dealing with email from "Mydoom" worm
Fred Yankowski
fred at ontosys.com
Fri Jan 30 17:20:22 CET 2004
On Thu, Jan 29, 2004 at 01:45:48PM -0800, Bill Wohler wrote:
> You could use the $ regexp to match a newline.
Good idea. I've updated my procmail recipe accordingly.
--
Fred Yankowski fred at ontosys.com tel: +1.630.879.1312
OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370
www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
-------------- next part --------------
BADNAME="\.(bat|cmd|exe|pif|scr|zip)$"
:0
* ^Content-Type: multipart/
* B ?? ^Content-Type:.*application/octet-stream.*($[ ])?.*name=\"\/[^\"]*
* $ MATCH ?? $BADNAME
{
# Message has attachment of type octet-stream with a bad name
LOG="[bad attachment name: $MATCH]
"
:0
IN/~bogo/bad-attach/
}
# NOTES: Content-Type headers inside the document body typically have
# their 'name' attribute on the following line, so the pattern above
# allows for such continuation. (per Bill Wohler <wohler at newt.com>).
More information about the Bogofilter
mailing list