Although more compact and --at least to some users-- easier to understand, this example simple still does not show the power of Perl. Using a sendmail configuration file, if an administrator noticed spam coming from the domains spammer.org, spammer.net and spam4you.com, a single rule would match them all, thanks to regular expressions: 'spam.+'. However, this would also block all legitimate mail from spamstoppers.org -- this can be solved either by excluding specifically this domain with 'spam[^(stoppers)]', or by including only the three offending domains, with 'spam(4you\.org|mer\.(org|net))'. Regular expressions can become, as seen here, a bit difficult to read for the new user, but they are a great, powerful tool for the seasoned administrator.
ProtoWrap not only handles the regular expressions in order to reimplement Sendmail's functionality lost while wrapping, it also implements something else, not contemplated by Sendmail: Content inspection.
Mail-based viruses have become commonplace. They are usually very fast to spread and to damage information. They do this, however, with patterns that are very easy to find. The infamous 'I Love you' virus will be taken as an example. This virus spreads as a .VBS (Visual Basic Script) attachment to email messages, all of which have 'ILOVEYOU' as a subject. Sendmail can stop this virus with the following lines located in the sendmail.cf file:
HSubject: $>Check_Subject D{WORMmsg}Access Denied - This message may contain a virus. SCheck_Subject RILOVEYOU $#error $: 501 ${WORMmsg} RRe: ILOVEYOU $#error $: 501 ${WORMmsg} RFW: ILOVEYOU $#error $: 501 ${WORMmsg} RRead: ILOVEYOU $#discard RNot read: ILOVEYOU $#discard RDelivered: ILOVEYOU $#discard RUndeliverable: ILOVEYOU $#discard
The steps followed are:
The same effect can be simply achieved using ProtoWrap, by adding the string '^Subject: .*ILOVEYOU' to the blockBodyList attribute. This one will, of course, catch every possible modification done by a client program (for example, prepending re:, Re:, RE:, ref:, Ref:, REF:, fw:, Fw:, FW:, etc.) -- a mounstrous task if using straight Sendmail syntax.