Hi All!
Seems like a new and really destructive virus is making the rounds. I'd sure
like to be able to trash this upon receipt, but there are some problems. The
attachement payload is type; "MIXED" the senders are always different
(whomever has our domain email addresses in their Outlook address book I
imagine)
The constant is the wording in the body of the email itself. In 5 days of
being hit repeatedly by this thing (almost 2700 emails) I have yet to see
the wording change;
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
Soooo...could this be an adventure in $MATCH???
I wouldn't want to grab "Hi! How are you?" *or* "See you later. Thanks"
because I think there would be too many instances of those words existing in
regular (i.e. benign) email.
However, this is a strange phrase and undoubtedly is the string that
uniquely identifies this thing.
"I send you this file in order to have your advice"
It is obviously written by someone who didn't learn English as their native
or first language, and is highly unlikely to exist in this specific
combination elsewhere.
So I guess the challenge is to identify how to grab the email and toss it if
those words exist, *and in that exact combination seen above*
This is regexp hell for me. I still can't make any headway with this subject
despite copious reading over the past couple of years.
Ideas anyone???
Regards,
-Colin
--
Colin J. Raven
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail