FW: [Esd-l] Log statements in the "local" Procmail recipe
John D. Hardin
jhardin at impsec.org
Tue Oct 29 09:46:01 PST 2002
On Tue, 29 Oct 2002, Smart, Dan wrote:
> procmail: Extraneous filter-flag ignored
> procmail: Extraneous deliver-head flag ignored
> procmail: Extraneous ignore-write-error flag ignored
Oops. My quick example earlier totally ignored the flags that need to
be changed.
> Local-rules.procmail ------------------------------------------
> # Detect Hybris when sent as an anonymous message.
> #
> :0
> * > 20000
> * !^Subject:
> * !^To:
> * ^Content-Type:.*multipart/mixed;
> {
> :0 B hfi
Note the "hfi" flags here. They assume that the action for *this* rule
is a filter, but that's no longer the case, so take them off, leaving
just "B" (grep the body)...
> * 1^1 ^Content-Disposition:.*\.EXE
> * 1^1 ^Content-Type:.*\.EXE
> {
> LOG="TRAPPED: Anonymous Executable (Hybris)"
> :0
...and put them here, since this action *is* a filter. Move the "hfi"
flags to this :0 and all should be well.
> | formail -A "X-Content-Security: [${HOST}] NOTIFY" \
> -A "X-Content-Security: [${HOST}] QUARANTINE" \
> -A "X-Content-Security: [${HOST}] REPORT: Trapped
> anonymous executable"
> }
> }
Similarly for the rest of the rules.
Sorry for overlooking that. I always forget to move the flags. :(
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
50 days until The Two Towers
More information about the esd-l
mailing list