procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: procmail antivirus recipe trashing messages sent via photo suite

2001-08-06 17:25:53
from [Chris Cook] [Permanent Link] 
Thank you all very much for the help, the solution provided below fixed
my problems.  


-- 
Chris

o----< ccook(_at_)tcworks(_dot_)net >------------------------------------o
|Chris Cook - Admin     |TCWORKS.NET - http://www.tcworks.net |
|The Computer Works ISP |FreeBSD - http://www.freebsd.org     |
o-------------------------------------------------------------o



Professional Software Engineering wrote:


At 17:25 2001-08-03 -0500, Chris Cook wrote:

that my recipe is also trashing any messages sent via the imaging
application Photo Suite.  I have attached a log of what rules it matched
on and also our recipe.  Could someone tell me where in the recipe that
the rule is matching?


Not really without the MESSAGE it matched against (not that we want that on
the list) -- the specific text it tripped up on could be virtually any line
in the body of the message.


procmail: No match on ".*UNREGASF\.EXE"
procmail: No match on ".*Navidad\.exe"


[snip - lots of these]


procmail: Match on ".*\.(vbs|wsf|shs|scr|pif|bat|com)"


you matched on this.  See below for why.


:0 hBHw
* ^Content-type: (multipart/mixed|application/octet-stream)
{
         :0B
         * .*creative\.exe
         /dev/null

[snip - a bunch just like it]

Considering that the logfile clearly indicated that the other filename
matches you were looking for were not found, they don't inherently need to
be included.  It's the following line that is getting you:


         :0B
         * .*\.(vbs|wsf|shs|scr|pif|bat|com|lnk)
         /dev/null


*ANYWHERE* in the body - which includes the MIME encoding itself, you can
match any of these sequences of characters preceeded by a dot.

Yea, no surprise there that it might upchuck on random files.  Try at least
prefixing this condition line with:

         * ^[    ]*filename=".*\.(vbs|wsf|shs|scr|pif|bat|com|lnk)"

(this recommendation applies equally to the explicit filename checks as well).

You might also consider moving this rule to the top of the batch, since it
can, in one fell swoop, match a fair number of possibles.

---
  Sean B. Straw / Professional Software Engineering

  Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
  Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: create official looking rejection message, David W. Tamkin
Next by Date:  procmail - mutt milebox problem, Andrzej Zięba
Previous by Thread:  Re: procmail antivirus recipe trashing messages sent via photo suite, Professional Software Engineering
Next by Thread:  procmail antivirus recipe trashing messages sent via photo suite, Chris Cook
Indexes:  [Date] [Thread] [Top] [All Lists]