I am so very sorry to bother the list with this, but before I roll
this thing out, I feel a need to understand exactly what I am doing.
Herewith and therefore:
I obtained this recipe from the archives for the list. It was
originally posted by Philip Guenther: you can see it here:
http://MailMan.RWTH-Aachen.DE/pipermail/procmail/2001-February/003203.html
# If the message is multipart, check the body
:0
* ^Content-Type:.*multipart
* B ?? ^Content-[-a-z0-9_]+:.*($[ ].*)*=[ ]*($[ ]+)*"?\
[^"]*\.(vb[se]|ws[fhe]|hta|shs|exe|pif|dll|scr)
$MAILDIR/infected.mbx
My commment/question: there were originally two recipes in the post, I
intend to use only this one, as the other seems un-necessary; or
perhaps optional. Am I correct?
Here is the other recipe:
# First, check to see in the entire message is the virus/worm/etc
:0
* ^Content-[-a-z0-9_]+:.*=[ ]*"?[^"]*\.(vbs|bat|pif)
$MAILDIR/infected.mbx
I notice that locking is not indicated in the recipes; is that an
oversight, or is there something I don't know/am missing about locking
in this context?
Regarding this condition line:
* B ?? ^Content-[-a-z0-9_]+:.*($[ ].*)*=[ ]*($[ ]+)*"?\
[^"]*\.(vb[se]|ws[fhe]|hta|shs|exe|pif|dll|scr)
My questions are:
The ?? over-rides the initial header egrep with a directive to procmail
to egrep the body?
This: ($[
is explained by this section of the man page, and is absolutely
necessary for the recipe to succeed:
$ Evaluate the remainder of this condition according to sh(1)
substitution rules inside double quotes, skip leading whitespace,
then reparse it
Finally: each of the empty [] contain the famous [tab space] character
class. I ask because visually, it is not apparent; although I don't
know what else could go there. On a related note: does procmail
'understand' \t\s to be a tab followed by a space?
Thanks,
ja
--
J. Altman
Panix.com Staff
(212) 741-4400
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail