Hi guys:
I have an old recipe I've used for years that is meant to rename
.exe's. It was given to me by someone here IIRC. Here recently a lot
of the bad messages are maiking it past the recipe. Can someone look
at this snippet and tell me how I can correct it to catch these, too?
Thanks very much for the help.
Scott
:0
*^Content-type:
(multipart/mixed|application/octet-stream|audio/x-wav|image/gif|
audio/x-midi|application/x-msdownload)
{
:0 HB
* ^Content-Disposition: (attachment|inline);
* ^.*name=.*\.(vbs|wsf|shs|exe|chm|vbe|hta|bat|com|pif|scr)
*
!^.*filename="([cC]hristma.*[cC]ard|crimbo|crimbo_1)\.(exe|EXE)"
{
:0f
|sed -e \
's/\(name[ ]*=[ ]*\("\|\).*\.\(vbs\|wsf\|shs\|exe\|chm\|vbe\|h
ta\|bat\|c
om\|pif\|scr\)\)\("\|\)/\1.warn\4/gi'
:0fh
| formail -i
"Subject:DANGER!VirusMayBeAttached-NameChanged-see homepage"
:0 c
$ABYSS
}
}
The messages' with "bad" attachments that have made it through have
the following:
1. I though this one would have been caught:
Content-Type: application/x-msdownload; name="Installer3.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment
2. This one has no disposition so I figured that's what caused it to
miss.
Content-Type: audio/x-wav; name="bsosqacb.exe"
Content-Transfer-Encoding: base64
Content-Id: <csgcfwgszt>
Please let me know if I can provide more info to help. .
Thanks again,
Scott
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail