Hi,sir:
I use the mailstat /var/log/procmail.log |mail .....
I always got a lot following messages , why? Thanks..
-----------------------------------------------------
Total Number Folder
----- ------ ------
0 3 ## $XCS = \"X-Content-Security: [\" . $ENV{\"HOST\"} .
\"]\" unless $XCS;\\t#\\
0 3 ## $pastmsghdr = 1 if /^\\s*$/;\\t#\\
0 3 ## if ($mimebdry || ($gotbdry && $nullbdry) ||
$inmimehdr) {\\t#\\
0 3 ## if ($pastmsghdr) {\\t#\\
0 3 ## } else {\\t#\\
0 6 ## }\\t#\\
0 3 ## \' 2>> $LOGFILE\"
0 1 ## Defanging active HTML content in \"Your Computer\'s Data Is
At Risk\" from \"Security Check\" to
msgid=<200210101608(_dot_)AAA19240(_at_)host1(_dot_)tyes(_dot_)tyc(_dot_)edu(_dot_)tw>
0 1 ## Sanitizing MIME attachment headers in
\"=?big5?B?rV67ecJJwFy3ZqiuoUKzfbXzsf67+aWyvse3fLjc?=\" from
\"=?big5?B?UENob21lIGVQYXBlcrd8rfuz+A==?=\" to
msgid=<20021010162817(_dot_)A4CD91C833603(_at_)msh(_dot_)epaper(_dot_)com(_dot_)tw>
0 1 ## Sanitizing MIME attachment headers in \"Your Computer\'s
Data Is At Risk\" from \"Security Check\" to
msgid=<200210101608(_dot_)AAA19240(_at_)host1(_dot_)tyes(_dot_)tyc(_dot_)edu(_dot_)tw>
0 1 ## Sanitizing MIME attachment headers in \"[PHP] Problems
pulling up a certain url with curl\" from \"Brandon Orther\" to
msgid=<010701c27078$051ae3f0$5d52a040(_at_)wiaka>
0 3 ## \\t $dfrhdr .= \"$hdrtxt\\n\"; $hdrtxt = \"\";\\t#\\
0 3 ## \\t $mimebdry = quotemeta($mimebdry);\\t#\\
0 3 ## \\t unless ($mtype =~
/^(multipart|text|message)\\//i) {\\t#\\
0 3 ## \\t while (($hdr,$filen) = $hdrtxt =~
/^(Content-Description)\\s*:\\s*text\\s+from\\s+file\\s+\\047([^\\047]+)\\047/i)
{\\t#\\
0 3 ## \\t }\\t#\\
0 3 ## \\t # Run virus-checker here.\\t#\\
0 3 ## \\t $_ = \"\";\\t#\\
0 3 ## \\t $bdrytoolong = pop @bdrstoolong;\\t#\\
0 3 ## \\t $gotbdry = pop @gotbdrs;\\t#\\
0 3 ## \\t $hdrcnt = 0;\\t#\\
0 3 ## \\t $hdrcnt++;\\t#\\
0 6 ## \\t $hdrtxt = \"\";\\t#\\
0 3 ## \\t $hdrtxt = $_;\\t#\\
0 3 ## \\t $hdrtxt =~ s/([^\\\\])\\\\\"/\\1\\\\\xFF/g;\\t#\\
0 3 ## \\t $hdrtxt =~ s/\\\\\xFF/\\\\\"/g;\\t#\\
0 3 ## \\t $mimebdry = pop @mimebdrs;\\t#\\
0 6 ## \\t $mimebdry = quotemeta($mimebdry);\\t#\\
0 3 ## \\t $msapp = $score = 0;\\t#\\
0 3 ## \\t $newbdry =
\"==NULL_MIME_BOUNDARY_ATTACK_SANITIZED-${$}==\";\\t#\\
0 3 ## \\t $newbdry = pop @newbdrs;\\t#\\
0 3 ## \\t $newbdry = substr($mimebdry,0,64);\\t#\\
0 3 ## \\t $nullbdry = pop @nullbdrs;\\t#\\
0 3 ## \\t $rawbdry = pop @rawbdrs;\\t#\\
0 3 ## \\t $rawbdry =~ s/${mimebdry}/${newbdry}/;\\t#\\
0 3 ## \\t $why = \"\";\\t#\\
0 3 ## \\t @scores = ();\\t#\\
0 3 ## \\t close(ATTCH);\\t#\\
0 3 ## \\t close(DECODE);\\t#\\
0 3 ## \\t do {\\t#\\
0 3 ## \\t if (!$inmimehdr) {\\t#\\
0 3 ## \\t if ($ENV{\"SECURITY_STRIP_MSTNEF\"} && $hdrtxt =~
/^Content-Type:\\s+application\\/MS-TNEF/i) {\\t#\\
0 3 ## \\t if ($hdrtxt =~ /^Content-Transfer-Encoding\\s*:/i)
{\\t#\\
0 3 ## \\t if ($hdrtxt =~
/^Content-Type:\\s+message\\/rfc822/i) {\\t#\\
0 3 ## \\t if ($hdrtxt =~
/^[-\\w]+\\s*:.*name\\s*=\\s*\"[^\"]+$/i) {\\t#\\
0 3 ## \\t if ($hdrtxt =~ /`\\s*`/) {\\t#\\
0 3 ## \\t if ($lastline =~ /^--${mimebdry}(--)?$/) {\\t#\\
0 3 ## \\t if ($mangle_mime_type && $hdrtxt =~
/\\sx-mac-\\S+/i) {\\t#\\
0 3 ## \\t if ($mangle_mime_type && $hdrtxt =~
/^Content-Type:\\s/i) {\\t#\\
0 3 ## \\t if ($msapp) {\\t#\\
0 3 ## \\t if (($bndry) = $hdrtxt =~
/^Content-Type:\\s+multipart\\/.*\\s+boundary\\s*=\\s*\"?([^\"]+)\"?/i) {\\t#\\
0 3 ## \\t if (($filen) = $hdrtxt =~
/^Content-[-\\w]+\\s*:.*name\\s*=\\s*\"([^\"]+\\.(do[ct]|xl[swt]|p[po]t|rtf|pps)(\\?=)?)\"/i)
{\\t#\\
0 3 ## \\t if (($junk) = $hdrtxt =~
/^Content-Type\\s*:\\s+(.{128}).{100,}$/i) {\\t#\\
0 3 ## \\t if (($mtype) = $hdrtxt =~
/^Content-Type:\\s+([a-z0-9-_]+\\/[a-z0-9-_]+)/i) {\\t#\\
0 3 ## \\t open(ATTCH,\"< $destf\");\\t#\\
0 3 ## \\t print \"$hdrtxt\\n\" if $hdrtxt;\\t#\\
0 3 ## \\t print $lastline;\\t#\\
0 3 ## \\t s/${mimebdry}/${newbdry}/;\\t#\\
0 3 ## \\t s/\\s*\\n$//;\\t#\\
0 3 ## \\t s/boundary\\s*=\\s*\"\"/boundary =
\"${newbdry}\"/i;\\t#\\
0 3 ## \\t unless ($ENV{\"SECURITY_DISABLE_OUTLOOK_HACKS\"})
{\\t#\\
0 3 ## \\t unlink($destf);\\t#\\
0 3 ## \\t warn \" Replacing null MIME body-part boundary
string.\\n\";\\t#\\
0 3 ## \\t warn \" Truncating long MIME body-part boundary
string.\\n\";\\t#\\
0 3 ## \\t warn \"*** Decoding: $! - mimencode?\\n\";\\t#\\
0 3 ## \\t while (($filen) = $hdrtxt =~
/^Content-[-\\w]+\\s*:.*name\\s*=\\s*\"(=\\?[^\"]+\\?Q\\?[^\"]+=(2e|3[0-9]|[46][1-9a-f]|[57][0-9a])[^\"]+\\?=)\"/i)
{\\t#\\
0 3 ## \\t while (($filen) = $hdrtxt =~
/^Content-[-\\w]+\\s*:.*name\\s*=\\s*\"([^\"]+)[\\.\\s]+\"/i) {\\t#\\
0 3 ## \\t while (($filen) = $hdrtxt =~
/^Content-[-\\w]+\\s*:.*name\\s*=\\s*\"([^\"]+\\.($ENV{\"MANGLE_EXTENSIONS\"})(\\?=)?)\"/io)
{\\t#\\
0 3 ## \\t while (($filen) = $hdrtxt =~
/^Content-[-\\w]+\\s*:.*name\\s*=\\s*\"([^\"]{120})[^\"]{16,}\"/i) {\\t#\\
0 3 ## \\t while (($hdr, $val) = $hdrtxt =~
/^([-\\w]+)\\s*:.*\\s(\\S+)\\s*=\\s*\"\"/i) {\\t#\\
0 3 ## \\t while (($junk,$filen) = $hdrtxt =~
/^Content-[-\\w]+\\s*:[^\"]*(\"[^\"]*\"[^\"]+)*name\\s*=\\s*([^\"\\s][^;]+)/i)
{\\t#\\
0 3 ## \\t while () {\\t#\\
0 3 ## \\t } else {\\t#\\
0 3 ## \\t } elsif (($junk) = $hdrtxt =~
/^Content-Description\\s*:\\s+(.{128}).{100,}$/i) {\\t#\\
0 3 ## \\t } elsif (($junk) = $hdrtxt =~
/^Content-[-\\w]+\\s*:\\s+(.{128}).{100,}$/i) {\\t#\\
0 3 ## \\t } until (/^\\s*$/ || /^--/);\\t#\\
0 66 ## \\t }\\t#\\
0 3 ## \\t $_ = \"\";\\t#\\
0 3 ## \\t $bdrytoolong = $nullbdry = 0;\\t#\\
0 3 ## \\t $gotbdry = 1;\\t#\\
0 3 ## \\t $hdrtxt .= $_;\\t#\\
0 6 ## \\t $inmimehdr = 1;\\t#\\
0 3 ## \\t $mimebdry = $newbdry = \"\";\\t#\\
0 3 ## \\t $mimebdry =~ s/(^\"|\"$)//g;\\t#\\
0 3 ## \\t $rawbdry = $mimebdry;\\t#\\
0 3 ## \\t $rcrsmsg = $inmimehdr = 1;\\t#\\
0 3 ## \\t $rcrsmsg = $pastmsghdr = $bdrytoolong = $gotbdry =
0;\\t#\\
0 3 ## \\t $rcrsmsg = $strip_attachment = $check_attachment =
0;\\t#\\
0 3 ## \\t $wanthdr = 0;\\t#\\
0 3 ## \\t chomp($destf);\\t#\\
0 3 ## \\t if ($bdrytoolong = (length($mimebdry) > 80)) {\\t#\\
0 3 ## \\t if ($hdrtxt) {\\t#\\
0 3 ## \\t if ($mimebdrs[0]) {\\t#\\
0 3 ## \\t if (/^\\S/) {\\t#\\
0 3 ## \\t if (open(DECODE,\"|mimencode -u -o $destf\")) {\\t#\\
0 3 ## \\t push @bdrstoolong, $bdrytoolong;\\t#\\
0 3 ## \\t push @gotbdrs, $gotbdry;\\t#\\
0 3 ## \\t push @mimebdrs, $mimebdry;\\t#\\
0 3 ## \\t push @newbdrs, $newbdry;\\t#\\
0 3 ## \\t push @nullbdrs, $nullbdry;\\t#\\
0 3 ## \\t push @rawbdrs, $rawbdry;\\t#\\
0 3 ## \\t s/\\s*\\n$//;\\t#\\
0 3 ## \\t s/^\\s*/ /;\\t#\\
0 3 ## \\t s/^\\s*// if $hdrtxt =~ /\"[^\"]*[^;]$/;\\t#\\
0 3 ## \\t warn \"*** Cannot extract - mktemp?\\n\";\\t#\\
0 9 ## \\t } else {\\t#\\
0 3 ## \\t } elsif ($nullbdry = (length($mimebdry) < 1)) {\\t#\\
0 15 ## \\t }\\t#\\
0 3 ## \\t $_ = \"\";\\t#\\
0 3 ## \\t $bdrytoolong = pop @bdrstoolong;\\t#\\
0 3 ## \\t $check_attachment = 0;\\t#\\
0 3 ## \\t $gotbdry = pop @gotbdrs;\\t#\\
0 3 ## \\t $inmimehdr = 0;\\t#\\
0 3 ## \\t $mend = $1;\\t#\\
0 3 ## \\t $mimebdry = pop @mimebdrs;\\t#\\
0 3 ## \\t $newbdry = pop @newbdrs;\\t#\\
0 3 ## \\t $nullbdry = pop @nullbdrs;\\t#\\
0 3 ## \\t $rawbdry = pop @rawbdrs;\\t#\\
0 3 ## \\t $wanthdr = 0;\\t#\\
0 3 ## \\t $wanthdr = 1;\\t#\\
0 3 ## \\t if ($destf = `mktemp /tmp/mailchk.XXXXXX`) {\\t#\\
0 3 ## \\t if ($mend) {\\t#\\
0 3 ## \\t if ($rcrsmsg) {\\t#\\
0 3 ## \\t if ($type =~ /application/i) {\\t#\\
0 3 ## \\t if (($mimebdry) =
/boundary\\s*=\\s*((\"\")|(\"[^\"]+\")|([^\"]\\S+))/i) {\\t#\\
0 3 ## \\t if (/^(\\s+\\S|(file)?name)/) {\\t#\\
0 3 ## \\t print \"X-Security: MIME headers sanitized on \",
$ENV{\"HOST\"}, \"\\n\";\\t#\\
0 3 ## \\t print \"X-Security: The postmaster has not enabled
quarantine of poisoned messages.\\n\" unless
$ENV{\"SECURITY_QUARANTINE\"};\\t#\\
0 3 ## \\t print \"\\tSee
http://www.impsec.org/email-tools/sanitizer-intro.html\\n\";\\t#\\
0 3 ## \\t print \"\\tfor details. \\$Revision: 1.134 $x\\$Date:
2002-04-21 16:30:40-07 $x\\n\";\\t#\\
0 3 ## \\t s/${mimebdry}/${newbdry}/ if $bdrytoolong;\\t#\\
0 3 ## \\t s/^--/--${newbdry}${mend}/ if $nullbdry;\\t#\\
0 3 ## \\t warn \" Found no MIME boundary.\\n\" if
$ENV{\"DEBUG\"};\\t#\\
0 9 ## \\t } else {\\t#\\
0 3 ## \\t } elsif ($type =~ /message/i && $format =~ /rfc822/i)
{\\t#\\
0 18 ## \\t }\\t#\\
0 3 ## \\t$_ = \"\" if $strip_attachment && !$gotbdry;\\t#\\
0 3 ## \\t\\t $dfrhdr =~
s/${oct}/application\\/octet-stream;/i;\\t#\\
0 3 ## \\t\\t $oct = quotemeta($oct);\\t#\\
0 6 ## \\t\\t $psn_spec .= \"(\\\\?=)?\\$\" unless $psn_spec
=~ /\\$/;\\t#\\
0 6 ## \\t\\t $psn_spec =~ s/([^\\(])\\?/$1./g;\\t#\\
0 6 ## \\t\\t $psn_spec =~ s/([^\\\\])\\./$1\\\\./g;\\t#\\
0 6 ## \\t\\t $psn_spec =~ s/\\*/.*/g;\\t#\\
0 6 ## \\t\\t $psn_spec =~ s/\\s.*$//g;\\t#\\
0 6 ## \\t\\t $psn_spec =~ s/^\\s+//g;\\t#\\
0 6 ## \\t\\t $stp_spec .= \"(\\\\?=)?\\$\" unless $stp_spec
=~ /\\$/;\\t#\\
0 6 ## \\t\\t $stp_spec =~ s/([^\\(])\\?/$1./g;\\t#\\
0 6 ## \\t\\t $stp_spec =~ s/([^\\\\])\\./$1\\\\./g;\\t#\\
0 6 ## \\t\\t $stp_spec =~ s/\\*/.*/g;\\t#\\
0 6 ## \\t\\t $stp_spec =~ s/\\s.*$//g;\\t#\\
