At 21:23 2002-04-30 -0500, Scott did say:
Can someone spot why this:
YOU could, if you set VERBOSE=ON and passed the message at the rule.
<snip>
--J905Gq8mvU59D0418M6
Content-Type: application/octet-stream;
name=demo.exe
Presumably, this is in the BODY. You haven't provided the HEADER
Content-Type, so perhaps your whole recipe is skipping the message, because
it's first condition is to check the HEADER Content-Type:...
I also see NO Content-Disposition: header which your recipe looks for (the
VERBOSE would tell you this).
I think you should check out the Procmail Sanitizer script. See the list
archives for references. Why reinvent the wheel?
SHELL=/bin/sh
Unless you have a specific reason to need to set this, don't. If you MUST,
consider setting it back at the top of your .procmailrc.
:0 fhbw
|/bin/sed \
- -e 's/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.warn"/' \
[snip]
<shudder>
I would hope your path setting would include /bin/ - if you don't have an
express need to specify the path to sed, don't.
(whatever conditions)
{
:0f
| sed -e
's/\(name[ ]*=[
]*\("\|\).*\.\(vbs\|wsf\|shs\|exe\|chm\|vbe\|hta\|bat\|com\|pif\)\)\("\|\)/\1.warn\4/gi'
:0fh
| formail -i "Subject: DANGER Virus may be attached, name changed"
BTW there are others extensions - I added .pif which came to mind as a very
common one. Did I mention that by using 'i' in your sed regexp, you don't
have to deal with case sensitivity, and using 'g' means ALL matching
filename expressions get dealt with, in the event that there is more than
ONE such attachment? The bracketed [] bits have space and tab in them - thus:
name="whatever
and
name = "whatever
and various other permutations are handled.
This is an incomplete solution, but it greatly simplifies and expands what
you presented.
The " is made optional, thus the one expression will catch both quoted and
unquoted filenames.
Use formail for the subject change - as invoked, it'll preseve the original
subject as Old-Subject:, and also only changes it in the header, not copies
which may be in the body (such as a forwarded message, etc). I'd be prone
to prefixing some text into the message or tacking something onto the
subject, not blitzing it all, but whatever chills your juice...
Are the two conditions under :0 HB AND'ed or OR'ed? (e.g. Content and name)
AND. Refer to 'man procmailrc'
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail