SUMMARY: procmail filtering question

From: Giovanni Navarrette <gio_at_uslink.net>
Date: Thu Feb 14 2002 - 12:12:42 EST
Hey everyone:

Thanks a million for all of the replies. Here is what I got working (this
one is for the W32.Hybris virus):

##
DEFAULT=/var/mail/$USER
PATH=/usr/bin:/opt/bin
SHELL=/bin/sh
LOGFILE=$HOME/.procmail.log
LOGABSTRACT=yes
LOCKFILE=$HOME/.lockmail

:0
* ^From:.*hahaha@sexyfun.net
* ^Subject: Snowhite and the Seven Dwarfs
my-virus-folder
##

Other suggestions were:
##
Spambouncer: http://www.spambouncer.org/
##

##
Filtering in this fashion:
LOGFILE="/home1/mail/logs/PROCMAILLOG"
:0

:0 B
* [.$]*name=.*\.vbs[.$]*
/home3/mail/Quarantine/Quarantine_vbs

:0 B
* [.$]*name=.*\.exe[.$]*
/home3/mail/Quarantine/Quarantine_exe

:0 B
* [.$]*name=.*\.shs[.$]*
/home3/mail/Quarantine/Quarantine_shs

:0 B
* [.$]*name=.*\.pif[.$]*
/home3/mail/Quarantine/Quarantine_pif

:0 B
* [.$]*name=.*\.scr[.$]*
/home3/mail/Quarantine/Quarantine_scr
##

##
Linux Journal article on using procmail:
http://www.linuxjournal.com/article.php?sid=4882
##

##
Article on how to re-name attachments to disable them (I'm still looking
into this one too :D):
http://www.impsec.org/email-tools/procmail-security.html
##

Thanks to:
Dennis Kelly
Karl Vogel
Peter Watkins
Chaos Golubitsky
Mike Bruno
Thomas Payarle
Bob Rahe

Thanks again everyone! Happy Valentines day!

--------------------------------------------
Giovanni Navarrette
USLink Internet Systems Administrator
Email :: gio@uslink.net
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Feb 14 11:15:24 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:34 EST