Toen ik Ruud H.G. van Tol kietelde, kwam er dit uit:
if you open the zip-file in an editor, you will find
two equal occurences of "randomtext.exe" in there (the toc).
The pattern of the base64-encoding of those filenames is deductable,
so a procmail-recipe can catch them.
Or use sed:
ZIPSTR = `sed \
-e :a \
-e "s/[^a-zA-Z0-9. ]\{1,\}/ /g" \
-e "s/ \{1,\}\[^ ]\{0,4\} \{1,\}/ /g" \
-e '$\!N; s/\n/ /; ta' \
bagle.zip`
(might need changing or unsetting of SHELLMETAS)
A sample bagle.zip is transformed to:
PK hdquqv.exe SPWNs GoRyq ZoC6jh fy4cW 15oYg 246WA 7Km1U VR0bt W5HJT
MO84d eX70r eJfzb hdquqv.exePK
(all on 1 line)
I chose to eliminate all strings shorter than 4 because "a.exe"
has length 5.
--
Affijn, Ruud
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail