On Sun, 22 Jun 2003, Dragoncrest wrote:
* B ?? name=.*\.(com|exe|bat|scr|pif|hta|shs|vb[es]|ws[fh])\>
* Subject: *\/.+
Why are you pulling a match? You're not using it...
Ok, got a question for you on this. You do bring up a very good
point on this one
I think you've missed the point, actually. Andrew is asking why \/.+
is present in that last condition. That will assign to $MATCH, and there
is no reason to do so if you aren't going to reference it later.
What I saw recently that got through my virus filter was two files, both
ending in pif but both also had a space after the end of the extention,
so they looked something like this: "file.pif " That caused them to be
missed for some unknown reason. I'm guessing it's because the filter
didn't know to look for it.
Don't guess. Set the LOGFILE and VERBOSE variables and look at the log to
see what's really happening.
Taken together, the two conditions above mean that the message has to have
a matching embedded filename AND a non-empty Subject: header. It could
just as easily be the latter that missed.
Basically the way my system works is it first finds any emails
that are spam and gets rid of those first, the second section (again, the
piece at the top) then looks at the email for attachments and if it finds
any it looks to see if any have an illegal extension on them (like exe,
pif, scr, etc) and filters them out as well.
You'd probably be better off doing those tests in the opposite order.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail