I have this recipe in my .procmailrc to filter out incoming virus mails (and there are quite a few of them !!!!)... but still some manage to creep in... can someone improve on it...... thanks in advance....
# Sobig.E------------------------------------ :0 HB #* ^Content-Transfer-Encoding: base64 #* ^Content-Disposition: attachment; * ^Content-type: application/octet-stream; * filename=.*.pif ./mail/Virus # Sobig.F------------------------------------ :0 H * ^Subject: .*(Thank you!|Your application|That movie|Approved|Details|My details|Your details|Wicked screensaver)$ * ^X-MailScanner: Found to be clean$ ./mail/Virus # MyDoom/Novarg------------------------------ :0 HB * <50000 * ^Subject: (test|hi|hello|Mail Delivery System|Mail Transaction Failed|Server Report|Status|Error|)$ * ^Content-type: application/octet-stream; * (file)?name="(document|readme|doc|text|file|data|test|message|body).(pif|scr|exe|cmd|bat|zip)" ./mail/Virus # Bagle.J------------------------------------- :0 * ^Subject:(.*E-mail account disabling warning)|\ (.*E-mail account security warning)|\ (.*Email account utilization warning)|\ (.*Important notify about your e-mail account)|\ (.*Notify about using the e-mail account)|\ (.*Notify about your e-mail account utilization)|\ (.*Warning about your e-mail account) * B ?? ^Content-Type: application/octet-stream; * B ?? ^Content-Transfer-Encoding: base64 * B ?? ^Content-Disposition: attachment; ./mail/Virus
Priyam. -=-=- ... Life would be so much easier if we could just look at the source code. -- Dave Olson
On 30/09/04 15:00 +0530, Rishi wrote:
I have this recipe in my .procmailrc to filter out incoming virus mails (and there are quite a few of them !!!!)... but still some manage to creep in... can someone improve on it...... thanks in advance....
Any reason why you don't want to use MailScanner instead?
Mailscanner assumes that you have control of the MTA. Also, mailscanner manipulates mail queues in unapproved ways, and hence is inherently unsafe to use.
Devdas Bhagat
I have root permissions.... and we are using Sendmail (presently, on a Solaris m/c). A systemwide procmail (/etc/procmailrc) is just one way that we are looking at the solution because of the sudden growth of virus/worm infected mails...
not aware of other solutions....
Priyam. -=-=- ... " "A grad student in procrastination tends to stay in procastination unless an external force is applied to him" - Newton's First law of Garduation." -- www.phdcomics.com
On 30/09/04 14:33 +0530, Priyam Chatterjee wrote:
I have this recipe in my .procmailrc to filter out incoming virus mails (and there are quite a few of them !!!!)... but still some manage to creep in... can someone improve on it...... thanks in advance....
Google for clamassassin. So much simpler to install clamav in ~ and then use that.
Devdas Bhagat
On Sep 30, 2004 at 14:33, Priyam Chatterjee wrote:
I have this recipe in my .procmailrc to filter out incoming virus mails (and there are quite a few of them !!!!)... but still some manage to creep in... can someone improve on it...... thanks in advance....
Looks like you're trying to filter viruses and spam. Try using amavis and spamassassin.
-
Devdas Bhagat -
Priyam Chatterjee -
Rishi -
Satya