procmail
[Top] [All Lists]

Re: Anti ATTACHMENT code.

2003-08-24 11:08:01

    I want to thank who answered.

    On a heavy server one does want to find something in header
first, so one doesn't scan ALL e-mails.  THEN one wants to scan
the body of known attachments for specific infectable attachments.

    Can someone give me a list of *INFECTABLE* attachments, we don't
want to prevent harmless attachments, just the vector boogers.

    Homer


This one works for me.

:0B
* 
^Content-(Type|Disposition):.*name=.*\.\/(avi|mp3|wav|lnk|bat|pif|exe|com|vbs|shs|hta|scr|chm)
/where/ever
:0B
* ^Content-Type
* *name=".*\/(mp3|wav|lnk|bat|pif|exe|com|vbs|shs|hta|scr|chm|avi)"
/where/ever

Just curious - can't Content-type also be in the headers? Why are you
only scanning the body?

Also why are you extracting the filename extension but not using it?

* *name=".*\/(mp3|wav|lnk|bat|pif|exe|com|vbs|shs|hta|scr|chm|avi)"
----^

What is the '*' doing in the first part of the second recipe? You're
taking the kleene closure of ' ' but the regexp isn't anchored to a
newline, so it's not clear how this is useful.

M.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>