[Esd-l] Log statements in the "local" Procmail recipe

Smart, Dan SmartD at VMCMAIL.com
Wed Oct 23 07:17:00 PDT 2002


Classification: PUBLIC

I'm trying to get the sample "local" Procmail recipe to log.  I added the
LOG="TRAPPED: Klez or BugBear worm"
What I want is to add a log statement to each test in this recipe, but I
don't want to break the logic.  Everything I try gives me "extraneous flags"
errors, so I'm doing something wrong.  Can someone suggest a change to add a
log statement for each action?

TIA
<<Dan>>

============== local recipe ==========================================

:0
* > 50000
* ^Content-Type:.*multipart/alternative;
{
        :0 B
        * \<i?frame +src=(3D)?cid:.* height=(3D)?[0-9] +width=(3D)?[0-9]>
        * ^Content-Type:.*audio/
        * ^Content-ID:.*<
        * ^Content-Transfer-Encoding: base64
        * ^TVqQAAMAAAAEAAAA
        {
          LOG="TRAPPED: Klez or BugBear worm, Message Quarantined"
                :0 hfi
                * > 100000
                | formail -A "X-Content-Security: [$HOST] NOTIFY" \
                          -A "X-Content-Security: [$HOST] DISCARD" \
                          -A "X-Content-Security: [$HOST] REPORT: Trapped
possible Klez worm - see
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too
l.html"

                :0 E hfi
                * > 50000
                | formail -A "X-Content-Security: [$HOST] NOTIFY" \
                          -A "X-Content-Security: [$HOST] DISCARD" \
                          -A "X-Content-Security: [$HOST] REPORT: Trapped
possible BugBear worm - see
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.remov
al.tool.html"

        }

        :0 B E hfi
        * H ?? ^Subject: A( (special|very))?[ ][ ][a-z]
        * ^Content-Type:.*application/octet-stream
        * ^Content-ID:
        * ^Content-Transfer-Encoding: base64
        * ^TVqQAAMAAAAEAAAA
          | formail -A "X-Content-Security: [$HOST] NOTIFY" \
                    -A "X-Content-Security: [$HOST] DISCARD" \
                    -A "X-Content-Security: [$HOST] REPORT: Trapped possible
Klez worm - see
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too
l.html"
}



<<Dan>>
Dan Smart
Vulcan Materials

[demime 0.98e removed an attachment of type application/octet-stream which had a name of Daniel J Smart (E-mail).vcf]



More information about the esd-l mailing list