On Sat, Sep 20, 2003 at 02:56:04PM -0700, [EMAIL PROTECTED] wrote:
> roland smith, whom i met while googling shared a *wonderful* procmail
> recipe that catches windows viruses. it's made my life bearable. here
> it is:
>
>
>
> # Broad antivirus recipe:
> #
> # It looks at the contents of attachments. The 2nd condition is the header of
> # a win32 exe encoded with the base64 algorithm. No matter how the virus is
> # named, that header MUST have this specific form, or it won't be recognized
> # by windows as an executable. So every attachment that starts with
> # TVqQAAMAAAAEAAAA//8AALg is a win32 program and a potential virus. The 3rd
> # condition is the string "this program cannot be run in MS-DOS mode" encoded
> # in base64. It's there just to be sure, and avoid false positives.
> #
> :0 B
> * ^Content-Transfer-Encoding:.*base64
> * ^TVqQAAMAAAAEAAAA//8AALg
> * 4fug4AtAnNIbg
> {
> LOG="[virus: win32 exe] "
>
> :0
> DUMP
> }Hey, I wonder if it would work as an exim system filter? This would be great to just throw out exe attachments system-wide. > just cut and paste into .procmailrc and your 99E999 swen viruses per day > wil be placed into $MAILDIR/DUMP (or /dev/null if that's what you want). > > > the guy had some good procmail recipes on his website: > > http://www.xs4all.nl/~rsmith/spamblock.html > > enjoy! > pete > > -- > GPG Instructions: http://www.dirac.org/linux/gpg > GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech -- R. Douglas Barbieri [EMAIL PROTECTED] http://www.dooglio.net vi: "The way God meant for man to edit text files..." GPG Fingerprint: FE6A 6A57 2B95 7594 E534 BFEE 45F1 9E5E F30A 8A27 GPG Public key : http://www.dooglio.net/dooglio.asc
pgp00000.pgp
Description: PGP signature
