[Esa-l] Stopping Hybris via. global /etc/procmailrc
Brett Glass
brett at lariat.org
Mon Jan 8 11:06:52 PST 2001
At 05:42 AM 1/8/2001, Bjarni R. Einarsson wrote (in part):
>So I created a procmail ruleset which checks for these tell-tales,
>checks the message size and some other headers. It's a pretty tight
>match, and I doubt it will discard anything that isn't really Hybris.
>
>I'd recommend using a variation of this rule before passing the message
>on to my or John's sanitizers.
Actually, John's santizer (with my add-ons, which don't affect that part
of it) seems to have been catching Hybris for me, because I added the
list of Hybris .EXE files to my "poisoned" list. (I didn't bother to
put in any of the .SCR file names, because I poison *.SCR. This has
the advantage that it also catches MTX, which is really destructive
and hard to remove.)
What I'd prefer to the recipe you posted is something that hooks into
the existing quarantining mechanism; -- a way of creating "add-on"
filters that use the same variables I've set up for John's sanitizer. So,
if I've defined a quarantine file or a person to notify in /etc/procmailrc,
the message can be sent there without more programming. I'd also like
to keep the recipe in a separate file, so that things are modular.
--Brett
More information about the esd-l
mailing list