0 6 ## \\t\\t $stp_spec =~ s/^\\s+//g;\\t#\\
0 6 ## \\t\\t if ($filen =~ /^${psn_spec}/i) {\\t#\\
0 6 ## \\t\\t if ($filen =~ /^${stp_spec}/i) {\\t#\\
0 6 ## \\t\\t next unless $psn_spec;\\t#\\
0 6 ## \\t\\t next unless $stp_spec;\\t#\\
0 3 ## \\t\\t print \"$XCS original Content-Type was
$oct\\n\";\\t#\\
0 6 ## \\t\\t warn \"Checking against \\\"$psn_spec\\\"\\n\"
if $ENV{\"DEBUG\"};\\t#\\
0 6 ## \\t\\t warn \"Checking against \\\"$stp_spec\\\"\\n\"
if $ENV{\"DEBUG\"};\\t#\\
0 12 ## \\t\\t }\\t#\\
0 3 ## \\t\\t $dfrhdr .= \"$hdrtxt\\n\"; $hdrtxt = \"\";\\t#\\
0 3 ## \\t\\t $newfilen =~
s/\\.([a-z0-9]+)\"([a-z0-9\"]+)$/.$1$2/i;\\t#\\
0 3 ## \\t\\t ($oct) = $dfrhdr =~
/^Content-Type:[^\\n]*\\s(\\S+\\/\\S+;?)/i;\\t#\\
0 3 ## \\t\\t close HIST;\\t#\\
0 6 ## \\t\\t close(POISONED);\\t#\\
0 6 ## \\t\\t close(STRIPPED);\\t#\\
0 3 ## \\t\\t print HIST \"score=$score to=\".$ENV{\"TO\"}.\"
from=\".$ENV{\"FROM\"}.\"\\n\";\\t#\\
0 3 ## \\t\\t unless ($oct =~ /application\\/octet-stream;/i)
{\\t#\\
0 3 ## \\t\\t warn \" Mangling MIME type
\\\"$oct\\\".\\n\";\\t#\\
0 6 ## \\t\\t warn \" Unable to open poisoned-executables file
\\\"$specf\\\".\\n\";\\t#\\
0 6 ## \\t\\t warn \" Unable to open stripped-executables file
\\\"$specf\\\".\\n\";\\t#\\
0 3 ## \\t\\t warn \"Checking \\\"$filen\\\" for
poisoning.\\n\";\\t#\\
0 3 ## \\t\\t warn \"Checking \\\"$filen\\\" for
stripping.\\n\";\\t#\\
0 3 ## \\t\\t warn \"Checking document \\\"$filen\\\" for
poisoning.\\n\";\\t#\\
0 3 ## \\t\\t warn \"Checking document \\\"$filen\\\" for
stripping.\\n\";\\t#\\
0 6 ## \\t\\t while (chomp($psn_spec = )) {\\t#\\
0 6 ## \\t\\t while (chomp($stp_spec = )) {\\t#\\
0 15 ## \\t\\t }\\t#\\
0 3 ## \\t\\t $char = chr(hex(\"0x$1\"));\\t#\\
0 3 ## \\t\\t $eh = quotemeta($eh);\\t#\\
0 3 ## \\t\\t $eudora .= $eh;\\t#\\
0 3 ## \\t\\t $hdrtxt =~ s/${eh}//i;\\t#\\
0 3 ## \\t\\t $hdrtxt =~
s/${oct}/application\\/octet-stream;/i;\\t#\\
0 3 ## \\t\\t $hdrtxt =~ s/\\s+\\047${filen}\\047/,
filename=\"${newfilen}\"/ig;\\t#\\
0 3 ## \\t\\t $hdrtxt =~
s/name\\s*=\\s*\"?${filen}\"?/name=\"$newfilen\"/ig;\\t#\\
0 3 ## \\t\\t $mangle_mime_type = 1;\\t#\\
0 3 ## \\t\\t $mimebdry = $newbdry = \"\";\\t#\\
0 6 ## \\t\\t $newfilen = $filen; $filen =
quotemeta($filen);\\t#\\
0 3 ## \\t\\t $newfilen =~ s/=$1/$char/gi;\\t#\\
0 3 ## \\t\\t $newfilen =~ s/\\([^)]*\\)//g;\\t#\\
0 3 ## \\t\\t $newfilen =~
s/\\.([-a-z0-9{}]+(\\?=)?)$/.${$}DEFANGED-$1/i;\\t#\\
0 3 ## \\t\\t $oct = quotemeta($oct);\\t#\\
0 3 ## \\t\\t $rcrsmsg = $pastmsghdr = $bdrytoolong = $gotbdry =
0;\\t#\\
0 3 ## \\t\\t $rcrsmsg = 1;\\t#\\
0 3 ## \\t\\t $score += $_;\\t#\\
0 3 ## \\t\\t if ($ENV{\"SCORE_DETAILS\"}) {\\t#\\
0 3 ## \\t\\t if ($mangle_mime_type && $dfrhdr =~
/^Content-Type:\\s/i) {\\t#\\
0 3 ## \\t\\t if (open(HIST,\">>$histfile\")) {\\t#\\
0 6 ## \\t\\t if (open(POISONED,$specf)) {\\t#\\
0 6 ## \\t\\t if (open(STRIPPED,$specf)) {\\t#\\
0 3 ## \\t\\t print \"$XCS NOTIFY\\n\" if
$ENV{\"SECURITY_NOTIFY\"} || $ENV{\"SECURITY_NOTIFY_VERBOSE\"};\\t#\\
