[Techtalk] stripping attachments with postfix
Dominik Schramm
dominik.schramm at gmxpro.net
Sun Jul 25 18:19:23 EST 2004
Carla Schroder <carla at bratgrrl.com> writes:
> On Friday 23 July 2004 11:03 pm, Carla Schroder wrote:
>
> This is supposed to work as a global Windows executable rejecter:
>
> /^TVqQAAMAAAAEAAA/ REJECT
Decoded, this is:
$ echo -n TVqQAAMAAAAEAAA= | mimencode -b -u | hexdump -c
0000000 M Z 220 \0 003 \0 \0 \0 004 \0 \0
000000b
$
This means, this regex will only catch compiled Windows binaries,
because they share the bytes "MZ" (I'm not so sure about the rest)
at the very beginning.
What you won't catch is the script file types like cmd, bat, vbs,
wsh, etc., and the Office document types (when looking for possible
Macro viruses) doc, xls, etc.
dominik
More information about the Techtalk
mailing list