[unisog] Sendmail Filter for Sircam

Martin Sapsed m.sapsed at bangor.ac.uk
Wed Aug 1 09:10:02 GMT 2001


Alex wrote:

> [snip]
> # check the rest of the damned things for possible virus/unusual
> # extensions, and only run if the priors did not.
> # added 'bak' and 'lnk' jul24/01 - ae
> :0 E
> *^Content-type: (multipart/mixed|application/octet-stream)
> {
>   :0 HB
>   *^Content-Disposition: (attachment|inline);
>   *filename=".*\.(vbs|wsf|vbe|wsh|hta|pif|bat|lnk)"
>   {
>     SHELL=/bin/sh
>     :0 fhbw
>     |/usr/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'
> 
>     :0 c
>     $VIR_DIR/virusmail
>   }
> }

You might want to lose the "'s from the filename and sed lines. Many copies
of SirCam that arrived here didn't have quotes round the filename. (Mostly
ones using Outlook_Express boundary separators?). We also rename .dll,
.ocx, .exe, .com, .chm and a few others - I've certainly seen SirCam with
.com on the end.

Cheers,

Martin

-- 
Martin Sapsed				To have no errors
Information Services			Would be life without meaning
University of Wales, Bangor, LL57 2UX	No struggle, no joy.
Fax: +44 (0)1248 383826



More information about the unisog mailing list