0 3 ## \\t\\t print \"$XCS QUARANTINE\\n\" if
$ENV{\"SECURITY_QUARANTINE\"};\\t#\\
0 3 ## \\t\\t print \"$XCS REPORT: Trapped poisoned Microsoft
attachment\\n\" if $ENV{\"SECURITY_NOTIFY\"} ||
$ENV{\"SECURITY_NOTIFY_VERBOSE\"};\\t#\\
0 3 ## \\t\\t print \"$XCS original Content-Type was
$oct\\n\";\\t#\\
0 3 ## \\t\\t print \"Contact your system administrator
immediately!\\n\\n\";\\t#\\
0 3 ## \\t\\t print \"Content-Description: SECURITY
WARNING\\n\\n\";\\t#\\
0 3 ## \\t\\t print \"Content-Type: TEXT/PLAIN;\\n\";\\t#\\
0 3 ## \\t\\t print \"Macro Scanner score: $score\\n\";\\t#\\
0 3 ## \\t\\t print \"SECURITY WARNING!\\n\";\\t#\\
0 3 ## \\t\\t print \"The mail delivery system has detected that
the preceding\\n\";\\t#\\
0 3 ## \\t\\t print \"\\n\\n--$rawbdry\\n\";\\t#\\
0 3 ## \\t\\t print \"document attachment appears to contain
hazardous macro code.\\n\";\\t#\\
0 3 ## \\t\\t print $dfrhdr; $dfrhdr = \"\";\\t#\\
0 3 ## \\t\\t push @bdrstoolong, $bdrytoolong;\\t#\\
0 3 ## \\t\\t push @gotbdrs, $gotbdry;\\t#\\
0 3 ## \\t\\t push @mimebdrs, $mimebdry;\\t#\\
0 3 ## \\t\\t push @newbdrs, $newbdry;\\t#\\
0 3 ## \\t\\t push @nullbdrs, $nullbdry;\\t#\\
0 3 ## \\t\\t push @rawbdrs, $rawbdry;\\t#\\
0 3 ## \\t\\t unless ($hdrtxt =~ /name\\s*=\\s*\"/i) {\\t#\\
0 3 ## \\t\\t warn \" Defanging quotes-in-extension
attack.\\n\";\\t#\\
0 3 ## \\t\\t warn \" Fixing file name \\\"$filen\\\" in
${hdr}:\\n\";\\t#\\
0 3 ## \\t\\t warn \" Mangling executable filename
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\t warn \" POSSIBLE MACRO EXPLOIT:
Score=$score\\n\";\\t#\\
0 3 ## \\t\\t warn \" Removing embedded RFC822
comments.\\n\";\\t#\\
0 3 ## \\t\\t while ($newfilen =~ /\\.[a-z0-9]+\"[a-z0-9\"]+$/i)
{\\t#\\
0 12 ## \\t\\t } else {\\t#\\
0 27 ## \\t\\t }\\t#\\
0 3 ## \\t\\t$_ = $dfrhdr = $hdrtxt = \"\";\\t#\\
0 3 ## \\t\\t$_ = <>;\\t#\\
0 3 ## \\t\\t$check_attachment = 0;\\t#\\
0 3 ## \\t\\t$check_attachment = 1 unless
$ENV{\"DISABLE_MACRO_CHECK\"};\\t#\\
0 3 ## \\t\\t$eudora = \"\";\\t#\\
0 3 ## \\t\\t$filen .= \"...\";\\t#\\
0 3 ## \\t\\t$filen .= \"?=\" if $filen =~ /^=\\?/;\\t#\\
0 3 ## \\t\\t$filen =~ s/\\s+$//;\\t#\\
0 3 ## \\t\\t$hdrtxt .= \"\\\"\";\\t#\\
0 3 ## \\t\\t$hdrtxt = \"Content-Description: $junk...\";\\t#\\
0 3 ## \\t\\t$hdrtxt = \"Content-Type: X-BOGUS\\/X-BOGUS;
originally=\\\"$junk...\\\"\";\\t#\\
0 3 ## \\t\\t$hdrtxt =~ s/\\s$sval\\s*=\\s*\"\"/ X-$val=\"{null
value sanitized}\"/;\\t#\\
0 3 ## \\t\\t$hdrtxt =~ s/^Content-([-\\w]+)\\s*:.*$/X-Overflow:
Content-$1; originally=\"$junk...\"/i;\\t#\\
0 3 ## \\t\\t$hdrtxt =~ s/`\\s*`/\\\\\"/g;\\t#\\
0 3 ## \\t\\t$hdrtxt =~
s/name\\s*=\\s*\"${filen}\"/name=\"$newfilen\"/ig;\\t#\\
0 3 ## \\t\\t$hdrtxt =~
s/name\\s*=\\s*\"${filen}[\\.\\s]+\"/name=\"$newfilen\"/ig;\\t#\\
0 3 ## \\t\\t$hdrtxt =~
s/name\\s*=\\s*\"[^\"]{128,}\"/name=\"$filen\"/i;\\t#\\
0 3 ## \\t\\t$hdrtxt =~
s/name\\s*=\\s*${filen}/name=\"$newfilen\"/ig;\\t#\\
0 3 ## \\t\\t$inmimehdr = 0;\\t#\\
0 3 ## \\t\\t$inmimehdr = 1;\\t#\\
0 6 ## \\t\\t$junk =~ s/\"/\\\\\"/g;\\t#\\
0 3 ## \\t\\t$lastline = $_;\\t#\\
0 3 ## \\t\\t$lastline =~ s/${mimebdry}/${newbdry}/ if
$bdrytoolong;\\t#\\
0 3 ## \\t\\t$mangle_mime_type = 1;\\t#\\
0 3 ## \\t\\t$mimebdry = $newbdry = $bndry;\\t#\\
0 3 ## \\t\\t$msapp+= 1 if /\\000(Microsoft (Word Document|Excel
Worksheet|Excel|PowerPoint)|MSWordDoc|Word\\.Document\\.[0-9]+|Excel\\.Sheet\\.[0-9]+)\\000/;\\t#\\
0 9 ## \\t\\t$newfilen = $filen; $filen = quotemeta($filen);\\t#\\
0 3 ## \\t\\t$newfilen =~ s/\\\"/\\\\\"/g;\\t#\\
0 3 ## \\t\\t$poison_score = $ENV{\"POISONED_SCORE\"};\\t#\\
0 3 ## \\t\\t$poison_score = 5 if $poison_score < 5;\\t#\\
0 3 ## \\t\\t$poisoned = $mangle_mime_type = 0;\\t#\\
0 3 ## \\t\\t$rcrsmsg = $bdrytoolong = $gotbdry = 0;\\t#\\
0 3 ## \\t\\t$score = 0;\\t#\\
0 3 ## \\t\\t$strip_attachment = 1;\\t#\\
0 6 ## \\t\\t$stripped = 0;\\t#\\
0 3 ## \\t\\t$sval = quotemeta($val);\\t#\\
0 3 ## \\t\\t($oct) = $hdrtxt =~
/^Content-Type:.*\\s(\\S+\\/\\S+;?)/i;\\t#\\
0 3 ## \\t\\t\\t $why =~ s/[\\000-\\011\\013-\\037]//g;\\t#\\
0 3 ## \\t\\t\\t print \"Macro Scanner score details:\\n\";\\t#\\
0 3 ## \\t\\t\\t print $why;\\t#\\
0 6 ## \\t\\t\\t$_ = $dfrhdr = $hdrtxt = \"\";\\t#\\
0 6 ## \\t\\t\\t$inmimehdr = 0;\\t#\\
0 6 ## \\t\\t\\t$poisoned = 1;\\t#\\
0 12 ## \\t\\t\\t$score+= 1;\\t#\\
0 15 ## \\t\\t\\t$score+= 2;\\t#\\
0 12 ## \\t\\t\\t$score+= 4;\\t#\\
0 6 ## \\t\\t\\t$score+= 99;\\t#\\
0 21 ## \\t\\t\\t$score+= 9;\\t#\\
0 3 ## \\t\\t\\t$scores[0] = 4;\\t#\\
0 6 ## \\t\\t\\t$strip_attachment = 1;\\t#\\
0 6 ## \\t\\t\\t$stripped = 1;\\t#\\
0 3 ## \\t\\t\\t$why .= \" 1 for $&\\n\";\\t#\\
0 9 ## \\t\\t\\t$why .= \" 1 for $1\\n\";\\t#\\
0 6 ## \\t\\t\\t$why .= \" 2 for $&\\n\";\\t#\\
0 9 ## \\t\\t\\t$why .= \" 2 for $1\\n\";\\t#\\
0 3 ## \\t\\t\\t$why .= \" 4 for $&\\n\" unless
$scores[0];\\t#\\
0 6 ## \\t\\t\\t$why .= \" 4 for $&\\n\";\\t#\\
0 6 ## \\t\\t\\t$why .= \" 4 for $1\\n\";\\t#\\
0 21 ## \\t\\t\\t$why .= \" 9 for $1\\n\";\\t#\\
0 6 ## \\t\\t\\t$why .= \" 99 for $1\\n\";\\t#\\
0 12 ## \\t\\t\\tlast;\\t#\\
0 6 ## \\t\\t\\tprint \"$XCS NOTIFY\\n\" if
$ENV{\"SECURITY_NOTIFY\"} || $ENV{\"SECURITY_NOTIFY_VERBOSE\"};\\t#\\
0 6 ## \\t\\t\\tprint \"$XCS QUARANTINE\\n\" if
$ENV{\"SECURITY_QUARANTINE\"};\\t#\\
0 3 ## \\t\\t\\tprint \"$XCS REPORT: Attachment \\\"$filen\\\"
stripped\\n\";\\t#\\
0 3 ## \\t\\t\\tprint \"$XCS REPORT: Microsoft attachment
\\\"$filen\\\" stripped\\n\";\\t#\\
0 3 ## \\t\\t\\tprint \"$XCS REPORT: Trapped poisoned Microsoft
attachment \\\"$filen\\\"\\n\" if $ENV{\"SECURITY_NOTIFY\"} ||
$ENV{\"SECURITY_NOTIFY_VERBOSE\"};\\t#\\
0 3 ## \\t\\t\\tprint \"$XCS REPORT: Trapped poisoned executable
\\\"$filen\\\"\\n\" if $ENV{\"SECURITY_NOTIFY\"} ||
$ENV{\"SECURITY_NOTIFY_VERBOSE\"};\\t#\\
0 6 ## \\t\\t\\tprint \"Content-Description: SECURITY
NOTICE\\n\\n\";\\t#\\
0 6 ## \\t\\t\\tprint \"Content-Description: SECURITY
WARNING\\n\\n\";\\t#\\
0 12 ## \\t\\t\\tprint \"Content-Type: TEXT/PLAIN;\\n\";\\t#\\
0 6 ## \\t\\t\\tprint \"Filename: $filen\\n\\n\";\\t#\\
