Professional Software Engineering wrote:
* ? grep -A1 -i ^Content-Type: | grep -i name | \
egrep -v -i \.\(doc\|xls\)\"?\;?$
That's a good idea. I've been using the following regex
for a while to accomplish pretty much the same thing --
that is, catch fishy attachment names that might be part of
single- or multi-line MIME fields. Any comments or
suggestions about the regex would be appreciated...
* $ content-[^:]+:${WS}*.+(\<)*(file)?name${WS}*=${WS}*\/.+\.${BAD_EXEs}
The key to matching the multi-line cases is the (\<)* which,
the way i figure it, should eat up any contiguous newlines
(potentially followed by more newlines & whitespace), but
should match nothing at all in the single-line cases (since
the .+ would already have eaten everything up to the
(file)?name part.
I tried to make it pretty general to account for worms which might
generate odd or unexpected MIME headers. After about a month of
use, it hasn't let through any bad attachments, and has caught less
than one false positive per day, which is more than acceptable
for me.
Any obvious gotchas i might be missing?
Thanks,
-Matt
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail