>> if $header_X-MailScanner matches "Found to be clean"
>> then
>> if $header_Content-type matches "(multipart/mixed)" and
>> $header_X-Mailer matches "Microsoft Outlook Express 6.00.2600.0000"
>> and $message_body matches
>> "name(:|=)\"(your_document.pif|document_all.pif|thank_you.pif|
>> your_details.pif|details.pif|document_9446.pif|application.pif
>> |wicked_scr.scr|movie0045.pif)\""
>> then
>> seen finish
>> endif
>> endif
>
> Wouldn't it just be easier to do...
>
> discard log_message = "DISCARD: Message contained ($found_extension)."
> demime = scr:pif
no. mail relays receive legitimate scr and pif attachments. you
need to filter for the specific ones avleen mentioned.
randy