0 3 ## \\t\\t\\tprint \"Macro Scanner score: 0 (poisoned by name,
scan skipped)\\n\\n\";\\t#\\
0 6 ## \\t\\t\\tprint \"More headers follow:\\n\\n\" unless
$pastmsghdr;\\t#\\
0 6 ## \\t\\t\\tprint $ENV{\"POISONED_WARNING\"};\\t#\\
0 6 ## \\t\\t\\tprint $ENV{\"STRIPPED_WARNING\"};\\t#\\
0 3 ## \\t\\t\\twarn \" Stripped document
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\t\\twarn \" Stripped executable
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\t\\twarn \" Trapped poisoned document
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\t\\twarn \" Trapped poisoned executable
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\tfor (@scores) {\\t#\\
0 3 ## \\t\\tif (!$inmimehdr) {\\t#\\
0 6 ## \\t\\tif (!$poisoned && !$stripped && ($specf =
$ENV{\"POISONED_EXECUTABLES\"})) {\\t#\\
0 6 ## \\t\\tif (!$poisoned && ($specf =
$ENV{\"STRIPPED_EXECUTABLES\"})) {\\t#\\
0 3 ## \\t\\tif ($dfrhdr) {\\t#\\
0 3 ## \\t\\tif ($histfile = $ENV{\"SCORE_HISTORY\"}) {\\t#\\
0 3 ## \\t\\tif ($newfilen =~ /\\([^)]*\\)/) {\\t#\\
0 3 ## \\t\\tif ($newfilen =~ /\\.[a-z0-9]+\"[a-z0-9\"]+$/i)
{\\t#\\
0 3 ## \\t\\tif ($score > $poison_score && !$ENV{\"SCORE_ONLY\"})
{\\t#\\
0 3 ## \\t\\tif (/(\\000|\\001|\\004)(VirusProtection)/i) {\\t#\\
0 3 ## \\t\\tif
(/(\\000|\\004)(ActiveDocument|ThisDocument|ThisWorkbook)/i) {\\t#\\
0 3 ## \\t\\tif
(/(\\000|\\004)(Logon|AddressLists|AddressEntries|Recipients|Attachments|Logoff)/i)
{\\t#\\
0 3 ## \\t\\tif (/(\\000|\\004)(Subject|Body)/i) {\\t#\\
0 3 ## \\t\\tif
(/(\\000|\\004)([a-z0-9_]\\.)*(Autoexec|Workbook_(Open|BeforeClose|Window(De)?activate)|Document_(Open|New|Close))/i)
{\\t#\\
0 3 ## \\t\\tif (/(\\000|\\004)NormalTemplate/i) {\\t#\\
0 3 ## \\t\\tif (/(\\000|\\004)stdole/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(([a-z]+\\.)?Application)\\000/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(AddFromString)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(CodeModule)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(CountOfLines)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(CreateObject)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(ID=\"{[-0-9A-F]+(}\")?)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(Options[^\\w\\s])/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(Outlook\\.Application)\\000/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(PrivateProfileString)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(Save(Normal|Properties)Prompt)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(Shell\\s*\\()/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(StartupPath)/i) {\\t#\\
0 3 ## \\t\\tif (/\\000(ThisWorkbook)\\000/i) {\\t#\\
0 3 ## \\t\\tif
(/\\000(\\[?HKEY_(CLASSES_ROOT|CURRENT_USER|LOCAL_MACHINE))/) {\\t#\\
0 3 ## \\t\\tif (/\\000(regedit)/i) {\\t#\\
0 3 ## \\t\\tif
(/\\000(select\\s[^\\000]*shell\\s*\\(\\s*[\"\\047])/i) {\\t#\\
0 3 ## \\t\\tprint \"$XCS REPORT: Stripped MS-TNEF
attachment\\n\";\\t#\\
