procmail
[Top] [All Lists]

RE: block .exe, dll, bat....

2004-02-06 07:14:04


-----Original Message-----
From: procmail-bounces(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
[mailto:procmail-bounces(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE]On Behalf Of 
Professional
Software Engineering
Sent: Thursday, February 05, 2004 23:16
To: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Re: block .exe, dll, bat....


At 08:55 2004-02-06 +0530, Shiju Jacob wrote:
can any one tell me how to send the mail to both the people after deleting
the mail
[snip - our archives are getting polluted with overquotes]

You mean you want to send a notice to the intended recipient AND a notice
to the *APPARENT* (and these days, generally *FORGED*) sender?

I won't demonstrate how to send a message to the apparent sender for this
purpose - by doing so, you'd be contributing to the problem caused by these
viruses -- the apparent sender has quite enough grief because of BOUNCES
they receive on behalf of some OTHER nimrod who infected their own computer
and who is forging messages with the innocent party's email address on
them.  I gleefully DNSBL the servers of companies that run idiotic A/V
software that does this very thing (software which should know well enough
that the virus they detected uses forged addresses for the envelope sender).

Search the procmail archives for "bouncer.rc", review it, and then and use
something like:


# in your detection code, set VIRUSNAME to whatever your other filters have
# determined the virus to be, or perhaps "GENERIC EXECUTABLE" or
# "MYDOOM OR VARIANT", etc.

:0
* ! VIRUSNAME ?? ^^^^
{
         BOUNCER=someviralnotificationaddress(_at_)yourdomain(_dot_)tld
         REPLYTO=$LOGNAME
         BOUNCEMSG=virus.msg
         BOUNCESUBJ="virus or suspect message rejected [$VIRUSNAME]"

         # include the generic bouncer code.
         INCLUDERC=bouncer.rc
}

(some additional variables may need to be set, but none spring to mind)

---
  Sean B. Straw / Professional Software Engineering

  Procmail disclaimer:
<http://www.professional.org/procmail/disclaimer.html>
  Please DO NOT carbon me on list replies.  I'll get my copy from the list.
-------------------------------------------------------------------------

Sean,

Thanks for the information.  There is no way I would want to send a note to
the 'sender', I just want to send a note to the intended recipient minus the
virus and minus the executable file to let him know that a message came into
the system and was dumped.  I am trying to reduce the use of bandwidth while
at the same time trying to insure no vital information is lost.

Thanks again,

Greg


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>