I have this recipe for getting rid of the bad zips:
:0 B
* > 3000
* < 40000
* ^.*name=.*\.zip
/home/mail/virus
The above comes affter Dallmans snagger.
It was working fine until the last round of virus I presume morphed.
Zips started making it through but I noticed all that made it were to
one virtual domain of mine. The domain is a virtual host on my
mailserver box. Is there anything I can do to make that mail get
snagged by the above, too? A sample header of one that passed is
below:
Thanks very much for the time to help.
Scott
# Sample message getting past: >>>>>>>>
Return-Path: <paranoidpenguins(_at_)aol(_dot_)com>
Received: from virtualdomain.org (adsl-34-162-147.hsv.bellsouth.net
[67.34.162.147])
by mail.maindomain.net (8.11.6/8.11.6) with ESMTP id i2OLd4K17120
for <info(_at_)virtualdomain(_dot_)org>; Wed, 24 Mar 2004 15:39:04 -0600
Message-Id:
<200403242139(_dot_)i2OLd4K17120(_at_)mail(_dot_)maindomain(_dot_)net>
From: paranoidpenguins(_at_)aol(_dot_)com
To: info(_at_)virtualdomain(_dot_)org
Subject: I love you!
Date: Wed, 24 Mar 2004 15:26:40 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Status:
This is a multi-part message in MIME format.
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
lovely, :-)
------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
name="photo.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="photo.zip"
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail