At 17:56 04/05/2000 +0100, you wrote:
>How good a filter can we come up with for generic VBS embeddeds - I
>fear that there will be a rash of follow ons on this one pretty soon.
Well, that's the only filter that was necessary at the time.
> if ($message_body matches "^\\s+name=[A-Za-z0-9_-.]+.[vV][bB][sS]" or
> $message_body matches "^begin \\d\\d\\d .+\\.[vV][bB][sS]")
> ... then/action/endif
That is something I would like to explore further, but obviously it would
be very nice and helpful to be able to expand to the virus names for the
fail message from the filename in the body.
>Do all MS MIME senders send attachments that way - ie name= line on a
>new line with just leading spaces??
Not necessarily. However, in my tests I've found that "name=" is the lowest
common denominator (Eudora uses name=, Outlook uses filename=), although
the name may be quoted (in my tests it wasn't, considering that the words
are interconnected with dashes).
>is a problem with quoting - hence the \\ in there. Is a ^ [beginning
>of line anchor] OK to use here, or does it have to match a previous
Regexps would be helpful with a generic error message.
Andromeda
- The Andromeda HTML Workshop -
http://www.htmlworkshop.com/
Home of Search & Replace 98
