> |...
> | If I'm not mistaken the very same regular expression that detects mail
> | bodies with sobig and many other viruses and worms will also detect this
> | new worm:
> |
> | "^TV[nopqr][A-Z]...[AB]..A.A....*AAAA...*AAAA"
>
> Your post prompted me to try this in a redirect router, since it
> sounded trivial (no need for the exiscan patch). I must be missing
> something obvious, since I can't get it to work. I added this router
> definition above the normal alias and local delivery routers:
>
> check_exe:
> driver = redirect
> no_verify
> data = ${if match { $message_body } \
> { "TV[nopqr][A-Z]...[AB]..A.A....*AAAA...*AAAA" } \
Try:
{TV[nopqr][A-Z]...[AB]..A.A....*AAAA...*AAAA}
there. You're actually searching for the string:
-- "TV[nopqr][A-Z]...[AB]..A.A....*AAAA...*AAAA" --
(I put the double dash to show the space at the end).
> {exe} fail }
>
> I left off the ^ since in $message_body newlines have been converted
> to spaces. message_body_visible is set to 2000, which is more than
> enough to include the first few lines of the attachment in the test
> message I tried. pcretest says the pattern matches the text
> cut&pasted from the message (with newlines converted to spaces).
>
> But the router doesn't handle the message. I feel stupid, what am I
> missing?
>
> - Fred
>
>
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
--
Lab tests show that use of micro$oft causes cancer in lab animals