[plug] ProcMail help needed

Chris Griffin chrisg at doladns.dola.wa.gov.au
Fri Jul 27 09:23:22 WST 2001 

A little while ago I implemented a Procmail script to try to strip off 
certail email attachments (.vbs and .vbx).

I installed a procmail script solution onto one of  my key systems (I got 
it from the pcguru site) and all seems fine except that it issues the virus 
attachment message on all attachments, not just the ones I am filtering 
out, even though it still lets the attachments through and I am not sure it 
is filtering out the .vbs and .vbx ones. I will try to test this. It also 
seems to have filtered out a .jpg attachment when it had NOT been told to 
do so??

The following is the entire contents of my /etc/procmailrc

LOGFILE=/var/log/procmaillog
COMSAT=off

:0 B
* ^Content-Disposition:.*
* .*.vbs.*
* .*.vbx.*
* !^FROM_DAEMON
* !^X-Loop: vbscheck
{

SUBJECT=`formail -xSubject:`
ARRIVED=`formail -xDate:`

     :0 c
     /var/log/procmail.filtered

     :0
     | (formail -rt -A"Precedence: Virus" -A"X-Loop: vbscheck"; \
     echo "ATTENTION:"; \
     echo " "; \
     echo "The Mailer-Daemon at" $HOST "successfully received email from 
you"; \
     echo "on $ARRIVED with the subject: "$SUBJECT; \
     echo " "; \
     echo "However, it has found evidence of something that it believes to 
be a virus."; \
     echo " "; \
     echo "As a result, your email was NOT delivered to the recipient."; \
     echo " "; \
     echo "If you believe this to be a mistake, please email 
postmaster@"$HOST; \
     echo " "; \
     echo "Unless this is the case, please do not respond to this mail, it 
is an auto reply"; \
     ) | $SENDMAIL -oi -t -fpostmaster@$HOST
}
-------------------------------------------------------------------------------------------------------------------------------


The following is the contents of an email I got when someone sent me an 
email with a .jpg attachment. The attachment was  NOT passed through, it 
was stripped off.


ATTENTION:
The Mailer-Daemon at doladns successfully received email from you
on Tue, 15 May 2001 12:09:04 -0400 with the subject: [Ntop] Dropoff in 
performance after about an hour
However, it has found evidence of something that it believes to be a virus.
As a result, your email was NOT delivered to the recipient.
If you believe this to be a mistake, please email postmaster at doladns
Unless this is the case, please do not respond to this mail, it is an auto 
reply
_______________________________________________

Can anyone please shed any light on what is going on for me? Many thanks in 
advance.

Regards,
Chris Griffin

More information about the plug mailing list