[vox-tech] Virus deluge

Wed, 28 Jan 2004 04:57:04 -0800

On Tue 27 Jan 04, 10:39 PM, Mark K. Kim said:
> On Tue, 27 Jan 2004, Karsten M. Self wrote:
> 
> > > ================================================================================
> > > :0 B
> > > * -1
> > > * 1^0 ^Content-Transfer-Encoding: base64
> > > * 1^0 1rrAeM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9r
> > > * 1^0 Ga9SG/3//7dSpCoQS7DvKZAv72JQKWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguXrNq
> > > * 1^0 TBuvVXOm//9/idxR1/7/Y6uPvh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMvgDP
> > > * 1^0 Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hk
> > > * 1^0 Z3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkLRDvZ1r5tSGRWLV
> > > * 1^0 V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWskGOE
> > > {
> > >     LOG="LOG: Virus: (Mydoom / Novar)"
> > >
> > >     :0:
> > >     Virus/
> > > }
> > > ================================================================================
> 
> I'm new to procmail so can I ask some questions?
> 
> What do ":0 B", "-1", and "1^0" do?  Does LOG do anything?
> 
> Thanks!  The rules seem to be working so far...
> 
> -Mark

hi mark!

:0 B means search just the body.  actually, every recipe starts off
with

   :0 [flags][:]

where [] indicates optional.

next is the -1.  i have no idea what the -1 does, maybe it has something
to do scoring?  i dunno.

1^0 has to do with scoring.  you can score stuff, like spam assassin.
you apply a set of tests, like regexes, and each time, you can assign a
number to either increase or decrease the score.  when you hit the
action line, in this case,

> > > {
> > >     LOG="LOG: Virus: (Mydoom / Novar)"
> > >
> > >     :0:
> > >     Virus/
> > > }

if the score is greater than 0, procmail take the action.  if the score
is less than or equal to 0, you don't take the action.  specifically,
x^y means, add x the first time the condition is matched.  then add x*y
the 2nd time the condition matches.  then add x*y*y the 3rd time the
condition matches, and so on.

so if the line

   Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hk

appears once, a score of 1 is added to the overall score.  if it appears
twice or more, no additional points are added to the score.

LOG is a directive to write to a log file.  i believe you have to define
the LOGFILE variable to point to a filepath which will be procmail's
logging file.  you can use the variable VERBOSE to turn on verbosity.

hth,
pete

-- 
Make everything as simple as possible, but no simpler.  -- Albert Einstein
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D