procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re[2]: Virus scanning and defense-in-depth

2004-03-01 07:17:15
from [Robert Allerstorfer] [Permanent Link] 
On Mon, 1 Mar 2004, 11:43 GMT+01 (11:43 local time) Dallman Ross
wrote:


sed -ne '1 p'

to only return the first line of the output from

zipinfo -1 $ZIPFILE



  sed 1q



(Or "head -1")


yes, I have already recognized to use the 'q' command instead of the
'p' command for more efficiency, after a friendly person (Holger
Wahlen) mailed me privately on this. I haven even cut it down to

        sed q

:-)

This change, beside of other improvements, has hit version 0.2 of my
AntiVirus filter which I have just released, which is available at

http://www.softlabs.info/antivirus/

as always. The changelog (you can view it online at
http://www.softlabs.info/antivirus/SoftlabsAV/history.txt )
takes a note on that:

____________________________________________________________________________
 v0.2   (2004 03 01)

 + ZIP attachments with a MIME type other than the usual 
   'application/x-zip-compressed' or 'application/zip' will now be catched 
   properly as 'ZIP.*.virus'. This affects Bagle.E virus infected ZIPs, 
   which are currently spreading using the 'application/octet-stream' MIME 
   type for the ZIP file. 

 + If a infected ZIP attachment has an unusual MIME type, the entry in 
   procmail's log file will include a '(SUSPECT!)' addition beside the 
   logged MIME type. 

 + more efficient call of the sed program: the 'p' command has been 
   replaced by the 'q' command. Thanks to Holger Wahlen. 

 + the sed version related info has been removed from the ReadMe because 
   it was only valid for GNU sed versions. Thanks to LuKreme. 

 + the tr program is not used anymore, since we now use sed instead.

 + lowercasing has been outsourced into an own .inc file, to be used as 
   re-usable "sub routine".

 + simplified call of the mimencode program: the redundant '-b' option 
   has been removed. 

 + the shipped '/etc/procmailrc' file now comes with the DROPPRIVS 
   Environment variable set to 'yes', as suggested by Bob George. 

 + the shipped '/etc/procmailrc' file now has marked those entries which 
   are essential for antivirus.rc


I'm traveling internationally this week, which precludes much
participation here.  I'll probably be sort of quiet until about
March 11th.


Have a nice trip!

best,
rob.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Virus scanning and defense-in-depth, Dallman Ross
Next by Date:  Re: via NewsForge: Get a free listing in gov't open source reference - deadline today, Robert Allerstorfer
Previous by Thread:  Re: Virus scanning and defense-in-depth, Dallman Ross
Next by Thread:  Re: Virus scanning and defense-in-depth, LuKreme
Indexes:  [Date] [Thread] [Top] [All Lists]