[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] PWS-gen.Hooker Trojan
- Subject: [cobalt-users] PWS-gen.Hooker Trojan
- From: "Sim Ayers" <sim@xxxxxxxxxxxx>
- Date: Mon Dec 10 18:56:00 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Our procmailrc has the typical attachement check, but the file
images.doc.pif got through. I could use some help with the correct
syntax for checking file attachments that have two dots in the file
name.
Sim
# here's our procmailrc script.
###########################################################################
#This stops a bunch of bad news attachements from coming through
#attachments are defined in the "filename" variable
#how to deal with them is laboriously described below
:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
*^Content-Disposition: (attachment|inline);
*filename=".*\.(vbs|wsf|eml|shs|exe|nws|chm|pif|vbe|hta|scr)"
{
SHELL=/bin/bash
:0 fhbw
|/bin/sed -e \
's/\([nN][aA][mM][eE]=".*\.[vV][bB][sS]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[wW][sS][fF]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mN][eE]=".*\.[eE][mM][lL]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mN][eE]=".*\.[nN][wW][sS]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[sS][hH][sS]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[eE][xX][eE]\)"/\1.not"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[cC][hH][mM]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[pP][iI][fF]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[hH][tT][aA]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[vV][bB][eE]\)"/\1.txt"/' \
-e \
's/\([nN][aA][mM][eE]=".*\.[sS][cC][rR]\)"/\1.txt"/' \
:0:
/home/tmp/crap
}
}