[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm

Subject: RE: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
Date: Sat Aug 4 22:38:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> >:0
> >*^Content-type: (multipart/mixed|application/octet-stream)
> >{
> >    :0 HB
> >    *^Content-Disposition: (attachment|inline);
> >    *filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr)"
> >    {
> >       SHELL=/bin/bash
> >       :0 fhbw
> >       |/bin/sed -e \
> >'s/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[wW][sS][fF]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mN][eE]=".*\.[eE][mM][lL]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mN][eE]=".*\.[nN][wW][sS]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[sS][hH][sS]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[eE][xX][eE]\)"/\1.not"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[cC][hH][mM]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[pP][iI][fF]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[hH][tT][aA]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[vV][bB][eE]\)"/\1.txt"/' \
> >                     -e \
> >'s/\([nN][aA][mM][eE]=".*\.[sS][cC][rR]\)"/\1.txt"/' \
> >                     -e \
> >       {
> >        :0:
> >        /home/tmp/crap
> >         }
> >        }
>
> Thanks alot for the help!  Of course, thank you Colin as well.

Err....you're entirely welcome!! That's what the list is for :-)

> I have a question about the above recipe.  What does this recipe
> do exactly?  I realize this is a stupid question, maybe I am
> kinda dense but I just can't place it in my brain what it does...

Not stupid at all, it's a perfectly legitimate question and no, you're not
being dense.
What it does is mangle any of the file extensions:
(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr)
and renames 'em to 1.txt by using the stream editor sed which is called from
within the procmail recipe.
As an additional safeguard it also sends the email and it's now mangled
attachment to /home/tmp/crap although it is fair to say that if you
permitted the mail with a 1.txt attachement through to the user's mailbox,
no harm would occur. As a philosophical matter I dump 'em in the crapper
rather than allow 'em through, since the mail that delivers the payload is
probably nonsense anyway (as we recently saw during thr SirCam storm)
Regards,
-Colin
--
Colin J. Raven

References:
- Re: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm
  - From: Michael

Prev by Date: RE: [cobalt-users] RE: htaccess and FrontPage
Next by Date: RE: [cobalt-users] Does anyone know of a good procmail tutorial
Previous by thread: Re: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm
Next by thread: [cobalt-users] Weird lock

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index