Axb skrev den 2013-11-15 12:19:
- not at all. I'll beep you offlist
beep ?, do you know henrik verry well ? :=)
Henrik K skrev den 2013-11-15 12:15:
or a one liner in a ClamV .cdb sig file :)
And it will match even word documents since they are a zip. :-P No way
to
count files in archive etc, not very flexible yeah..
post the one liner that does this, so others here can help make it work,
hidded pro
On 11/15/2013 12:15 PM, Henrik K wrote:
On Thu, Nov 14, 2013 at 04:53:48PM +0100, Axb wrote:
On 11/14/2013 04:49 PM, Henrik K wrote:
On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
On 11/14/2013 8:57 AM, David F. Skoll wrote:
Some statistics: On our main scanning cluster on
On Thu, Nov 14, 2013 at 04:53:48PM +0100, Axb wrote:
> On 11/14/2013 04:49 PM, Henrik K wrote:
> >On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
> >>On 11/14/2013 8:57 AM, David F. Skoll wrote:
> >>>Some statistics: On our main scanning cluster on 2013-11-13, we
> >>>blocked 176,
Jari Fredriksson skrev den 2013-11-15 09:20:
14.11.2013 19:44, Benny Pedersen kirjoitti:
Antony Stone skrev den 2013-11-14 10:38:
Or MailScanner.
or stop using a computer where exe files can be used :)
Like a VAX/VMS?
just a as 400 with serial monitor in monocrome yellow :)
15.11.2013 10:20, Jari Fredriksson kirjoitti:
> 14.11.2013 19:44, Benny Pedersen kirjoitti:
>> Antony Stone skrev den 2013-11-14 10:38:
>>
>>> Or MailScanner.
>> or stop using a computer where exe files can be used :)
>>
>>
> Like a VAX/VMS?
>
Or CLI under Linux.
--
jarif.bit
signature.asc
De
14.11.2013 19:44, Benny Pedersen kirjoitti:
> Antony Stone skrev den 2013-11-14 10:38:
>
>> Or MailScanner.
>
> or stop using a computer where exe files can be used :)
>
>
Like a VAX/VMS?
--
jarif.bit
signature.asc
Description: OpenPGP digital signature
On Thu, 14 Nov 2013 18:44:05 +0100, Benny Pedersen wrote:
> Antony Stone skrev den 2013-11-14 10:38:
>
>> Or MailScanner.
>
> or stop using a computer where exe files can be used :)
+1
David F. Skoll skrev den 2013-11-14 18:56:
> Some statistics: On our main scanning cluster on 2013-11-13, we
> blocked 176,668 messages with EXE files in zip files. ClamAV only
> detected 4,610 viruses.
and foxhole rules wont change that ?
Possibly... haven't tested them because I already
Henrik K skrev den 2013-11-14 16:49:
Funny that the thread is mostly anything other than SA.. ;-)
+1
I guess I have to create a "Zipinfo" plugin for SA, had that in mind
for a
while..
and possible use some idears from extracttext plugin ?
hands up if you make it
On Thu, 14 Nov 2013 18:54:45 +0100
Benny Pedersen wrote:
> > Some statistics: On our main scanning cluster on 2013-11-13, we
> > blocked 176,668 messages with EXE files in zip files. ClamAV only
> > detected 4,610 viruses.
> and foxhole rules wont change that ?
Possibly... haven't tested them
David F. Skoll skrev den 2013-11-14 14:57:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610 viruses.
and foxhole rules wont change that ?
stats are stats, real life is real problem :=)
Kamaldeep Singh skrev den 2013-11-14 10:46:
Thanks for information. But I have written one rule to block exe
file. Like if someone sends an email with attached exe file. It won't
send. It's display an error like "this attached file is blacklisted".
this is using amavisd imho if you see this
Robert Schetterer skrev den 2013-11-14 10:46:
http://www.cyberciti.biz/tips/postfix-block-mime-attachment-files.html
who will show a milter-reqex conf that does it ?
i just dont want postfix to be a content scanner
On 11/14/2013 06:42 PM, Benny Pedersen wrote:
Sanesecurity skrev den 2013-11-14 12:40:
i created another one for html attachment i see no risk in this rule :)
# junc.filename.cdb
junc.filename.1:CL_TYPE_MAIL:*:.html$:*:*:*:*:*:*
if it is, change cdb to cdu
ClamAV list is >> [there]
Antony Stone skrev den 2013-11-14 10:38:
Or MailScanner.
or stop using a computer where exe files can be used :)
Sanesecurity skrev den 2013-11-14 12:40:
i created another one for html attachment i see no risk in this rule :)
# junc.filename.cdb
junc.filename.1:CL_TYPE_MAIL:*:.html$:*:*:*:*:*:*
if it is, change cdb to cdu
Kamaldeep Singh skrev den 2013-11-14 10:28:
We are using SpamAssassin of version 3.3.1 running on Perl version
5.10.1.
irelevant :)
I just want to know, Is it possible to block the "exe" file with
attached zip/tar file.
http://sanesecurity.com/usage/signatures/ the foxhole rule is just f
On Thu, 14 Nov 2013, Axb wrote:
On 11/14/2013 10:38 AM, Antony Stone wrote:
On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
> > I just want to know, Is it possible to block the "exe" file with
> > attached zip/tar file.
> You may consider using amavisd.
Or MailScanner.
rong list for ClamAV stuff, so I'll be off ;)
Cheers,
Steve
Sanesecurity.com
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Block-exe-in-attachment-tp107195p107209.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On 11/14/2013 04:49 PM, Henrik K wrote:
On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
On 11/14/2013 8:57 AM, David F. Skoll wrote:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610
On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
> On 11/14/2013 8:57 AM, David F. Skoll wrote:
> >Some statistics: On our main scanning cluster on 2013-11-13, we
> >blocked 176,668 messages with EXE files in zip files. ClamAV only
> >detected 4,610 viruses. Regards, David.
> Conti
On 11/14/2013 8:57 AM, David F. Skoll wrote:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610 viruses. Regards, David.
Continuing that vein, statistically, in the past 60 days, on one server
we bloc
On Thu, 14 Nov 2013 15:16:13 +0530
Kamaldeep Singh wrote:
> Is there any rule we can write so that we can blacklist the zip/tar
> files which contains "exe" file.
You most likely need to do it outside of SpamAssassin. I use MIMEDefang
(naturally enough... I wrote it) and if an email has a zip
pamassassin.1065346.n5.nabble.com/Block-exe-in-attachment-tp107195p107203.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Thursday 14 November 2013 03:02 PM, Olivier Nicole wrote:
SpamAssassin does not block anything. It could eventually mark that some
attachment is an exe file, but that's all.
On 14.11.13 15:16, Kamaldeep Singh wrote:
Thanks for information. But I have written one rule to block exe
file. Like
Hi all!
On Don, 2013-11-14 at 10:46 +0100, Robert Schetterer wrote:
> Am 14.11.2013 10:43, schrieb Axb:
> > On 11/14/2013 10:38 AM, Antony Stone wrote:
> >> On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
[...]
> I just want to know, Is it possible to block the "exe" file
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 14.11.2013 10:43, schrieb Axb:
> On 11/14/2013 10:38 AM, Antony Stone wrote:
>> On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
>>
>>> Hi,
>>>
We are using SpamAssassin of version 3.3.1 running on Perl
version 5.10.1.
>
Hi Olivier,
Thanks for information. But I have written one rule to block exe
file. Like if someone sends an email with attached exe file. It
won't send. It's display an error like "this attached file is
blacklisted".
Is there any rule we can wr
On 11/14/2013 10:38 AM, Antony Stone wrote:
On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
Hi,
We are using SpamAssassin of version 3.3.1 running on Perl version
5.10.1.
I just want to know, Is it possible to block the "exe" file with
attached zip/tar file.
SpamAssassin do
On Thursday 14 November 2013 at 10:32:06, Olivier Nicole wrote:
> Hi,
>
> > We are using SpamAssassin of version 3.3.1 running on Perl version
> > 5.10.1.
> >
> > I just want to know, Is it possible to block the "exe" file with
> > attached zip/tar file.
>
> SpamAssassin does not block anything
Hi,
> We are using SpamAssassin of version 3.3.1 running on Perl version 5.10.1.
>
> I just want to know, Is it possible to block the "exe" file with
> attached zip/tar file.
SpamAssassin does not block anything. It could eventually mark that some
attachment is an exe file, but that's all.
You
Hi,
We are using SpamAssassin of version 3.3.1 running on Perl version
5.10.1.
I just want to know, Is it possible to block the "exe" file with
attached zip/tar file.
--
Regards
Kamaldeep Singh
B.E. (C.S.E)
Red Hat Certif
33 matches
Mail list logo
