Hi,
I'm a great fan of that antivirus plugin - it really works great. What
about considering these suggestions (in refernce to ver. 1.5.0;
7-Feb-04):
(1) change
DOUBLES = "($DOUBLES)[.]"
to
DOUBLES = "($DOUBLES)[$SPACE]*[.]"
As posted earlier, I have received Mydoom viruses with attached files
such as "document.doc .exe" with a lot of spaces after ".doc",
before the real extension's dot came. The original form of DOUBLES
above wouldn't catch them, right?
(2) Since virussnag.rc identifies an infected mail as either one of
three types, I prefer to have $MYVIRUS set to an existing directory
(mine is $MAILDIR/TRASH.virus), where only infected mails will be
stored into. virussnag then stores each type in its own file
('A.virus', 'B.virus' and 'Z.virus') so you can easily observe which
kind of virus classes have been catched at most. For this purpose, I
changed the code at the end to (original code uncommented at the
beginning):
# :0 $h: # 040207 () for headers only, $h will have been set to "h" up above
# * $ NONDEL ?? $VAROFF
# * $ TRUE ?? ^^$VIR_A$VIR_B$VIR_Z^^
# $MYVIRUS
# changed by roal 20040221: Store viruses under the $MYVIRUS *directory*, each
type in a separate file
:0 $h: # for headers only, $h will have been set to "h" up above
* $ NONDEL ?? $VAROFF
{
:0
* $ TRUE ?? ^^$VIR_A^^
$MYVIRUS/A.virus
:0 E
* $ TRUE ?? ^^$VIR_B^^
$MYVIRUS/B.virus
:0 E
* $ TRUE ?? ^^$VIR_Z^^
$MYVIRUS/Z.virus
}
(3) why not adding 'com' to $RECOMMENDED_OEM? I still receive some
viruses with that extension, passing through virussnag.
best,
rob.
--
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail