I am comparing the recipes of John Conover and Bart Schaefer to catch
malicious attachments, and I have a couple of questions.
First, both look for certain html code in the body of the message.
But the conditions are slightly different.
Bart's:
$ ()<${ws}\/(app|bgsound|embed|i?l(ayer|ink)|i?frame(set)?|\
object|script)
[I have extended it to two lines for what I hope is better clarity.]
and John's:
[<](app|bgsound|div|embed|form|i?l(ayer|ink)|img|\
i?frame(set)?|meta|object|s(cript|tyle))
I can decipher a couple of the differences. Bart's assigns everything
to the right of the first whitespace to MATCH. It also evaluates the
condition using the sh substitution rules. But Bart's condition
begins with (), and I am having the darndest time discovering what
this means. I've checked the procmail, procmailrc, procmailsc and
procmailex man pages, and couldn't find an answer to my problem. Then
I thought that perhaps this is unique to the sh substitution rules
(and I am a real neophyte with them). But I couldn't find anything
there.
I am assuming that I have missed the answer as I have read. If
someone could help me, I'd be greatly appreciative.
Also, John encloses the pointed bracket in square brackets. My
recollection is that square brackets can be used to create a
character group (I don't know if that is the right terminology), and
am assuming that this is a way to avoid having to escape the pointed
bracket. Am I close to being right?
Then . . .
Bart's condition (with the match taken out for brevity) looks for
whitespace between the left pointed bracket and the first letter:
<${ws}(app
John's doesn't: [<](app
Can someone explain to me the fine points of the different
expressions these two will catch and miss? Or are they the same?
Doug
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail