FW: [Esd-l] Log statements in the "local" Procmail recipe

John D. Hardin jhardin at impsec.org
Tue Oct 29 09:46:01 PST 2002


On Tue, 29 Oct 2002, Smart, Dan wrote:

> procmail: Extraneous filter-flag ignored
> procmail: Extraneous deliver-head flag ignored
> procmail: Extraneous ignore-write-error flag ignored

Oops. My quick example earlier totally ignored the flags that need to
be changed.

> Local-rules.procmail ------------------------------------------
> # Detect Hybris when sent as an anonymous message.
> #
> :0
> * > 20000
> * !^Subject:
> * !^To:
> * ^Content-Type:.*multipart/mixed;
> {
>         :0 B hfi

Note the "hfi" flags here. They assume that the action for *this* rule
is a filter, but that's no longer the case, so take them off, leaving
just "B" (grep the body)...

>         * 1^1 ^Content-Disposition:.*\.EXE
>         * 1^1 ^Content-Type:.*\.EXE
>         {
>           LOG="TRAPPED: Anonymous Executable (Hybris)"
>         :0

...and put them here, since this action *is* a filter. Move the "hfi"
flags to this :0 and all should be well.

>         | formail -A "X-Content-Security: [${HOST}] NOTIFY" \
>                   -A "X-Content-Security: [${HOST}] QUARANTINE" \
>                   -A "X-Content-Security: [${HOST}] REPORT: Trapped
> anonymous executable"
>         }
> }

Similarly for the rest of the rules.

Sorry for overlooking that. I always forget to move the flags. :(

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
-----------------------------------------------------------------------
   50 days until The Two Towers



More information about the esd-l mailing list