[Esd-l] Catching email based on subject 2

Paul Ferwerda paul at ferwerda.net
Wed Jan 8 06:04:00 PST 2003


Do I choose quarantining over stripping by making sure that the STRIPPED_EXECUTABLES variable is commented out and the SECURITY_QUARANTINE is a valid file?

Thanks,
Paul

At 09:10 PM 1/7/2003 -0800, John D. Hardin wrote:
>On Sun, 5 Jan 2003, Paul Ferwerda wrote:
>
>> Resend trying to keep formatting...
>
>:)
>
>> I don't want to have to download an email containing that stuff.  
>> What is the best way to set up a rule in my local-rules.procmail
>> in order to intercept that sort of message?
>
>Grab the suggested default local rules and set up a quarantine. Then
>these messages won't even make it to your inbox.
>
>> SECURITY NOTICE:
>> 
>> The mail system has removed a file attachment from this message.
>> The attachment has been discarded.
>> 
>> Please contact your system administrator for details.
>> 
>> Filename: Zoj.bat
>
>If you choose to strip rather than quarantine, you are saying that you
>want to get the non-executable part of the message.
>
>Note that worm writers make it intentionally difficult to filter by
>subject. If you really want to do that, then search the archives of
>the procmail mailing list. They will have better examples of that than
>the ESD list does.
>
>Best of luck!
>
>--
> John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
> jhardin at impsec.org                        pgpk -a jhardin at impsec.org
> key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
>-----------------------------------------------------------------------
>  The fetters imposed on liberty at home have ever been forged out
>  of the weapons provided for defense against real, pretended, or
>  imaginary dangers from abroad.
>                                            -- James Madison, 1799
>-----------------------------------------------------------------------
>   665 days until the Presidential Election



More information about the esd-l mailing list