l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2004 Jan 29 07:31

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Virus deluge
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Virus deluge



On Tue 27 Jan 04, 10:39 PM, Mark K. Kim said:
> On Tue, 27 Jan 2004, Karsten M. Self wrote:
> 
> > > ================================================================================
> > > :0 B
> > > * -1
> > > * 1^0 ^Content-Transfer-Encoding: base64
> > > * 1^0 1rrAeM0gDQdlmmtNtWVfG3QRFA672grQLlgIdDhobVVL2XMWVlc87bWFzho6IHtwAj2d9r
> > > * 1^0 Ga9SG/3//7dSpCoQS7DvKZAv72JQKWmvdKWWbadVD/D//9vSfeg2mRbgbKcMvEZXguXrNq
> > > * 1^0 TBuvVXOm//9/idxR1/7/Y6uPvh3LTd755dO39hzsPp/6sfv///8xZXpCOlu2J40AUMvgDP
> > > * 1^0 Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hk
> > > * 1^0 Z3h2Z0tDwwdp3y78fy10dmV5LTIuMG9xcIxfY05wdXJmmaHdCjNcdmkLRDvZ1r5tSGRWLV
> > > * 1^0 V0jTDPIH0MgIsEjTDDKYiAqARYEDNnhPUmWtFnAb4JuraGYHK2nGAwbeAiBFcj2UWskGOE
> > > {
> > >     LOG="LOG: Virus: (Mydoom / Novar)"
> > >
> > >     :0:
> > >     Virus/
> > > }
> > > ================================================================================
> 
> I'm new to procmail so can I ask some questions?
> 
> What do ":0 B", "-1", and "1^0" do?  Does LOG do anything?
> 
> Thanks!  The rules seem to be working so far...
> 
> -Mark

hi mark!

:0 B means search just the body.  actually, every recipe starts off
with

   :0 [flags][:]

where [] indicates optional.

next is the -1.  i have no idea what the -1 does, maybe it has something
to do scoring?  i dunno.

1^0 has to do with scoring.  you can score stuff, like spam assassin.
you apply a set of tests, like regexes, and each time, you can assign a
number to either increase or decrease the score.  when you hit the
action line, in this case,

> > > {
> > >     LOG="LOG: Virus: (Mydoom / Novar)"
> > >
> > >     :0:
> > >     Virus/
> > > }

if the score is greater than 0, procmail take the action.  if the score
is less than or equal to 0, you don't take the action.  specifically,
x^y means, add x the first time the condition is matched.  then add x*y
the 2nd time the condition matches.  then add x*y*y the 3rd time the
condition matches, and so on.

so if the line

   Q2VDAuk6pQf8sthCvHkbFDMACWK8hd0C2mSZPSKSIjutcMMWTmfwLUdsuyF4o1Tjemh5hk

appears once, a score of 1 is added to the overall score.  if it appears
twice or more, no additional points are added to the score.

LOG is a directive to write to a log file.  i believe you have to define
the LOGFILE variable to point to a filepath which will be procmail's
logging file.  you can use the variable VERBOSE to turn on verbosity.

hth,
pete

-- 
Make everything as simple as possible, but no simpler.  -- Albert Einstein
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.