Hello Thomas, Ok, thats how it is work from your point of view, but that the reason why I am don´t understanding.
I will block attachments for all mails in and out and my settings in Attachment blocking. I never used the part " User based Good and Bad Attachments* (UserAttach)". This entry is empty from beginning. Now I understand that I need for the AFC Plugin the "User based Good and Bad Attachments* (UserAttach)" setting for working. This part is was my problem to understand, because the AFC Plugin is "on top" for me with compressed files scanning and the Userpart with UserAttach only in ASSP_AFCblockEncryptedZIP which I don´t want to use in this step. To make this clear at the beginning of the plugin will helpful. I will test it on my site. Regards Martin -----Ursprüngliche Nachricht----- Von: Thomas Eckardt [mailto:[email protected]] Gesendet: Mittwoch, 10. Februar 2016 05:53 An: ASSP development mailing list Betreff: Re: [Assp-test] fixes in assp 2.4.8 build 16036 >For: zip:user@domain=>block-in=>doc\.js >This is for a User based rule and I want it for all. zip:*=>block-in=>doc\.js analyzing zipped content, requires an user based configuration - like in any other config parameter 'user' stands for users, email addresses, domains, domain parts, groups, all ..... Thomas Von: Martin Voßloh <[email protected]> An: ASSP development mailing list <[email protected]> Datum: 10.02.2016 02:48 Betreff: Re: [Assp-test] fixes in assp 2.4.8 build 16036 I don´t understand what the ASSP_AFCblockEncrypedZIP part could do for me.. This time I only want to block files I configured in Attachment Blocking and to to the same in compressed files. In my tests the attached allowed zip file contains the unwanted .js attachment. And this is not blocked. Encrypted is nothing. In ASSP_AFCblockEncrypedZIP: "If set, encrypted or password protected compressed attachments will be blocked or replaced ..." I don´t use Encrypted or password protected Attachments. The ASSP_AFC Plugin, so I understand, give me the possibility to scan internal a compressed Attachment for "Attachment Blocking" definitions. For: zip:user@domain=>block-in=>doc\.js This is for a User based rule and I want it for all. Regards Martin ________________________________________ Von: Thomas Eckardt [[email protected]] Gesendet: Dienstag, 9. Februar 2016 18:17 An: ASSP development mailing list Betreff: Re: [Assp-test] fixes in assp 2.4.8 build 16036 simply configure what you want assp to do zip:user@domain=>block-in=>doc\.js read the Plugin doc again - ASSP_AFCblockEncrypedZIP I want to know, what is unclear in the description and the provided examples. Thomas Von: Martin Voßloh <[email protected]> An: ASSP development mailing list <[email protected]> Datum: 09.02.2016 16:56 Betreff: Re: [Assp-test] fixes in assp 2.4.8 build 16036 Hi, I understand that the AFC_Plugin could find attachments in a file like "zip". AFC will open by a max decompression level of 10 and find out files from "attachment blocking". If there is some of these files found, the mail will blocked by ASSP. Actually attachments are blocked by "Attachment blocking" if the block-file is not in a zip file. Now I have tested these function by my site, because I have received a zip file without encryption/password which has a ".doc.js" script inside I don't want. Martin -----Ursprüngliche Nachricht----- Von: Thomas Eckardt [mailto:[email protected]] Gesendet: Dienstag, 9. Februar 2016 16:30 An: ASSP development mailing list Betreff: Re: [Assp-test] fixes in assp 2.4.8 build 16036 What did you not understand, if you read the GUI for the Plugin, ClamAV, attachment blocking? Thomas Von: Martin Voßloh <[email protected]> An: ASSP development mailing list <[email protected]> Datum: 09.02.2016 15:24 Betreff: Re: [Assp-test] fixes in assp 2.4.8 build 16036 Hello, I use the assp 2.4.8 build 16036 with ClamAV and AFC Plugin. If I send me a testmail from anonymous account with an attachment name.zip without password an with a file called name2.doc.js it will not be blocked by the plugin. Bad Attachment is enabled with the default endings except .js How could I check this plugin for missing dependencies? Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] orbit.eternalimpact.info - no MX record found - (NOERROR) Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] [MissingMX] 37.48.122.29 <[email protected]> to: [email protected] [[scoring]] MX missing: beck.fr (From) Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] Message-Score: added 10 (mxValencePB) for MX missing: beck.fr (From), total score for this message is now 10 Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] [MissingMXA] 37.48.122.29 <[email protected]> to: [email protected] [[scoring]] A record missing: beck.fr (From) Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] deleting spamming safelisted tuplet: (37.48.122.0,orbit.eternalimpact.info) age: 0s Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] Message-Score: added 15 (mxaValencePB) for A record missing: beck.fr (From), total score for this message is now 25 Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] [MissingMX] 37.48.122.29 <[email protected]> to: [email protected] [[scoring]] MX missing: orbit.eternalimpact.info (Mail From:) Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] Bayesian Check - Prob: 0.00000 => ham - answer/query relation: 23% of 26 Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] [Plugin] calling plugin ASSP_AFC Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] 37.48.122.29 <[email protected]> to: [email protected] info: 1 attachment found for Level-1 Feb-09-16 14:38:18 m1-25098-12141 [Worker_8] [TLS-in] [TLS-out] [MessageOK] 37.48.122.29 <[email protected]> to: [email protected] message ok [Michi testet 25] Regards Martin ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
