Sven Luther wrote: > BTW, the attachement is of md5sum b09e26c292759d654633d3c8ed00d18d. > > Anyone know of an easy way to filter out emails where a given > attachement has a particular md5sum ?
I wrote a helpfull Python script this morning and have successfully filtered about 60(!) virus mails with it today already. http://elonen.iki.fi/code/misc-notes/mpartinfo2hdr/ The program - when a message is piped though it - analyzes mail attachments and puts the results in the header... X-Msg-Part-Info: attachment; size="106496"; md5sum="b09e26c292759d654633d3c8ed00d18d"; claimedmime="audio/x-wav"; name="gvzvfszn.exe"; guessedmime="application/x-dosexec" ... so that one can write mail reader rules to filter messages with certain attachments. I'm using Kmail myself, with the following rules: Add the attachment info to header: 1) 'To' doesn't equal 'MATCH_FOR_ALL' => 'pipe through' '/home/jarno/bin/mpartinfo2hdr' DON'T stop if this matches Remove certain virus mail: 2) 'any header' matches regexp 'X-Msg-Part-Info:.*b09e26c292759d654633d3c8ed00d18d' => move to trash Move probably virus mail: 3) 'any header' matches regexp 'X-Msg-Part-Info:.*guessedmime="application.x-dosexec"' OR 'any header' matches regexp 'X-Msg-Part-Info:.*name="[^"]*\.pif".*' => move to folder 'virus' - Jarno
