[Esd-l] Catching email based on subject 2

Paul Ferwerda paul at ferwerda.net
Wed Jan 8 06:04:00 PST 2003

Do I choose quarantining over stripping by making sure that the STRIPPED_EXECUTABLES variable is commented out and the SECURITY_QUARANTINE is a valid file?


At 09:10 PM 1/7/2003 -0800, John D. Hardin wrote:
>On Sun, 5 Jan 2003, Paul Ferwerda wrote:
>> Resend trying to keep formatting...
>> I don't want to have to download an email containing that stuff.  
>> What is the best way to set up a rule in my local-rules.procmail
>> in order to intercept that sort of message?
>Grab the suggested default local rules and set up a quarantine. Then
>these messages won't even make it to your inbox.
>> The mail system has removed a file attachment from this message.
>> The attachment has been discarded.
>> Please contact your system administrator for details.
>> Filename: Zoj.bat
>If you choose to strip rather than quarantine, you are saying that you
>want to get the non-executable part of the message.
>Note that worm writers make it intentionally difficult to filter by
>subject. If you really want to do that, then search the archives of
>the procmail mailing list. They will have better examples of that than
>the ESD list does.
>Best of luck!
> John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
> jhardin at impsec.org                        pgpk -a jhardin at impsec.org
> key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
>  The fetters imposed on liberty at home have ever been forged out
>  of the weapons provided for defense against real, pretended, or
>  imaginary dangers from abroad.
>                                            -- James Madison, 1799
>   665 days until the Presidential Election

More information about the esd-l mailing list