Filename delimiters in Rule or ?

General discussion about PopTray. You love it? You hate it? Talk about it here.

Moderators: KY Dave, jojobear99, Rdsok

Post Reply
matthew2582
Still here
Posts: 14
Joined: Sat Jul 24, 2004 7:54 pm

Filename delimiters in Rule or ?

Post by matthew2582 » Tue Aug 03, 2004 5:13 am

Renier provided a rule to catch - in his example - .pif attachments as :

Body -> Wildcard ->
*Content-Disposition: attachment;*filename="*.pif"*

If I want to extend that rule to catch other file extensions .zip .vbs etc - what would be the delimiter syntax - i.e. would it be :

*filename="*.pif,*.zip"* or ...

Thanks


Matthew

User avatar
Rdsok
PopTray Family
Posts: 1416
Joined: Fri Mar 19, 2004 11:36 pm
Location: Norman, Oklahoma USA
Contact:

Post by Rdsok » Tue Aug 03, 2004 6:44 am

Since you can search for any character including symbol characters there isn't a delimiter(using wildcard) so create a criteria row for each file type. Like:

...*filename="*.pif"*
...*filename="*.exe"*
...*filename="*.vbs"*
etc.

In PopTray 3.03 each criteria row is one rule, with 3.1b they can either be one row per rule or many rows per rule. (Reg Expr's do have a delimiter you can use, but that type of compare method is only available in 3.1b, if you want to learn more about Reg Expr's check out the link in my Sig.)

matthew2582
Still here
Posts: 14
Joined: Sat Jul 24, 2004 7:54 pm

Post by matthew2582 » Tue Aug 03, 2004 8:16 am

Thank you Rdsok for your reply. I am using 3.1 and have used regexp in the way you mention as well.

By the way - I was a little shocked when I looked at your link to Defeating Spyware that you did not provide the very obvious advice to NOT use Internet Explorer which is obviously highly vulnerable for all kinds of reasons like ActiveX controls.
Using the very excellent Opera 7.53 or Mozilla Firefox makes these issues of spyware and other malware garbage quite irrelevant.

I catalogued that last year I spent over 800 hours downloading updates for Adaware, Spybot etc and still my systems were always compromised.

Opera makes life so much better - in every sense !

Thanks again for your advice.

Matthew

User avatar
Rdsok
PopTray Family
Posts: 1416
Joined: Fri Mar 19, 2004 11:36 pm
Location: Norman, Oklahoma USA
Contact:

Post by Rdsok » Tue Aug 03, 2004 4:55 pm

I admit that IE has several security issues with it. If you take the time to learn about it's weaknesses and close those, you shouldn't have problems. I've used it for years without any, you just have to keep your protection up to date just like an anti-virus program. While the other browsers weaknesses haven't been exploited to the extent that IE's has, I think its just a matter of time before they are also targets (after they become popular enough). Basically, you should take a bit of time to make sure any security hole is patched or monitored no matter what browser you use.

I actually do like the other browsers quite a lot, but IE is such a major part of Windows that I feel you should still take measures to patch the problem areas it has no matter what you choose to browse the web with. Ignoring its weaknesses by just using a different browser doesn't get rid of those weaknesses only patching them will take care of them.

PS, I also use several other browsers (and browser versions) just to test the HTML code that I write from time to time.

Borgtex
Groupie
Posts: 52
Joined: Mon Mar 08, 2004 1:32 pm

Post by Borgtex » Tue Aug 03, 2004 7:36 pm

I use this regexp rule to catch attachments with some of the extensions usually used by viruses:

.cpl, .exe, .pif, .vbs, .bat, .com, .scr, .something.zip (i.e: .txt.zip)

^Content-Disposition:\s*attachment;\s*filename=".*\.(cpl|exe|pif|vbs|bat|com|scr|.{3}\.zip)"

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests