[Linux-aus] procmail rule for the latest virus nonsense?
Dennis Gilmore
dennis at dgilmore.net
Wed Jan 28 20:36:01 UTC 2004
Once upon a time Wednesday 28 January 2004 9:06 pm, Arjen Lentz wrote:
> Hi all,
>
> The following ruleset should capture the latest virus nonsense, but
>
> doesnt:
> :0 B
>
> * ^Content-Type: text/plain; charset="Windows-1252"
> * ^Content-Type: application/octet-stream;
> name=.*\.(bat|cmd|exe|pif|scr|zip)
> * ^UEsDBAoAAAAAA....zDKJx\+eAFgAAABYAA
>
> The lines work when I do them manually with egrep, so it must be some
> quirkyness inside procmail (which uses the egrep code!). I've been
> messing with lots of escaping, and I just can't find it.
> Thoughts anyone?
>
>
> Regards,
> Arjen.
Mailscanner with clamav detects the virus succesfully. i would suggest using
that with procmail
Regards
Dennis
More information about the linux-aus
mailing list