At 19:02 2002-01-17 -0800, Eric Hilding did say:
Norton AntiVirus deleted the following email messages because they were
infected with a virus:
This has Norton AV got to do with procmail?
Of interesting note, each of the "From:" e-mail address begins with an
underscore. Is this a tip off of how this pain-in-the-butt annoyance is
frequently spread???
It's a common factor - but one you can't rely on because underscores are
valid (even if not particularly common) in email addresses. It's just as
easy to block the messages based on attachment. See the list archives -
it's been covered in some depth already.
If I setup a quick recipe to nuke anything From:.*/_.* will this also
thrash any legitimate "firstname_lastname(_at_)somedomain(_dot_)com" e-mails which
use an underscore between the names (as compared to starting with an
underscore)???
Uhm, you have what appears to be a typo or something in your regexp. What
it the '/' for ? Otherwise, yes, such an expression (with that slash
removed) would end up matching anything with an underscore in it. In fact,
it wouldn't even need to be in the address - it could be a comment. The
trailing .* is unnecessary as well.
Rather than asking a question such as this, why not set up a sandbox and
test it yourself? See my .sig for some pointers.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail