roland smith, whom i met while googling shared a *wonderful* procmail recipe that catches windows viruses. it's made my life bearable. here it is:
# Broad antivirus recipe: # # It looks at the contents of attachments. The 2nd condition is the header of # a win32 exe encoded with the base64 algorithm. No matter how the virus is # named, that header MUST have this specific form, or it won't be recognized # by windows as an executable. So every attachment that starts with # TVqQAAMAAAAEAAAA//8AALg is a win32 program and a potential virus. The 3rd # condition is the string "this program cannot be run in MS-DOS mode" encoded # in base64. It's there just to be sure, and avoid false positives. # :0 B * ^Content-Transfer-Encoding:.*base64 * ^TVqQAAMAAAAEAAAA//8AALg * 4fug4AtAnNIbg { LOG="[virus: win32 exe] "
:0 DUMP }
just cut and paste into .procmailrc and your 99E999 swen viruses per day wil be placed into $MAILDIR/DUMP (or /dev/null if that's what you want).
the guy had some good procmail recipes on his website:
http://www.xs4all.nl/~rsmith/spamblock.html
enjoy! pete
Wierdly, I haven't gotten any real copies of the virus since I started sending them to .mail/probably-virus, but I have gotten copies of the virus email with the .exe file already stripped from the message (so it still shows up in my inbox just the same)
I know my procmail isn't working, becuase I just emailed myself a .exe file from my windows partition and the filter caught it and shunted the message off to .mail/probably-virus
-- I usually have a GPG digital signature included as an attachment. See http://www.gnupg.org/ for info about these digital signatures. My key was last signed 6/10/2003. If you use GPG, *please* see me about signing the key. ***** My computer can't give you viruses by email. ***
pgp00000.pgp
Description: PGP signature
