On Oct 21, 2009, at 12:22 PM, Pawel Salek wrote: [ snip ]
The recipe above runs ytnefprocess.pl as a filter for every message provided that it has X-MS-TNEF-Correlator header and its body contains winmail.dat string. The exit result of yynefprocess.pl is checked and the message is discarded if the message is nonzero.
Ahhh...so it matches only if the X-MS-TNEF-Correlator header is among the *top-level* headers--I was testing it with some old mail that I forwarded to myself, and it was an *embedded* header.
Actually, looking for "winmail.dat" isn't really relevant, since using that file-name isn't required. We should really check for an "application/ms-tnef" mime part, so something like this is probably better:
#################################################################### # TNEF Attachments :0 fw B * ^Content-Type:[ \t]*application/ms-tnef; |/usr/bin/ytnefprocess.plor if we wanted to avoid scanning every message body and we wanted to decode the part only when the original sender is the TNEF-Correlator, perhaps
#################################################################### # TNEF Attachments :0 * ^X-MS-TNEF-Correlator { :0 fw B * ^Content-Type:[ \t]*application/ms-tnef; |/usr/bin/ytnefprocess.pl } Thanks! Peter
Attachment:
pgpkGZLYEGchJ.pgp
Description: PGP signature