>
> no, you do not do that. See the clamav-milter or other apropriate program.
> SA is very CPU intensive so it's better to scan with clamav directly,
> instead of using SA clamav plugin
Matus...
You are smart person.
Maybe you could tell the clamav plugin people...
;-)
Actually, yes, we do
On 03.07.08 11:04, Starckjohann, Ove wrote:
> it was NOT us, who was scoring with CLAMAV - it was Chris
> (see first respone to my initial question).
Oh, I see, sorry...
> We're using SA as "one under many" tests which the
> smtp-proxy performs during the smtp-communication.
> virus-check is d
> Matus UHLAR - fantomas writes:
> > > > one does need to score viruses in SA if (s)he can reject them directly
> >
> > On 02.07.08 09:27, Robert - elists wrote:
> > > Yes, we do that.
> > >
> > > See the SA clamav plugin
> >
> > no, you do not do that. See the clamav-milter or other apropriate
Matus UHLAR - fantomas writes:
> > > one does need to score viruses in SA if (s)he can reject them directly
>
> On 02.07.08 09:27, Robert - elists wrote:
> > Yes, we do that.
> >
> > See the SA clamav plugin
>
> no, you do not do that. See the clamav-milter or other apropriate program.
> SA is
> > one does need to score viruses in SA if (s)he can reject them directly
On 02.07.08 09:27, Robert - elists wrote:
> Yes, we do that.
>
> See the SA clamav plugin
no, you do not do that. See the clamav-milter or other apropriate program.
SA is very CPU intensive so it's better to scan with cla
>
> one does need to score viruses in SA if (s)he can reject them directly
> --
Yes, we do that.
See the SA clamav plugin
- rh
> > you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
> > score them :)
On 02.07.08 08:13, Robert - elists wrote:
> One can score an email and still reject during the SMTP session if the
> systems are setup to do so.
one does need to score viruses in SA if (s)he can reject
>
> you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
> score them :)
>
One can score an email and still reject during the SMTP session if the
systems are setup to do so.
- rh
Matus UHLAR - fantomas wrote:
we DO reject at smtp-level if we are sure that the mail is spam.
you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
score them :)
Or 1: they may use SpamAssassin during SMTP conversations in
order to reject at SMTP level based on SpamAss
> > > But pls tell me: how may CLAMAV score with 10 points ?
> > > where is the "virus" ???
> >
> > virus, phish, PUA or false-positive. I recommend reject them
> > as SMTP level, not in SA plugin, if possible
On 02.07.08 15:25, Starckjohann, Ove wrote:
> we DO reject at smtp-level if we are sur
On 02.07.08 14:58, Starckjohann, Ove wrote:
please configura your mail client to wrap lines below 80 characters per
linx. 72 to 76 is good.
> i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still
> using SA_3.17...so maybe those rules are only embedded into the 3.2x'er
> SA.
On Wed, 2008-07-02 at 13:40 +0200, Arvid Ephraim Picciani wrote:
> >Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
> >EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
> > Mon, 30 Jun 2008 18:58:44 +0200
>
> huh? what's that weird IP doing there?
yahoo trans
On Wed, 2 Jul 2008, Arvid Ephraim Picciani wrote:
Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
It's a version.
>Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
>EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
>Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
--
best regards
Arvid Ephraim Picciani
Starckjohann, Ove wrote:
Hello!
during the last days i do get the following mails and i'm unable to
catch/score them
http://www.norddeutsche.de/temp/20080630185844296.eml.txt
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---
On Wednesday 02 July 2008 4:08 am, Starckjohann, Ove wrote:
> Hello!
>
> during the last days i do get the following mails and i'm unable to
> catch/score them
>
> http://www.norddeutsche.de/temp/20080630185844296.eml.txt
> http://www.norddeutsche.de/temp/20080701190353407.eml.txt
>
> Any tips/
16 matches
Mail list logo
