On Mon, 13 Jan 2003 01:44:19 +0200, "Nikos K. Kantarakias" wrote:
=> * name[ ]*=.*\.(bat|pif|vb[as]|scr|lnk|com|exe|{[-0-9a-f]+})"?[ ]*$
Apologies for what may be a stupid question, but I'm a
bit confused as to why you'd be trapping for an "extention" that
is apparently a hexadecimal number. Can you say more about that?
I may be overly paranoid; I use the following string of
potentially "active" extensions to block:
(bat|chm|com|cpl|dll|exe|hlp|hta|jse?|key|lnk|ocx|pif|reg|scr|sh[bs]|vb[se]
?|ws[fhe])
but haven't included your hex test. Being paranoid, I guess I'd
like know if I should.
Sorry I didn't answer earlier.. Busy and long day.. :-(
As Sean already said {[-0-9a-f]+} is to catch those nasty CLSID extensions
in M$ Windows.. If you have a window box you'll be amazed how nasty a clsid
could be..
CLSID are in the form of {D3E34B21-9D75-101A-8C3D-00AA001A1652}
and each value can be a-f or 0-9.
Take any file lets say test.txt and rename it. Hit F2 and make it
test.txt.{D3E34B21-9D75-101A-8C3D-00AA001A1652}
(there's a dot between txt and { ) press enter.. xo xo xo.. clsid is gone
and the name is test.txt. Now double click it.. MS-Paint opens.. Nice huh..?
that's because the above clsid is for the extension .bmp
One other question: in developing my more complex [using
several variables] virus program test, I ran across problems with
the double quote and I note that you use it "naked" above. I got
into the habit of using ["] in cases like this just to be sure I
didn't have that problem in future.
Xmm.. for me it works naked.. ;-)
I think the only case you have to use in another way is when you don't want
it [^"] or when your condition has a $ at start so you have to backslash it
\"
Thanks,
- Don
Pleasure
Nikos
-----------------------------------------------------
signature text:
Nikos K. Kantarakias
URLs: http://www.nikant.tk/
http://www.skiathos.tk/
http://agriroot.aua.gr/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail