Lyle Evans wrote:
<> :0 B
<> * > 20000
<> * < 36000
<> *^aHR0cDovL3ZpbC5uYWkuY29tL3ZpbC9jb250ZW50L3ZfMTAwOTgzLmh0bQ==
<> * ^ *Content-Disposition: attachment;
<> * filename=".*\.(pif|exe|scr|zip|bat|cmd)"
<> {
<> LOG='MyDoom virus detected"
<> :0
<> /var/log/virusmail
<> }
Assuming the string is correct this will work fine. I have a bunch of
these in my /etc/procmailrc. You can probably skip the last two patterns
as anything that matches the encoded string is almost surely going to
match the attachment headers.
If you have more than one virus catching recipe, it makes sense to
wrap the lot with something like those lines, though. This has come up
a number of times here and you should be able to find some juicy stuff
in the list archive.
Reto
--
R A Lichtensteiger rali(_at_)tifosi(_dot_)com
"Listen, three-eyes, don't you try to out-weird me. I get stranger things
than you for free with my breakfast cereal." - Zaphod Beeblebrox
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail