What code is needed for this?
Ummm, I wouldn't risk filtering soley on this condition.
From RFC822:
When matching any other syntactic unit, case is to be ignored.
For example, the field-names "From", "FROM", "from", and even
"FroM" are semantically equal and should all be treated ident-
ically.
When generating these units, any mix of upper and lower case
alphabetic characters may be used. The case shown in this
specification is suggested for message-creating processes.
So it's quite likely that you could be blocking other fully-compliant
messages that aren't virus-laden.
If you want to try anyway, you can add it as a condition in
procmail:
:0D
* ^date: .*
/dev/null
Ideally, you'd just use it as a precondition to speed things up (since
you're initially checking the headers and not the body):
:0D
* ^date:
* B ?? ^Hi! How are you(\?|=3F)$.*$(I send you this file in order to have
your advice|I hope you like the file that I sendo you|I hope you can help me
with this file that I send|This is the file with the information you ask
for)$.*$See you later(\.|=2E) Thanks
/dev/null
I'm not how to do it with the MTA; sendmail's Check_Subject rulesets
aren't case sensitive. Perhaps another MTA could do it so that the
delivery payload isn't involved?
Chris
A cursory examination of thousands of emails from mailing lists, private
sources, and other sources shows that the only messages using the lower
case 'date:' for the header are sent by the SirCam virus.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail