I have this recipe in my .procmailrc to filter out incoming virus mails (and there are quite a few of them !!!!)... but still some manage to creep in... can someone improve on it...... thanks in advance....
# Sobig.E------------------------------------ :0 HB #* ^Content-Transfer-Encoding: base64 #* ^Content-Disposition: attachment; * ^Content-type: application/octet-stream; * filename=.*.pif ./mail/Virus # Sobig.F------------------------------------ :0 H * ^Subject: .*(Thank you!|Your application|That movie|Approved|Details|My details|Your details|Wicked screensaver)$ * ^X-MailScanner: Found to be clean$ ./mail/Virus # MyDoom/Novarg------------------------------ :0 HB * <50000 * ^Subject: (test|hi|hello|Mail Delivery System|Mail Transaction Failed|Server Report|Status|Error|)$ * ^Content-type: application/octet-stream; * (file)?name="(document|readme|doc|text|file|data|test|message|body).(pif|scr|exe|cmd|bat|zip)" ./mail/Virus # Bagle.J------------------------------------- :0 * ^Subject:(.*E-mail account disabling warning)|\ (.*E-mail account security warning)|\ (.*Email account utilization warning)|\ (.*Important notify about your e-mail account)|\ (.*Notify about using the e-mail account)|\ (.*Notify about your e-mail account utilization)|\ (.*Warning about your e-mail account) * B ?? ^Content-Type: application/octet-stream; * B ?? ^Content-Transfer-Encoding: base64 * B ?? ^Content-Disposition: attachment; ./mail/Virus
Priyam. -=-=- ... Life would be so much easier if we could just look at the source code. -- Dave Olson