[Linux-aus] procmail rule for the latest virus nonsense?
dennis at dgilmore.net
Wed Jan 28 20:36:01 UTC 2004
Once upon a time Wednesday 28 January 2004 9:06 pm, Arjen Lentz wrote:
> Hi all,
> The following ruleset should capture the latest virus nonsense, but
> :0 B
> * ^Content-Type: text/plain; charset="Windows-1252"
> * ^Content-Type: application/octet-stream;
> * ^UEsDBAoAAAAAA....zDKJx\+eAFgAAABYAA
> The lines work when I do them manually with egrep, so it must be some
> quirkyness inside procmail (which uses the egrep code!). I've been
> messing with lots of escaping, and I just can't find it.
> Thoughts anyone?
Mailscanner with clamav detects the virus succesfully. i would suggest using
that with procmail
More information about the linux-aus