At 09:52 2003-07-11 -0500, Eric DuMond wrote:
:0B
* ^Content-Disposition.*filename=".*\.(vbs|js|exe|bat)"
/dev/null
First, filing to /dev/null isn't the best thing in the world - you should
consider preserving the messages so that they can optionally be
reviewed. A crontab-invoked shellscript can deal with automatically
purging the suspect mailbox file on some period.
It works when I send from a web account but when I send using outlook in
HTML format it does not match on the rule and it and writes it to my mail file.
Is there a better way? Any ideas would help.
Start by examining your mailspool file for the message sent by
OutLook. Note that Content-Disposition: does not always appear on the same
line as the filename.
Additionally, you could save yourself some grief if you didn't use MS
OutBreak. Oh, and you could save the readers of this list some grief if
you didn't use it to post here in HTML text, using small fonts.
Try the following (untested):
:0:
* B ?? ^Content-Disposition:.*\>+filename=".*\.(vbs|js|exe|bat)"
malware
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail