I've been getting alot of spam/virus email lately that are just a blank email with an exe attachment named Greeting Card.exe or something equally retarded. My spam filter hasn't been picking up on them since there is no message to filter against so I decided to add a quick procmail rule to filter the messages out. I was able to do so by simply adding the following into my ~/.procmailrc file.

:0B:
* ^Content-Type: .*/.*;(.*$)?([ ].*$)*[ ]*name[ ]*=.*.(com|exe|pif|bat|scr)
badattachments

The :0 is the procmail tag that says this is a rule, the B tells it to scan the message body which it does not do by default. The second line is the regular expression that matches the content type line for any attachments with com, exe, pif, bat, src extension. The thrid line simply moves all that mail into my mailbox called badattachments. This could be /dev/null as well if you wanted to just rid of them right away.

posted at: 01:54 | path: /general | permanent link to this entry