[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Exim and Sircam Virus
Well in my procmail I use:
============== snip==============
#
# This one should help de-activate scripts included
# in email messages
:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
*^Content-Disposition: attachment;
*filename=".*\.(vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif)"
{
:0 fhbw
|/usr/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'
:0 c
/root/mail/virusmail.procmail
}
}
===========end snip==============
You can add as many extensions as you want. This could be put into a
system wide procmail file like /etc/procmailrc this would add a .txt
extension to all the specified scripts such that they will not execute by
default and thus you can scan them before opening them.
Noah.
-----
This is the afnog mailing list, managed by Majordomo 1.94.4
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org