[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exim and Sircam Virus



Well in my procmail I use:

============== snip==============
#
# This one should help de-activate scripts included
# in email messages

:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
  :0 HB
  *^Content-Disposition: attachment;
  *filename=".*\.(vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif)"
  {
    :0 fhbw
    |/usr/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'

    :0 c
    /root/mail/virusmail.procmail
  }
}
===========end snip==============

You can add as many extensions as you want. This could be put into a
system wide procmail file like /etc/procmailrc this would add a .txt
extension to all the specified scripts such that they will not execute by
default and thus you can scan them before opening them.

Noah.


-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org