Also, with 16074 and the updated ASSP_AFC, test 5, the dll file still gets
through.
http://www.emailsecuritycheck.net/
This is a RENAMED text file that they're sending, it's NOT a real DLL, it
just has that extension. Shouldn't the blocked extensions still reject it
though?
On Mon, Mar 14, 2016 at 11:47 AM, K Post <nntp.p...@gmail.com> wrote:
> EXCELLENT- didn't see suspicious virus setting. THanks
>
> On Sun, Mar 13, 2016 at 6:49 AM, Thomas Eckardt <
> thomas.ecka...@thockar.com> wrote:
>
>> >Is there a way to tell ClamAV or ASSP to reject even suspicious files?
>>
>> ClamAV only detects OK and FAILED (+ result string) - the result is
>> processes by assp.
>>
>> 'vsValencePB'
>>
>> RTMF:
>>
>> 'SuspiciousVirus' .... It is possible to weight such results. .....
>>
>>
>> Thomas
>>
>>
>>
>>
>> Von: K Post <nntp.p...@gmail.com>
>> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
>> Datum: 12.03.2016 20:16
>> Betreff: [Assp-test] Attachment blocking and ClamAV suspicious only
>>
>>
>>
>> 2 questions:
>>
>> 1) I've been doing some ClamAV testing. It mostly works, but I've also
>> seen:
>> [VIRUS][scoring] 149.202.232.193 <securitych...@emailsecuritycheck.net>
>> to:
>> virust...@ourdomain.org 'Eicar-Test-Signature' passing the virus check
>> because of only suspicious virus 'Eicar'
>>
>> Is there a way to tell ClamAV or ASSP to reject even suspicious files?
>>
>>
>> 2) I've got Level 1 blocking set using
>>
>> exe-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh
>>
>> Everything I've tested is blocked with the exception of DLL files and I
>> can't for the life of me figure out why. Any ideas?
>>
>> Thanks
>> Ken
>>
>> ------------------------------------------------------------------------------
>> Transform Data into Opportunity.
>> Accelerate data analysis in your applications with
>> Intel Data Analytics Acceleration Library.
>> Click to learn more.
>> http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> *******************************************************
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Transform Data into Opportunity.
>> Accelerate data analysis in your applications with
>> Intel Data Analytics Acceleration Library.
>> Click to learn more.
>> http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
>> _______________________________________________
>> Assp-test mailing list
>> Assp-test@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
