On Thu, 14 Nov 2013 18:44:05 +0100, Benny Pedersen wrote:
> Antony Stone skrev den 2013-11-14 10:38:
>
>> Or MailScanner.
>
> or stop using a computer where exe files can be used :)
+1
On 11/14/2013 4:04 PM, Benny Pedersen wrote:
Kevin A. McGrail skrev den 2013-11-14 21:43:
I believe you want this information:
http://wiki.apache.org/spamassassin/RuleFilenameConventions
.pm part is not correct, since its entirely up to the pre files to
load what is needed even with files no
Kevin A. McGrail skrev den 2013-11-14 21:43:
I believe you want this information:
http://wiki.apache.org/spamassassin/RuleFilenameConventions
.pm part is not correct, since its entirely up to the pre files to load
what is needed even with files not ending in .pm :)
but use .pm for perl modu
Rob McEwen skrev den 2013-11-14 21:13:
what is that number at the beginning of .cf files signify?
Does that impact SA's actual operation?
Or is that just for human organization of files (how they sort when
browsing them)?
When adding a custom-written .cf file that is made available to the
publ
On 11/14/2013 3:13 PM, Rob McEwen wrote:
what is that number at the beginning of .cf files signify?
Does that impact SA's actual operation?
Or is that just for human organization of files (how they sort when
browsing them)?
When adding a custom-written .cf file that is made available to the
pu
what is that number at the beginning of .cf files signify?
Does that impact SA's actual operation?
Or is that just for human organization of files (how they sort when
browsing them)?
When adding a custom-written .cf file that is made available to the
public, should some kind of naming convention
David F. Skoll skrev den 2013-11-14 18:56:
> Some statistics: On our main scanning cluster on 2013-11-13, we
> blocked 176,668 messages with EXE files in zip files. ClamAV only
> detected 4,610 viruses.
and foxhole rules wont change that ?
Possibly... haven't tested them because I already
Henrik K skrev den 2013-11-14 16:49:
Funny that the thread is mostly anything other than SA.. ;-)
+1
I guess I have to create a "Zipinfo" plugin for SA, had that in mind
for a
while..
and possible use some idears from extracttext plugin ?
hands up if you make it
On Thu, 14 Nov 2013 18:54:45 +0100
Benny Pedersen wrote:
> > Some statistics: On our main scanning cluster on 2013-11-13, we
> > blocked 176,668 messages with EXE files in zip files. ClamAV only
> > detected 4,610 viruses.
> and foxhole rules wont change that ?
Possibly... haven't tested them
David F. Skoll skrev den 2013-11-14 14:57:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610 viruses.
and foxhole rules wont change that ?
stats are stats, real life is real problem :=)
Kamaldeep Singh skrev den 2013-11-14 10:46:
Thanks for information. But I have written one rule to block exe
file. Like if someone sends an email with attached exe file. It won't
send. It's display an error like "this attached file is blacklisted".
this is using amavisd imho if you see this
Robert Schetterer skrev den 2013-11-14 10:46:
http://www.cyberciti.biz/tips/postfix-block-mime-attachment-files.html
who will show a milter-reqex conf that does it ?
i just dont want postfix to be a content scanner
On 11/14/2013 06:42 PM, Benny Pedersen wrote:
Sanesecurity skrev den 2013-11-14 12:40:
i created another one for html attachment i see no risk in this rule :)
# junc.filename.cdb
junc.filename.1:CL_TYPE_MAIL:*:.html$:*:*:*:*:*:*
if it is, change cdb to cdu
ClamAV list is >> [there]
Antony Stone skrev den 2013-11-14 10:38:
Or MailScanner.
or stop using a computer where exe files can be used :)
Sanesecurity skrev den 2013-11-14 12:40:
i created another one for html attachment i see no risk in this rule :)
# junc.filename.cdb
junc.filename.1:CL_TYPE_MAIL:*:.html$:*:*:*:*:*:*
if it is, change cdb to cdu
Kamaldeep Singh skrev den 2013-11-14 10:28:
We are using SpamAssassin of version 3.3.1 running on Perl version
5.10.1.
irelevant :)
I just want to know, Is it possible to block the "exe" file with
attached zip/tar file.
http://sanesecurity.com/usage/signatures/ the foxhole rule is just f
On Thu, 14 Nov 2013, Axb wrote:
On 11/14/2013 10:38 AM, Antony Stone wrote:
On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
> > I just want to know, Is it possible to block the "exe" file with
> > attached zip/tar file.
