Jason Haar wrote:
Karsten Bräckelmann wrote:
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
That won't stop "blah.exe?token=cookie". Web servers will still return
"blah.exe" (and the attacker can trackback who clicked on it too that
way! ;-)
How about
uri EXECUTABLE /\.(?
@Andy - I was able to parse the script that you sent me to which had neither
my problem nor my solution within it but I did find 1 problem. On my config
it was listed as 99_FVGT_Tripwire.cf as well as the script that you sent a
link to. However, located at the download site it was 88_FVGT_Tripwir
Karsten Bräckelmann wrote:
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
That won't stop "blah.exe?token=cookie". Web servers will still return
"blah.exe" (and the attacker can trackback who clicked on it too that
way! ;-)
How about
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vb
Michael Hutchinson wrote:
>
> Nice, that's going to help me tidy up some of my other custom rules.
> Once again, Thank-you Matt for the clarity on this issue. -
> happy SA user.
>
No problem.
One final suggestion. Take some time to read:
http://wiki.apache.org/spamassassin/WritingRules
This
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: 28 August 2008 1:49 p.m.
> To: Michael Hutchinson
> Cc: users@spamassassin.apache.org
> Subject: Re: e greeting exe link
>
> Michael Hutchinson wrote:
> >
> > But only match it from the last trailing / character. I
> -Original Message-
> From: John Hardin [mailto:[EMAIL PROTECTED]
> Sent: 28 August 2008 1:35 p.m.
> To: Michael Hutchinson
> Cc: users@spamassassin.apache.org
> Subject: RE: e greeting exe link
>
> On Thu, 28 Aug 2008, Michael Hutchinson wrote:
>
> > I would be hoping to match the same
Michael Hutchinson wrote:
>
> But only match it from the last trailing / character. In other words, if
> the message carries a link to "card.exe" at any address, it will be
> marked up.
>
> My thoughts were that all I would need is a rule like:
> uri MY_EXE_URI /card.exe/i
>
Caution: . is a wild
On Thu, 28 Aug 2008, Michael Hutchinson wrote:
I would be hoping to match the same sort of URL:
http://ns1.shinwa-com.co.jp/~denso/card.exe
But only match it from the last trailing / character. In other words, if
the message carries a link to "card.exe" at any address, it will be
marked up.
> -Original Message-
> From: Randal, Phil [mailto:[EMAIL PROTECTED]
> Sent: 23 August 2008 2:05 a.m.
> To: Jean-Paul Natola; users@spamassassin.apache.org
> Subject: RE: e greeting exe link
>
> uri MY_EXECUTABLE_URI
>
/^(?:https?|ftp):\/\/[^\s?]{1,80}\/[^\s?]{1,80}\.(?:exe|scr|dll|pi
On Wed, 2008-08-27 at 21:00 +, Duane Hill wrote:
> On Wed, 27 Aug 2008, Skip wrote:
> > Tell me, where did you get the SG_EXECUTABLE_URI rule? I don't have it in
> > my
> > installation.
> It was a rule that was posted to the list close to a week ago by Phil
> Randal (thread subject: e gr
/spamassassin/tripwire.cf
> <http://tripwire.cf>
> /etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f
> /etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656
> /etc/spamassassin/tripwire.cf <http://tripwire.cf>;
>
>
>
> Lint output: [14866] warn: conf
amassassin --lint failed.
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f
/etc/spamassassin/tripwire.cf/etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2;
mv -f
/etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656 /etc/spamassassin/
tripwire.cf;
L
Hi Martin,
thank you for the info.
So what I can see, Spamassassin is merely a perl module used by amavisd,
right? If I install the new version, it will just replace the old module and
add some little gadgets like sa-update?
Or could I use the sa-update script from a new version with my old
s
On Wed, 27 Aug 2008, Skip wrote:
Scored well here:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10)
X-Spam-Level: x
X-Spam-Status: Reqd:5.0 Hits:17.1 Learn:disabled Tests:JM_SOUGHT_2=4,
JM_SOUGHT_3=4,SG_EXECUTABLE_URI=3,UNPARSEABLE_RELAY=0.001,
Scored well here:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10)
X-Spam-Level: x
X-Spam-Status: Reqd:5.0 Hits:17.1 Learn:disabled Tests:JM_SOUGHT_2=4,
JM_SOUGHT_3=4,SG_EXECUTABLE_URI=3,UNPARSEABLE_RELAY=0.001,
URIBL_AB_SURBL=1.613,URIBL_BLACK=1
On Wed, 27 Aug 2008, Skip wrote:
http://pastebin.com/m5b376775
I have the botnet rules enabled and they trigger on a lot of my spam, as
well as the sought rules. But not this message. This spam however only
triggered two rules, however I feel it should have triggered more.
Yeah, it passed
On Wed, 27 Aug 2008, Skip wrote:
http://pastebin.com/m5b376775
I have the botnet rules enabled and they trigger on a lot of my spam, as well
as the sought rules. But not this message. This spam however only triggered
two rules, however I feel it should have triggered more. Yeah, it passed
http://pastebin.com/m5b376775
I have the botnet rules enabled and they trigger on a lot of my spam, as
well as the sought rules. But not this message. This spam however only
triggered two rules, however I feel it should have triggered more.
Yeah, it passed my spam threshold and was caught,
mouss wrote:
> Bowie Bailey wrote:
> > Curtis LaMasters wrote:
> > > I'm having a pretty hard time with this one for some reason,
> > > mainly because I don't understand regex. I have a large number
> > > of emails that are getting past my spamassassin setup (Maia
> > > Mailguard 1.02a) as well as
John Hardin wrote:
>
> http://oreilly.com/catalog/9780596528126/
Excellent book.
--
Bowie
Nicolas Letellier wrote:
> Hello.
>
> I use spamassassin on my Postfix/Dovecot mail server.
>
> Mailboxes are in /var/www/mail/vmail/domain.tld/user
>
> Is there a possibility to have a user_prefs for each mailbox?
>
> I don't see a similar option in
> http://wiki.apache.org/spamassassin/WhereDoLoc
Nicolas Letellier schrieb:
Le Wed, 27 Aug 2008 12:06:31 +0200,
Robert Schetterer <[EMAIL PROTECTED]> a écrit :
Nicolas Letellier schrieb:
Hello.
I use spamassassin on my Postfix/Dovecot mail server.
Mailboxes are in /var/www/mail/vmail/domain.tld/user
Is there a possibility to have a user_p
Le Wed, 27 Aug 2008 12:06:31 +0200,
Robert Schetterer <[EMAIL PROTECTED]> a écrit :
> Nicolas Letellier schrieb:
> > Hello.
> >
> > I use spamassassin on my Postfix/Dovecot mail server.
> >
> > Mailboxes are in /var/www/mail/vmail/domain.tld/user
> >
> > Is there a possibility to have a user_pr
Nicolas Letellier schrieb:
Hello.
I use spamassassin on my Postfix/Dovecot mail server.
Mailboxes are in /var/www/mail/vmail/domain.tld/user
Is there a possibility to have a user_prefs for each mailbox?
I don't see a similar option in
http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo
Hello.
I use spamassassin on my Postfix/Dovecot mail server.
Mailboxes are in /var/www/mail/vmail/domain.tld/user
Is there a possibility to have a user_prefs for each mailbox?
I don't see a similar option in
http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo?highlight=(user_prefs)
or he
Camron W. Fox wrote:
John Hardin wrote:
On Tue, 26 Aug 2008, Camron W. Fox wrote:
We are running SA V3.2.4 on RHEL5.1.
How do messages get passed to SA for scoring?
The best way is to note the internal origination of the message and
bypass SA entirely. Exactly how that is done depends
26 matches
Mail list logo
