procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Updated Virus Snaggers (ver. 1.3)

2003-09-22 16:10:58
from [Dallman Ross] [Permanent Link] 
I have made release ver. 1.3 of virussnag.rc available for viewing at
http://www.spamless.us/pub/procmail/virussnag.rc .

A gzipped copy for downloading is at
http://www.spamless.us/pub/procmail/virussnag.gz .

For comparison, the previous version is available at
http://www.spamless.us/pub/procmail/virussnag12.gz .

The anti-virus recipes are essentially the same.  I have simply
added some new functionality.  The new file is fully backward-
compatible with the old one.

With ver. 1.3, one can optionally chose to save only the headers
of caught messages, by setting

     h = h

before the INCLUDERC line.  (Or edit the appropriate line inside
the INCLUDERC file, as per comments therein.)

Alternatively, one can set the variable "NONDEL" to ON or Y (actually,
to anything at all that is non-null), and this will cause the entire
virus-laden message to come out the bottom of the INCLUDERC intact
(i.e., to stdout), sans delivery; however, for messages identified as
containing viruses, the variable "VIR_A" or "VIR_B" will have been set.

Thus, if one wished to, say, abridge the message to 40 lines of body
(plus the full head) and gzip the archive, one could do something like
this:

     NONDEL = y
     INCLUDERC = /somewhere/reasonable/virussnag.rc

     # let's use variables $GO & $TRUE that were defined inside virussnag!
     :0
      * $  $GO^0  VIR_A  ??  $TRUE
      * $  $GO^0  VIR_B  ??  $TRUE
      {
          :0 bfw
           | head -40

          :0:
           | gzip -fc9 >> VIRUS.gz
      }

On Panix (my shell $HOME), Mike Peeler (zconcept) suggested a slick
alternative to my two "$GO" lines:

  * $  TRUE  ??  ^^$VIR_A$VIR_B^^

That can work because I have made VIR_A and VIR_B mutually exclusive.
If we find VIR_A, I don't bother wasting cycles looking for VIR_B, too.

Here's how I'm currently running things[1] in my own .procmailrc:

 NONDEL    = y
 MYVIRUS   = VIRUS.gz
 INCLUDERC = $SUBS/virussnag.rc

 :0:  # 030922 () gzip viruses
  * $  TRUE  ??  ^^$VIR_A$VIR_B^^
  | gzip -fc9 >> $MYVIRUS

That simply gzips the whole shebang.  (Hopefully, I won't get an
onslaught of the virus that will put me over quota at Panix.)

[1] Actually, I use "$TRUE" instead of "y" when I set NONDEL.  But
    I have defined, way up-top in my personal .procmailrc,

      TRUE = .

    already.  I do this just because it allows me to use Boolean-
    style language in some of my recipes.

-- 
dman

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Filter based on length of the From address?, Professional Software Engineering
Next by Date:  Re: Recipe Correctness ?, mpierce
Previous by Thread:  Filter based on length of the From address?, Brian Nesbit
Next by Thread:  Re: Updated Virus Snaggers (ver. 1.3), Ruud H.G. van Tol
Indexes:  [Date] [Thread] [Top] [All Lists]