RE: puzzled about a regexp

yes understandable.. but generic. I don't know if you had 
reviewed the av whole recipe (from a previous post of mine).


I think I looked briefly.  But I hardly get viruses anymore;
and they're simply not a huge concern of mine.  I have full, updated
protection on my Windows boxen, anyway.  I was catching about a dozen
viruses a month in procmail the third quarter of 2002, then they 
suddenly dried up.  Mostly, I catch them with my other recipe,
which looks for Klez variants.

I am more interested in the virus part of the recipe and that 
is why it is mostly build on their specific behaviour


Why not use anti-virus software to find viruses, if you're
specifically or particularly concerned or vulnerable to
them in your situation?

 NASTYEXT   = (hta|pif|scr|shs|vb[se]|ws[fh]|(doc|txt|xls)\\.)


you're trying to catch double extensions here right? ending


The ones at the end, in the internal quotes, are looking for
that, yeah.  The others are more general.  Notice that exe
isn't even there.  I get some exe's in the mail, and I don't
mind it.  I either know what they are ahead of time, or
I don't open them.  And I don't use preview-mode in Outlook;
and I have a COM add-in that strips MIME/HTML mail down to
plaintext, anyway. (That's very cool.)

regexp that end with quotes or space/tab or end-of-line
It wasn't that nasty before I had to change it because I 
noticed that only some ".com/" strings passed through :-(


I still say you should start with simpler expressions
and then build them into your definition incrementally.

        set1 = 'this|and|that'
        set2 = 'yours|or|mine'
        set3 = 'something|different'
        fullmetaljacket = "($set1|$set2|$set3)"


another thing.. I intend the usage of the av-recipe as an 
external file already called by an includerc. Don't want 
to split it up in more files (yet)


Doesn't have to be.  Just an ENV section higher up will do.

(I stiil feel dumb cause my puzzlement remains on what 
exactly I did wrong)


I'll bet if you compartmentalized the expression that's wrong,
as per above, you'd find out easier than most other ways.

-- 
Dallman Ross

"If you find a path with no obstacles, it probably does not lead to
anywhere."
        Thoughts of Rev. Sunnan Kubose, from _Zen in the Markets_ 


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread]	Current Thread	[Next in Thread>
puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, dman Re: puzzled about a regexp, Nikos K. Kantarakias RE: puzzled about a regexp, Dallman Ross <= Re: puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, Tony L. Svanstrom Re: puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, Tony L. Svanstrom Re: puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, Nikos K. Kantarakias Re: puzzled about a regexp, procmail Re: puzzled about a regexp, Professional Software Engineering Re: puzzled about a regexp, Ruud H.G. van Tol