I posted one a few days ago. Here it is again as I'm using it now; so far
it has 100% accuracy on copies we've received at zanshin, and hasn't had
any false positives. I've deliberately removed the delivery part of the
recipe, as it's highly specific to our site.
:0
* ^Content-Type:.*(multipart|attachment)
{
:0B
* > 50000
* ^Content-Type:[ ]*(audio/x-|application)
* 1^0 ()<i?frame[ ]*src=(3d)?cid:
* 1^0 ^--[^ ]+$$Content-
* 1^0 ^--[^ ]+$--[^ ]+$
}
This takes advantage of poor MIME formatting in the Klez messages. The
last scoring condition there could conceivably give a false positive on a
legitmately empty body part, but combined with the (audio/x-|application)
condition the chances of a hit are pretty small.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail