We did something similar (but incorporated your sed idea after reading
your post; that preserves the original subject line, thank you). We
also tried adding another condition whose purpose is to prevent
further processing if there is no attachment. The idea was to lessen
the load on the processor which would result from scanning every
single message body for .vbs. Since conditions are "anded", this
seems to have the desired result:
:0
* ^Content-Type: multipart/mixed;
* B ?? \\.vbs
{
:0 c:
/var/mail/attachments.vbs
:0 h f
| /bin/sed -e 's/^Subject:/Subject: [PRAIRIENET SYSTEMS
ALERT: MAY CONTAIN A VIRUS ATTACHMENT]/'
}
Thoughts?
-d
--
David Talkington
Community Networking Initiative
[EMAIL PROTECTED]
244-1962
Anthony E. Greene wrote:
:
::0 Bf
:* \\.vbs
:| /bin/sed -e 's/^Subject:/Subject: [MAY CONTAIN A VIRUS]/'
:
:All the variants are VBS files that run on the Windows Scripting Host.
:Since the filename must be specified in the MIME headers, they can't avoid
:being caught by this filter.
:
:This filter will scan the entire message body ("B" option) so a busy mail
:server may work a little harder.
:
:
: Tony
: --
: Anthony E. Greene <[EMAIL PROTECTED]>
: Homepage and PGP Key: <http://www.pobox.com/~agreene/>
: If it's too good to be true, it's probably Linux
:
:
:
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
