SUMMARY: procmail filtering question
Giovanni Navarrette
gio at uslink.net
Thu Feb 14 11:15:06 EST 2002
Hey everyone:
Thanks a million for all of the replies. Here is what I got working (this
one is for the W32.Hybris virus):
##
DEFAULT=/var/mail/$USER
PATH=/usr/bin:/opt/bin
SHELL=/bin/sh
LOGFILE=$HOME/.procmail.log
LOGABSTRACT=yes
LOCKFILE=$HOME/.lockmail
:0
* ^From:.*hahaha at sexyfun.net
* ^Subject: Snowhite and the Seven Dwarfs
my-virus-folder
##
Other suggestions were:
##
Spambouncer: http://www.spambouncer.org/
##
##
Filtering in this fashion:
LOGFILE="/home1/mail/logs/PROCMAILLOG"
:0
:0 B
* [.$]*name=.*\.vbs[.$]*
/home3/mail/Quarantine/Quarantine_vbs
:0 B
* [.$]*name=.*\.exe[.$]*
/home3/mail/Quarantine/Quarantine_exe
:0 B
* [.$]*name=.*\.shs[.$]*
/home3/mail/Quarantine/Quarantine_shs
:0 B
* [.$]*name=.*\.pif[.$]*
/home3/mail/Quarantine/Quarantine_pif
:0 B
* [.$]*name=.*\.scr[.$]*
/home3/mail/Quarantine/Quarantine_scr
##
##
Linux Journal article on using procmail:
http://www.linuxjournal.com/article.php?sid=4882
##
##
Article on how to re-name attachments to disable them (I'm still looking
into this one too :D):
http://www.impsec.org/email-tools/procmail-security.html
##
Thanks to:
Dennis Kelly
Karl Vogel
Peter Watkins
Chaos Golubitsky
Mike Bruno
Thomas Payarle
Bob Rahe
Thanks again everyone! Happy Valentines day!
--------------------------------------------
Giovanni Navarrette
USLink Internet Systems Administrator
Email :: gio at uslink.net
More information about the sunmanagers
mailing list