILEDIR defined and want it there. Otherwise it'll
end up in /virii.gz which wouldn't be optimal IMO, and may not even
work depending on the permissions on /.

-- 
                   /"\
Don Hammond        \ /     ASCII Ribbon Campaign
Raleigh, NC US      X        Against HTML Mail,
                   / \      and News Too

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: procmail and ssh, Stan Ryckman
Next by Date:  Re: Filter virus, Don Hammond
Previous by Thread:  Filter virus, Babe Meneses Beltran
Next by Thread:  Re: Filter virus, Don Hammond
Indexes:  [Date] [Thread] [Top] [All Lists]