Hey everyone: Thanks a million for all of the replies. Here is what I got working (this one is for the W32.Hybris virus): ## DEFAULT=/var/mail/$USER PATH=/usr/bin:/opt/bin SHELL=/bin/sh LOGFILE=$HOME/.procmail.log LOGABSTRACT=yes LOCKFILE=$HOME/.lockmail :0 * ^From:.*hahaha@sexyfun.net * ^Subject: Snowhite and the Seven Dwarfs my-virus-folder ## Other suggestions were: ## Spambouncer: http://www.spambouncer.org/ ## ## Filtering in this fashion: LOGFILE="/home1/mail/logs/PROCMAILLOG" :0 :0 B * [.$]*name=.*\.vbs[.$]* /home3/mail/Quarantine/Quarantine_vbs :0 B * [.$]*name=.*\.exe[.$]* /home3/mail/Quarantine/Quarantine_exe :0 B * [.$]*name=.*\.shs[.$]* /home3/mail/Quarantine/Quarantine_shs :0 B * [.$]*name=.*\.pif[.$]* /home3/mail/Quarantine/Quarantine_pif :0 B * [.$]*name=.*\.scr[.$]* /home3/mail/Quarantine/Quarantine_scr ## ## Linux Journal article on using procmail: http://www.linuxjournal.com/article.php?sid=4882 ## ## Article on how to re-name attachments to disable them (I'm still looking into this one too :D): http://www.impsec.org/email-tools/procmail-security.html ## Thanks to: Dennis Kelly Karl Vogel Peter Watkins Chaos Golubitsky Mike Bruno Thomas Payarle Bob Rahe Thanks again everyone! Happy Valentines day! -------------------------------------------- Giovanni Navarrette USLink Internet Systems Administrator Email :: gio@uslink.net _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Feb 14 11:15:24 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:34 EST