0 3 ## \\t\\tprint \"$XCS removed$eudora\\n\";\\t#\\
0 3 ## \\t\\tprint \"Content-Description: SECURITY
NOTICE\\n\\n\";\\t#\\
0 3 ## \\t\\tprint \"Content-Type: TEXT/PLAIN;\\n\";\\t#\\
0 3 ## \\t\\tprint $ENV{\"TNEF_WARNING\"};\\t#\\
0 3 ## \\t\\tprint $_;\\t#\\
0 3 ## \\t\\tprint DECODE $_;\\t#\\
0 3 ## \\t\\tpush @bdrstoolong, $bdrytoolong;\\t#\\
0 3 ## \\t\\tpush @gotbdrs, $gotbdry;\\t#\\
0 3 ## \\t\\tpush @mimebdrs, $mimebdry;\\t#\\
0 3 ## \\t\\tpush @newbdrs, $newbdry;\\t#\\
0 3 ## \\t\\tpush @nullbdrs, $nullbdry;\\t#\\
0 3 ## \\t\\tpush @rawbdrs, $rawbdry;\\t#\\
0 3 ## \\t\\tunless ($oct =~ /application\\/octet-stream;/i)
{\\t#\\
0 3 ## \\t\\tunless ($stripped) {\\t#\\
0 3 ## \\t\\twarn \" Fixing double backquotes.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Fixing encoded plain characters in
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\twarn \" Fixing missing close quote on
filename.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Fixing trailing spaces/periods in
filename.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Fixing unquoted filename
\\\"$filen\\\".\\n\";\\t#\\
0 3 ## \\t\\twarn \" Mangling MIME type \\\"$oct\\\".\\n\";\\t#\\
0 3 ## \\t\\twarn \" Null $val in $hdr header.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Truncating long Content-Description
header.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Truncating long Content-Type
header.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Truncating long MIME header.\\n\";\\t#\\
0 3 ## \\t\\twarn \" Truncating long filename
\\\"$filen...\\\".\\n\";\\t#\\
0 3 ## \\t\\twhile ($newfilen =~
/=(2e|3[0-9]|[46][1-9a-f]|[57][0-9a])/i) {\\t#\\
0 3 ## \\t\\twhile (($eh) = $hdrtxt =~
/(\\sx-mac-\\S+\\s*=\\s*\\S+;?)/i) {\\t#\\
0 3 ## \\t\\t} else {\\t#\\
0 117 ## \\t\\t}\\t#\\
0 3 ## \\tif (!$mimebdry && $mimebdrs[0]) {\\t#\\
0 3 ## \\tif ($inmimehdr || $hdrcnt) {\\t#\\
0 3 ## \\tif ($wanthdr) {\\t#\\
0 3 ## \\tif (($type,$format,$junk) =
/^Content-Type\\s*:\\s.*(application|multipart|message)\\/(\\S+)(;.*)?$/i)
{\\t#\\
0 3 ## \\tif (/^\\s*$/) {\\t#\\
0 3 ## \\t} elsif (!$inmimehdr && $check_attachment) {\\t#\\
0 3 ## \\t} elsif (!$inmimehdr && $strip_attachment) {\\t#\\
0 3 ## \\t} elsif (/^--${mimebdry}(--)?$/) {\\t#\\
0 3 ## \\t} elsif (/^\\S/) {\\t#\\
0 15 ## \\t}\\t#\\
0 1 ## procmail: Error while writing to \" perl -p -e \'\\t#\\
0 51 ## procmail: Extraneous deliver-head flag ignored
0 2 ## procmail: Program failure (2) of \" perl -p -e \'\\t#\\
0 3 ## procmail: Rescue of unfiltered data succeeded
7164 1 /var/mail/a0185050
48741 17 /var/mail/fongming
9205 3 /var/mail/fonn
32161 2 /var/mail/mis
14497 5 /var/mail/my_mysql
17177 6 /var/mail/php_user
56717 1 /var/mail/rabbit
11214 16 /var/mail/sysop
----- ------
196876 1777
\xA1@
------------------------------------------
〇From: \x{2664}\xABH\xACOパ扤\xA4p\xB9q\xA4l\xB6lン1.0扤扤\xB5o\xA5X...
http://www.tyes.tyc.edu.tw
mis(_at_)mail(_dot_)tyes(_dot_)tyc(_dot_)edu(_dot_)tw
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail