>
> no, you do not do that. See the clamav-milter or other apropriate program.
> SA is very CPU intensive so it's better to scan with clamav directly,
> instead of using SA clamav plugin
Matus...
You are smart person.
Maybe you could tell the clamav plugin people...
;-)
Actually, yes, we do
On 03.07.08 11:04, Starckjohann, Ove wrote:
> it was NOT us, who was scoring with CLAMAV - it was Chris
> (see first respone to my initial question).
Oh, I see, sorry...
> We're using SA as "one under many" tests which the
> smtp-proxy performs during the smtp-communication.
> virus-check is d
> Matus UHLAR - fantomas writes:
> > > > one does need to score viruses in SA if (s)he can reject them directly
> >
> > On 02.07.08 09:27, Robert - elists wrote:
> > > Yes, we do that.
> > >
> > > See the SA clamav plugin
> >
> > no, you do not do that. See the clamav-milter or other apropriate
ve Starckjohann
> -Ursprüngliche Nachricht-
> Von: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 2. Juli 2008 15:30
> An: users@spamassassin.apache.org
> Betreff: Re: i'm unable to catch these
>
>
> > > > But pls tell me: how ma
Matus UHLAR - fantomas writes:
> > > one does need to score viruses in SA if (s)he can reject them directly
>
> On 02.07.08 09:27, Robert - elists wrote:
> > Yes, we do that.
> >
> > See the SA clamav plugin
>
> no, you do not do that. See the clamav-milter or other apropriate program.
> SA is
> > one does need to score viruses in SA if (s)he can reject them directly
On 02.07.08 09:27, Robert - elists wrote:
> Yes, we do that.
>
> See the SA clamav plugin
no, you do not do that. See the clamav-milter or other apropriate program.
SA is very CPU intensive so it's better to scan with cla
>
> one does need to score viruses in SA if (s)he can reject them directly
> --
Yes, we do that.
See the SA clamav plugin
- rh
Starckjohann, Ove wrote:
Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 30 Jun 2008 18:58:44 +0200
10.10.10.21 is MY address. It's a smtp-PROXY which passes through the
smtp-connection to EXCHANG
On Wednesday 02 July 2008 16:34:12 SM wrote:
> At 05:23 02-07-2008, Starckjohann, Ove wrote:
> >10.10.10.21 is MY address. It's a smtp-PROXY which passes through
> >the smtp-connection to EXCHANGE02.
>
> Network tests on the message headers will be ineffective.
>
that was my worry. With the defaul
> > you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
> > score them :)
On 02.07.08 08:13, Robert - elists wrote:
> One can score an email and still reject during the SMTP session if the
> systems are setup to do so.
one does need to score viruses in SA if (s)he can reject
>
> you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
> score them :)
>
One can score an email and still reject during the SMTP session if the
systems are setup to do so.
- rh
> At 05:23 02-07-2008, Starckjohann, Ove wrote:
> >10.10.10.21 is MY address. It's a smtp-PROXY which passes through
> >the smtp-connection to EXCHANGE02.
On 02.07.08 07:34, SM wrote:
> Network tests on the message headers will be ineffective.
not if the 10.10.10.21 is in trusted_networks and in
At 05:23 02-07-2008, Starckjohann, Ove wrote:
10.10.10.21 is MY address. It's a smtp-PROXY which passes through
the smtp-connection to EXCHANGE02.
Network tests on the message headers will be ineffective.
Regards,
-sm
Matus UHLAR - fantomas wrote:
we DO reject at smtp-level if we are sure that the mail is spam.
you seem not to reject viruses at SMTP level ;) otherwise clamav couldn't
score them :)
Or 1: they may use SpamAssassin during SMTP conversations in
order to reject at SMTP level based on SpamAss
> > > But pls tell me: how may CLAMAV score with 10 points ?
> > > where is the "virus" ???
> >
> > virus, phish, PUA or false-positive. I recommend reject them
> > as SMTP level, not in SA plugin, if possible
On 02.07.08 15:25, Starckjohann, Ove wrote:
> we DO reject at smtp-level if we are sur
> > But pls tell me: how may CLAMAV score with 10 points ?
> > where is the "virus" ???
>
> virus, phish, PUA or false-positive. I recommend reject them
> as SMTP level, not in SA plugin, if possible
we DO reject at smtp-level if we are sure that the mail is spam.
Our smtp-proxy is doing own te
On 02.07.08 14:58, Starckjohann, Ove wrote:
please configura your mail client to wrap lines below 80 characters per
linx. 72 to 76 is good.
> i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still
> using SA_3.17...so maybe those rules are only embedded into the 3.2x'er
> SA.
Starckjohann, Ove wrote:
nice .-)
i added L_UNVERIFIED_YAHOO and GEO_QUERY_STRING to my rules, as i'm still using
SA_3.17...so maybe those rules are only embedded into the 3.2x'er SA.
But pls tell me: how may CLAMAV score with 10 points ?
where is the "virus" ???
This is probably ClamAV wit
he Nachricht-
> Von: Chris [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 2. Juli 2008 13:29
> An: users@spamassassin.apache.org
> Betreff: Re: i'm unable to catch these
>
>
> On Wednesday 02 July 2008 4:08 am, Starckjohann, Ove wrote:
> > Hello!
> >
> &g
> -Ursprüngliche Nachricht-
> Von: McDonald, Dan [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 2. Juli 2008 14:00
> An: users@spamassassin.apache.org
> Betreff: Re: i'm unable to catch these
>
>
> On Wed, 2008-07-02 at 13:40 +0200, Arvid Ephraim Picciani w
On Wed, 2008-07-02 at 13:40 +0200, Arvid Ephraim Picciani wrote:
> >Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
> >EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
> > Mon, 30 Jun 2008 18:58:44 +0200
>
> huh? what's that weird IP doing there?
yahoo trans
On Wed, 2 Jul 2008, Arvid Ephraim Picciani wrote:
Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
It's a version.
>Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
>EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
>Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
--
best regards
Arvid Ephraim Picciani
Starckjohann, Ove wrote:
Hello!
during the last days i do get the following mails and i'm unable to
catch/score them
http://www.norddeutsche.de/temp/20080630185844296.eml.txt
Content analysis details: (9.1 points, 5.0 required)
pts rule name description
---
On Wednesday 02 July 2008 4:08 am, Starckjohann, Ove wrote:
> Hello!
>
> during the last days i do get the following mails and i'm unable to
> catch/score them
>
> http://www.norddeutsche.de/temp/20080630185844296.eml.txt
> http://www.norddeutsche.de/temp/20080701190353407.eml.txt
>
> Any tips/
Hello!
during the last days i do get the following mails and i'm unable to
catch/score them
http://www.norddeutsche.de/temp/20080630185844296.eml.txt
http://www.norddeutsche.de/temp/20080701190353407.eml.txt
Any tips/hints how to score them ?
Ove Starckjohann
26 matches
Mail list logo
