On 5/24/2017 9:51 AM, Thomas Eckardt wrote: > If this is detected, there are statements in the JavaScript, that should > not be used in an email. > > string.prototype. > > and/or > > charAt
Indeed, both are in there. > I'm sorry, but I'm not willing to change this. > I understand and agree. - Bob > > Von: "Robert K Coffman Jr. -Info From Data Corp." > <bcoff...@infofromdata.com> > An: assp-test@lists.sourceforge.net > Datum: 24.05.2017 15:17 > Betreff: Re: [Assp-test] ASSP_AFC error - URI in PDF > ------------------------------------------------------------------------ > > > > On 5/24/2017 8:47 AM, Thomas Eckardt wrote:> > >.....exe|exe\-bin|:CSC|hlp|ht[ab]|in[fs]|isp..... > > > I tried many permutations, including that one. > > Current: > > ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|exe\-bin|:CSC|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|ps1?|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh] > > > May-24-17 08:53:52 m1-30432-00361 [Worker_1] [TLS-in] 192.168.0.129 > <ch...@infofromdata.com> info: found message size announcement: 9.38 MByte > May-24-17 08:53:52 m1-30432-00361 [Worker_1] [TLS-in] 192.168.0.129 > <ch...@infofromdata.com> message proxied without processing - message > size (9838045) is above 500000 (npSizeOut). > May-24-17 08:53:52 m1-30432-00361 [Worker_1] [TLS-in] [NoProcessing] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > message proxied without processing (except checks enabled for > noprocessing mails) > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] 192.168.0.129 > <ch...@infofromdata.com> to: bcoff...@infofromdata.com [Plugin] calling > plugin ASSP_AFC > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] 192.168.0.129 > <ch...@infofromdata.com> to: bcoff...@infofromdata.com info: using user > based attachment check > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] [Attachment] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > SPAM FOUND bad attachment 'testfile.html' cause: 'Java script - possibly > locky (ransomware) virus' > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] [Attachment] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > SPAM FOUND replaced bad attachment 'testfile.html' cause: 'Java script - > possibly locky (ransomware) virus' with 'testfile.txt' > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] [Attachment] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > info: 1 attachment found for Level-1 > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] [Attachment] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > message proxied without processing (bad attachment 'testfile.html' > cause: 'Java script - possibly locky (ransomware) virus') > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] [Attachment] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > file path changed to -> /usr/share/assp/discarded/361--2789192.eml > May-24-17 08:54:49 m1-30432-00361 [Worker_1] [TLS-in] [Attachment] > 192.168.0.129 <ch...@infofromdata.com> to: bcoff...@infofromdata.com > [spam found] bad attachment 'testfile.html' cause: 'Java script - > possibly locky (ransomware) virus' [test 6] -> > /usr/share/assp/discarded/361--2789192.eml > > > Thanks for any help with this. > > - Bob > > On 5/24/2017 8:47 AM, Thomas Eckardt wrote: > > see the ':CSC' behind 'exe\-bin' > > > > Thomas > > > > > > Von: "Robert K Coffman Jr. -Info From Data Corp." > > <bcoff...@infofromdata.com> > > An: assp-test@lists.sourceforge.net > > Datum: 24.05.2017 14:42 > > Betreff: Re: [Assp-test] ASSP_AFC error - URI in PDF > > ------------------------------------------------------------------------ > > > > > > > > Thanks Thomas, > > > > I've added that to the default line and these are still blocked. > > Perhaps I'm not modifying the default (which is what I'm using) > correctly. > > > > > ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|exe\-bin|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|ps1?|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]|':CSC' > > > > > > -> 'exe-bin|:CSC' > > > > Can anyone help? > > > > - Bob > > > > On 5/24/2017 1:16 AM, Thomas Eckardt wrote: > > > You've defined the 'exe-bin' protection switch. To allow > JavaScript (and > > > any othet scripting language) in emails add '|:CSC' -> 'exe-bin|:CSC'. > > > > > > > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > > legally privileged and protected in law and are intended solely for the > > use of the > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > ******************************************************* > > > > > > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally privileged and protected in law and are intended solely for the > use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
