[vox-tech] the answer to all my virus problems
vox-tech@lists.lugod.org
vox-tech@lists.lugod.org
Sat, 20 Sep 2003 14:56:04 -0700
roland smith, whom i met while googling shared a *wonderful* procmail
recipe that catches windows viruses. it's made my life bearable. here
it is:
# Broad antivirus recipe:
#
# It looks at the contents of attachments. The 2nd condition is the header of
# a win32 exe encoded with the base64 algorithm. No matter how the virus is
# named, that header MUST have this specific form, or it won't be recognized
# by windows as an executable. So every attachment that starts with
# TVqQAAMAAAAEAAAA//8AALg is a win32 program and a potential virus. The 3rd
# condition is the string "this program cannot be run in MS-DOS mode" encoded
# in base64. It's there just to be sure, and avoid false positives.
#
:0 B
* ^Content-Transfer-Encoding:.*base64
* ^TVqQAAMAAAAEAAAA//8AALg
* 4fug4AtAnNIbg
{
LOG="[virus: win32 exe] "
:0
DUMP
}
just cut and paste into .procmailrc and your 99E999 swen viruses per day
wil be placed into $MAILDIR/DUMP (or /dev/null if that's what you want).
the guy had some good procmail recipes on his website:
http://www.xs4all.nl/~rsmith/spamblock.html
enjoy!
pete
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D