Dear Michael,
This is the /etc/procmailrc file I use to take out spam and virus
attachments...
--
:0fw
| /usr/bin/spamassassin -P -c /usr/local/share/spamassassin/
:0:
* ^X-Spam-Status: Yes
/var/spool/mail/spam
:0 HB:
* ^Content-Type:.*(application|audio|multipart)
* name=.*\.(bat|exe|pif|vbs|swf|scr)
| formail -A "X-Virus-Status: Yes" >> /home/spam/mail/virus
--
Basically, I keep an account 'spam' for reviewing all suspected spam
(usually with pine), and within that account I have a pine-browsable mail
folder called 'virus' that all the funny Windows email/attachments get
dropped into.
Cheers,
William Porquet, MA | SysAdmin, Maptuit Corporation | [EMAIL PROTECTED]
"Destiny dressed you this morning;
now Fear is trying to pull off your pants."
- The Tick
On Fri, 17 May 2002, Michael C. Berch wrote:
> Just in the last week, the number of messages with what I assume to be
> the Klez virus or a variant has exploded, at least for me. Since we
> have no Windows machines I don't pay a lot of attention to email viruses
> and other malware, but I'm getting 20+ a day, all different insofar as
> From and Subject headers, and I just want to kill them as spam.
>
> Has anyone written a local rule for this? I have just now started
> looking at the messages closely, and the key part seems to be an
> attachment of type audio/x-wav, with a filename of *.(?:pif|scr|exe|bat).
> I can't imagine anyone sending a legitimate attachment with those
> criteria, so it should have a fairly high score, if not an automatic
> trap.
>
> Question: does SA consider MIME sub-headers to be "header" or "body"?
> They are in the traditional RFC822 message body, but they're actually
> headers.
>
> The other one I just get over and over and finally wrote a rule for is
> something with "Snowhite" and the 7 dwarves, and an attachment that is
> usually an .exe file. I'm just scoring anything with /snowhite/i and
> an attachment as probable spam.
>
> --
> Michael C. Berch
> [EMAIL PROTECTED]
>
>
> _______________________________________________________________
>
> Hundreds of nodes, one monster rendering program.
> Now that’s a super model! Visit http://clustering.foundries.sf.net/
> _______________________________________________
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>
_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that’s a super model! Visit http://clustering.foundries.sf.net/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