> You may consider using amavisd.
Or MailScanner.
David F. Skoll wrote
> In my experience, ClamAV has become completely useless as a practical
> way to stop viruses. The viruses encrypt and mutate themselves much
> too quickly for ClamAV to keep up. I believe many commercial virus
> scanners are in the same boat. So we just block executables, w
On 11/14/2013 04:49 PM, Henrik K wrote:
On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
On 11/14/2013 8:57 AM, David F. Skoll wrote:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610
On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
> On 11/14/2013 8:57 AM, David F. Skoll wrote:
> >Some statistics: On our main scanning cluster on 2013-11-13, we
> >blocked 176,668 messages with EXE files in zip files. ClamAV only
> >detected 4,610 viruses. Regards, David.
> Conti
On 11/13/2013 5:51 PM, Noel Butler wrote:
On 14/11/2013 11:14, Ted Mittelstaedt wrote:
On 11/12/2013 1:39 PM, Noel Butler wrote:
On 13/11/2013 04:38, jpff wrote:
Perhaps on account of all the spam coming out of yahoo?
I see far more trash coming out of gmail, yet they never seem to list
the
On 11/14/2013 8:57 AM, David F. Skoll wrote:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610 viruses. Regards, David.
Continuing that vein, statistically, in the past 60 days, on one server
we bloc
On Thu, 14 Nov 2013 15:16:13 +0530
Kamaldeep Singh wrote:
> Is there any rule we can write so that we can blacklist the zip/tar
> files which contains "exe" file.
You most likely need to do it outside of SpamAssassin. I use MIMEDefang
(naturally enough... I wrote it) and if an email has a zip
Kamaldeep Singh wrote
> We are using SpamAssassin of version 3.3.1 running on Perl version 5.10.1.
>
> I just want to know, Is it possible to block the "exe" file with
> attached zip/tar file.
If you are using ClamAV you can add-on Third-Party Sanesecurity databases:
Foxhole databases (differen
On Thursday 14 November 2013 03:02 PM, Olivier Nicole wrote:
SpamAssassin does not block anything. It could eventually mark that some
attachment is an exe file, but that's all.
On 14.11.13 15:16, Kamaldeep Singh wrote:
Thanks for information. But I have written one rule to block exe
file. Like
Hi all!
On Don, 2013-11-14 at 10:46 +0100, Robert Schetterer wrote:
> Am 14.11.2013 10:43, schrieb Axb:
> > On 11/14/2013 10:38 AM, Antony Stone wrote:
> >> On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
[...]
> I just want to know, Is it possible to block the "exe" file
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 14.11.2013 10:43, schrieb Axb:
> On 11/14/2013 10:38 AM, Antony Stone wrote:
>> On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
>>
>>> Hi,
>>>
We are using SpamAssassin of version 3.3.1 running on Perl
version 5.10.1.
>
Hi Olivier,
Thanks for information. But I have written one rule to block exe
file. Like if someone sends an email with attached exe file. It
won't send. It's display an error like "this attached file is
blacklisted".
Is there any rule we can wr
On 11/14/2013 10:38 AM, Antony Stone wrote:
On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
Hi,
We are using SpamAssassin of version 3.3.1 running on Perl version
5.10.1.
I just want to know, Is it possible to block the "exe" file with
attached zip/tar file.
SpamAssassin do
On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
> Hi,
>
> > We are using SpamAssassin of version 3.3.1 running on Perl version
> > 5.10.1.
> >
> > I just want to know, Is it possible to block the "exe" file with
> > attached zip/tar file.
>
> SpamAssassin does not block anything
Hi,
> We are using SpamAssassin of version 3.3.1 running on Perl version 5.10.1.
>
> I just want to know, Is it possible to block the "exe" file with
> attached zip/tar file.
SpamAssassin does not block anything. It could eventually mark that some
attachment is an exe file, but that's all.
You
Hi,
We are using SpamAssassin of version 3.3.1 running on Perl version
5.10.1.
I just want to know, Is it possible to block the "exe" file with
attached zip/tar file.
--
Regards
Kamaldeep Singh
B.E. (C.S.E)
Red Hat Certif
32 matches
Mail list logo
