procmail
[Top] [All Lists]

Re: Help with recipe

2002-04-30 20:51:49
At 21:23 2002-04-30 -0500, Scott did say:

Can someone spot why this:

YOU could, if you set VERBOSE=ON and passed the message at the rule.

<snip>
--J905Gq8mvU59D0418M6
Content-Type: application/octet-stream;
 name=demo.exe

Presumably, this is in the BODY. You haven't provided the HEADER Content-Type, so perhaps your whole recipe is skipping the message, because it's first condition is to check the HEADER Content-Type:...

I also see NO Content-Disposition: header which your recipe looks for (the VERBOSE would tell you this).

I think you should check out the Procmail Sanitizer script. See the list archives for references. Why reinvent the wheel?

               SHELL=/bin/sh

Unless you have a specific reason to need to set this, don't. If you MUST, consider setting it back at the top of your .procmailrc.

                :0 fhbw
                |/bin/sed \
- -e 's/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.warn"/' \

[snip]

<shudder>

I would hope your path setting would include /bin/ - if you don't have an express need to specify the path to sed, don't.

(whatever conditions)
{
        :0f
| sed -e 's/\(name[ ]*=[ ]*\("\|\).*\.\(vbs\|wsf\|shs\|exe\|chm\|vbe\|hta\|bat\|com\|pif\)\)\("\|\)/\1.warn\4/gi'

        :0fh
        | formail -i "Subject: DANGER Virus may be attached, name changed"

BTW there are others extensions - I added .pif which came to mind as a very common one. Did I mention that by using 'i' in your sed regexp, you don't have to deal with case sensitivity, and using 'g' means ALL matching filename expressions get dealt with, in the event that there is more than ONE such attachment? The bracketed [] bits have space and tab in them - thus:

        name="whatever
and
        name = "whatever

and various other permutations are handled.

This is an incomplete solution, but it greatly simplifies and expands what you presented.

The " is made optional, thus the one expression will catch both quoted and unquoted filenames.

Use formail for the subject change - as invoked, it'll preseve the original subject as Old-Subject:, and also only changes it in the header, not copies which may be in the body (such as a forwarded message, etc). I'd be prone to prefixing some text into the message or tacking something onto the subject, not blitzing it all, but whatever chills your juice...

Are the two conditions under :0 HB AND'ed or OR'ed?  (e.g. Content and name)

AND.  Refer to 'man procmailrc'

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail