[Esd-l] Catching email based on subject 2

John D. Hardin jhardin at impsec.org
Tue Jan 7 21:14:49 PST 2003


On Sun, 5 Jan 2003, Paul Ferwerda wrote:

> Resend trying to keep formatting...

:)

> I don't want to have to download an email containing that stuff.  
> What is the best way to set up a rule in my local-rules.procmail
> in order to intercept that sort of message?

Grab the suggested default local rules and set up a quarantine. Then
these messages won't even make it to your inbox.

> SECURITY NOTICE:
> 
> The mail system has removed a file attachment from this message.
> The attachment has been discarded.
> 
> Please contact your system administrator for details.
> 
> Filename: Zoj.bat

If you choose to strip rather than quarantine, you are saying that you
want to get the non-executable part of the message.

Note that worm writers make it intentionally difficult to filter by
subject. If you really want to do that, then search the archives of
the procmail mailing list. They will have better examples of that than
the ESD list does.

Best of luck!

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
-----------------------------------------------------------------------
   665 days until the Presidential Election



More information about the esd-l mailing list