SUMMARY: procmail filtering question

Giovanni Navarrette gio at uslink.net
Thu Feb 14 11:15:06 EST 2002


Hey everyone:

Thanks a million for all of the replies. Here is what I got working (this
one is for the W32.Hybris virus):

##
DEFAULT=/var/mail/$USER
PATH=/usr/bin:/opt/bin
SHELL=/bin/sh
LOGFILE=$HOME/.procmail.log
LOGABSTRACT=yes
LOCKFILE=$HOME/.lockmail

:0
* ^From:.*hahaha at sexyfun.net
* ^Subject: Snowhite and the Seven Dwarfs
my-virus-folder
##

Other suggestions were:
##
Spambouncer: http://www.spambouncer.org/
##

##
Filtering in this fashion:
LOGFILE="/home1/mail/logs/PROCMAILLOG"
:0

:0 B
* [.$]*name=.*\.vbs[.$]*
/home3/mail/Quarantine/Quarantine_vbs

:0 B
* [.$]*name=.*\.exe[.$]*
/home3/mail/Quarantine/Quarantine_exe

:0 B
* [.$]*name=.*\.shs[.$]*
/home3/mail/Quarantine/Quarantine_shs

:0 B
* [.$]*name=.*\.pif[.$]*
/home3/mail/Quarantine/Quarantine_pif

:0 B
* [.$]*name=.*\.scr[.$]*
/home3/mail/Quarantine/Quarantine_scr
##

##
Linux Journal article on using procmail:
http://www.linuxjournal.com/article.php?sid=4882
##

##
Article on how to re-name attachments to disable them (I'm still looking
into this one too :D):
http://www.impsec.org/email-tools/procmail-security.html
##

Thanks to:
Dennis Kelly
Karl Vogel
Peter Watkins
Chaos Golubitsky
Mike Bruno
Thomas Payarle
Bob Rahe

Thanks again everyone! Happy Valentines day!

--------------------------------------------
Giovanni Navarrette
USLink Internet Systems Administrator
Email :: gio at uslink.net



More information about the sunmanagers mailing list