procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: block .exe, dll, bat....

2004-02-06 07:05:41
from [Alex Herek] [Permanent Link] 
Thank  you Sean!

Professional Software Engineering 
<PSE-L(_at_)mail(_dot_)professional(_dot_)org> wrote:At 08:55 2004-02-06 +0530, 
Shiju Jacob wrote:

can any one tell me how to send the mail to both the people after deleting
the mail

[snip - our archives are getting polluted with overquotes]

You mean you want to send a notice to the intended recipient AND a notice 
to the *APPARENT* (and these days, generally *FORGED*) sender?

I won't demonstrate how to send a message to the apparent sender for this 
purpose - by doing so, you'd be contributing to the problem caused by these 
viruses -- the apparent sender has quite enough grief because of BOUNCES 
they receive on behalf of some OTHER nimrod who infected their own computer 
and who is forging messages with the innocent party's email address on 
them. I gleefully DNSBL the servers of companies that run idiotic A/V 
software that does this very thing (software which should know well enough 
that the virus they detected uses forged addresses for the envelope sender).

Search the procmail archives for "bouncer.rc", review it, and then and use 
something like:


# in your detection code, set VIRUSNAME to whatever your other filters have
# determined the virus to be, or perhaps "GENERIC EXECUTABLE" or
# "MYDOOM OR VARIANT", etc.

:0
* ! VIRUSNAME ?? ^^^^
{
BOUNCER=someviralnotificationaddress(_at_)yourdomain(_dot_)tld
REPLYTO=$LOGNAME
BOUNCEMSG=virus.msg
BOUNCESUBJ="virus or suspect message rejected [$VIRUSNAME]"

# include the generic bouncer code.
INCLUDERC=bouncer.rc
}

(some additional variables may need to be set, but none spring to mind)

---
Sean B. Straw / Professional Software Engineering

Procmail disclaimer: 
Please DO NOT carbon me on list replies. I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail




---------------------------------
Yahoo! GeoCities: 15MB de espaço grátis para criar seu web site!


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  empty body, Mike Arrison
Next by Date:  RE: block .exe, dll, bat...., Greg Ennis
Previous by Thread:  Re: block .exe, dll, bat...., Professional Software Engineering
Next by Thread:  RE: block .exe, dll, bat...., Greg Ennis
Indexes:  [Date] [Thread] [Top] [All Lists]