There are too many things wrong:
- the DATA end sequence is not detected
- [MessageOK] is not logged before the Plugin is called
- 250 is sent to the local MTA but SPAM was detected ?
- this is an outgoing mail!?
- 'wlAttachLog' must be set to 'no Collect' - even if 'wlAttachLog' would
be ignored 16080 is falling back hardcoded to 'discarded' in this case
Thomas
Von: aquilinux <[email protected]>
An: For Users of ASSP <[email protected]>
Datum: 21.03.2016 16:57
Betreff: Re: [Assp-user] bad attachment [...] possibly a virus
infected file (can't extract archive)'
here is full log:
Mar-21-16 15:28:49 [Worker_1] 207.82.80.152 [SMTP Reply] 220 EAIT - Keep
it
legit, or keep out
Mar-21-16 15:28:49 [Worker_1] 207.82.80.152 [SMTP Reply] 250 DSN
Mar-21-16 15:28:49 [Worker_1] 207.82.80.152 [SMTP Reply] 220 2.0.0 Ready
to
start TLS
Mar-21-16 15:28:49 [Worker_1] [TLS-in] [TLS-out] 207.82.80.152 [SMTP
Reply]
250 DSN
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> [SMTP Reply] 250 2.1.0 Ok
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 250
2.1.5
Ok
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 354 End
data with <CR><LF>.<CR><LF>
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] Whitelisted sender
address: [email protected] for recipient [email protected]
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] Whitelisted sender
address: [email protected] for recipient [email protected]
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] Admininfo: whitelist
addition: [email protected] - AutoWhite on sent mail by [email protected]
Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] Admininfo: whitelist
addition: [email protected] - AutoWhite on sent mail by [email protected]
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] [Plugin] calling
plugin ASSP_AFC
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] info: attachment
imageda77b6.PNG found for Level-1
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] info: using user
based
compressed attachment check
Mar-21-16 15:28:51 [Worker_1] Info: will detect executables in compressed
files
Mar-21-16 15:28:51 [Worker_1] Info: analyzing compressed file
/opt/assp/tmp/zip_1_1458570531/imageda77b6.PNG at zip-level 0
Mar-21-16 15:28:51 [Worker_1] Info: looking for filetype in: .png .x-png
Mar-21-16 15:28:51 [Worker_1] Info:
/opt/assp/tmp/zip_1_1458570531/imageda77b6.PNG seems not to be a
compressed
file
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] info: attachment
setupBarraTelefonica.zip found for Level-1
Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] info: using user
based
compressed attachment check
Mar-21-16 15:28:51 [Worker_1] Info: will detect executables in compressed
files
Mar-21-16 15:28:51 [Worker_1] Info: analyzing compressed file
/opt/assp/tmp/zip_1_1458570531/setupBarraTelefonica.zip at zip-level 0
Mar-21-16 15:28:51 [Worker_1] Info: looking for filetype in: .zip
Mar-21-16 15:28:51 [Worker_1] Info: found compressed file with type: 'zip'
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 207.82.80.152 <[email protected]> to: [email protected] SPAM
FOUND bad attachment 'setupBarraTelefonica.zip' is a 'compressed file
'setupBarraTelefonica.zip' - contains forbidden executable file setup.exe
-
type: Win32 EXE'
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 207.82.80.152 <[email protected]> to: [email protected] mail
blocked by Plugin ASSP_AFC - reason BadAttachment
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 207.82.80.152 <[email protected]> to: [email protected] [spam
found] (BadAttachment) [Setup barra telefonica NCO2];
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 250 OK
Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 221
<myassp> closing transmission
plugin ASSP_AFC is running with priority 6.
regards,
aqx
On Mon, Mar 21, 2016 at 4:42 PM, Thomas Eckardt
<[email protected]>
wrote:
> >grep m1-70529-07242 /opt/assp/logs/maillog.txt
>
> Session log contains some times no mailID (m1-70529-07242) in the
> loglines. Please post the complete content for this mail
>
> Thomas
>
>
>
> Von: aquilinux <[email protected]>
> An: For Users of ASSP <[email protected]>
> Datum: 21.03.2016 16:09
> Betreff: Re: [Assp-user] bad attachment [...] possibly a virus
> infected file (can't extract archive)'
>
>
>
> Here is another case of not stored message:
>
> root@assp2:~# grep m1-70529-07242 /opt/assp/logs/maillog.txt
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> [SMTP Reply] 250 2.1.0 Ok
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 250
> 2.1.5
> Ok
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 354
End
> data with <CR><LF>.<CR><LF>
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] Whitelisted sender
> address: [email protected] for recipient [email protected]
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] Whitelisted sender
> address: [email protected] for recipient [email protected]
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] Admininfo:
whitelist
> addition: [email protected] - AutoWhite on sent mail by
[email protected]
> Mar-21-16 15:28:49 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] Admininfo:
whitelist
> addition: [email protected] - AutoWhite on sent mail by
[email protected]
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] [Plugin] calling
> plugin ASSP_AFC
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] info: attachment
> imageda77b6.PNG found for Level-1
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] info: using user
> based
> compressed attachment check
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] info: attachment
> setupBarraTelefonica.zip found for Level-1
> Mar-21-16 15:28:51 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] info: using user
> based
> compressed attachment check
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> [Attachment] 207.82.80.152 <[email protected]> to: [email protected] SPAM
> FOUND bad attachment 'setupBarraTelefonica.zip' is a 'compressed file
> 'setupBarraTelefonica.zip' - contains forbidden executable file
setup.exe
> -
> type: Win32 EXE'
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> [Attachment] 207.82.80.152 <[email protected]> to: [email protected] mail
> blocked by Plugin ASSP_AFC - reason BadAttachment
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> [Attachment] 207.82.80.152 <[email protected]> to: [email protected] [spam
> found] (BadAttachment) [Setup barra telefonica NCO2];
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 250 OK
> Mar-21-16 15:28:52 m1-70529-07242 [Worker_1] [TLS-in] [TLS-out]
> 207.82.80.152 <[email protected]> to: [email protected] [SMTP Reply] 221 <
> assp2.europassistance.it> closing transmission
>
> i had sessionLog to diagnostic, just tell me if you need more lines of
> logs.
>
>
>
>
>
> On Mon, Mar 21, 2016 at 1:07 PM, Thomas Eckardt
> <[email protected]>
> wrote:
>
> > Remains the problem with the not stored .eml file, if ASSP_AFC has
> > blocked. I think this is solved - but who knows?
> >
> > Thomas
> >
> >
> >
> > Von: aquilinux <[email protected]>
> > An: For Users of ASSP <[email protected]>
> > Datum: 21.03.2016 12:38
> > Betreff: Re: [Assp-user] bad attachment [...] possibly a virus
> > infected file (can't extract archive)'
> >
> >
> >
> > Thanks Thomas, it just works!
> >
> > regards,
> > aqx
> >
> > On Mon, Mar 21, 2016 at 12:17 PM, Thomas Eckardt
> > <[email protected]
> > > wrote:
> >
> > > I just published ASSP_AFC 3.29 and 4.21 at CVS - the space problem
is
> > > solved.
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von: aquilinux <[email protected]>
> > > An: For Users of ASSP <[email protected]>
> > > Datum: 21.03.2016 11:51
> > > Betreff: Re: [Assp-user] bad attachment [...] possibly a
virus
> > > infected file (can't extract archive)'
> > >
> > >
> > >
> > > i'm running Perl v5.18.2
> > >
> > > On Mon, Mar 21, 2016 at 11:46 AM, Thomas Eckardt
> > > <[email protected]
> > > > wrote:
> > >
> > > > >AFC detection whenever the FOLDER contains spaces
> > > > in the name
> > > >
> > > > Do you use perl 5.16 ?
> > > >
> > > > Thomas
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Von: aquilinux <[email protected]>
> > > > An: For Users of ASSP <[email protected]>
> > > > Datum: 21.03.2016 10:35
> > > > Betreff: Re: [Assp-user] bad attachment [...] possibly a
> virus
> > > > infected file (can't extract archive)'
> > > >
> > > >
> > > >
> > > > Hi Thomas, i'm running latest assp.pl and latest AFC plugin with
> > > > sessionLog
> > > > diagnostic and AttachmentLog verbose. if i run into the missing
mail
> > > issue
> > > > again i'll update this thread.
> > > >
> > > > in the meantime, i think that AFC plugin is still failing to
detect
> > > > correct
> > > > extension for unzipped files with spaces and i could reproduce the
> > > issue.
> > > > let's take the following scenario: a PDF in a FOLDER in a ZIP.
> > > > assp is ALWAYS failing in AFC detection whenever the FOLDER
contains
> > > > spaces
> > > > in the name.
> > > > Any other combination of spaces and no-spaces leads to a correct
> > > detection
> > > > of the FILE extension.
> > > >
> > > > Regars,
> > > > aqx
> > > >
> > > >
> > > > On Fri, Mar 18, 2016 at 4:54 PM, Thomas Eckardt
> > > > <[email protected]>
> > > > wrote:
> > > >
> > > > > Before you start the test, please upgrade assp.pl and
ASSP_AFC.pm
> to
> > > the
> > > > > latest dev version!
> > > > >
> > > > > Thomas
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Von: aquilinux <[email protected]>
> > > > > An: For Users of ASSP <[email protected]>
> > > > > Datum: 18.03.2016 16:45
> > > > > Betreff: Re: [Assp-user] bad attachment [...] possibly a
> > virus
> > > > > infected file (can't extract archive)'
> > > > >
> > > > >
> > > > >
> > > > > Monday i'll try to reproduce it.
> > > > > it should be quite easy, since it happened a couple of times
> during
> > my
> > > > > attachment blocking tests..
> > > > >
> > > > > On Fri, Mar 18, 2016 at 3:29 PM, Thomas Eckardt
> > > > > <[email protected]>
> > > > > wrote:
> > > > >
> > > > > > Even the [MessageOK] detection before the plugin is called is
> > > missing!
> > > > I
> > > > > > can't reproduce this and I've no clue, how this can be happen
-
> > I'm
> > > > > sorry.
> > > > > >
> > > > > > If you can reproduce this - set SessionLog to diagnostic and
> > > > > AttachmentLog
> > > > > > to verbose. Or debug such a mail.
> > > > > >
> > > > > > Thomas
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Von: aquilinux <[email protected]>
> > > > > > An: For Users of ASSP <[email protected]>
> > > > > > Datum: 17.03.2016 13:41
> > > > > > Betreff: Re: [Assp-user] bad attachment [...] possibly
a
> > > virus
> > > > > > infected file (can't extract archive)'
> > > > > >
> > > > > >
> > > > > >
> > > > > > and in this case the message is blocked, but it is not stored
> > > > anywhere:
> > > > > >
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> info: found message size
> > > announcement:
> > > > > > 23.25 kByte
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> [SMTP Reply] 250 2.1.0 Ok
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] [SMTP Reply]
> 250
> > > > 2.1.5
> > > > > Ok
> > > > > > Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] [SMTP Reply]
> 354
> > > End
> > > > > data
> > > > > > with <CR><LF>.<CR><LF>
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected]
DKIM-Signature
> > > found
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] info: found
> known
> > > > good
> > > > > > HELO 'smtp.tiscali.it' - weight is -2
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected]
Message-Score:
> > > added
> > > > > -40
> > > > > > for KnownGoodHelo, total score for this message is now -40
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] info: domain
> > > > tiscali.it
> > > > > > has published a DMARC record
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] strictspf
> Regex:
> > > > > > strictSPFRe 'tiscali.it'
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected]
Message-Score:
> > > added
> > > > > -15
> > > > > > (pbwValencePB) for In Penalty White Box, total score for this
> > > message
> > > > is
> > > > > > now -55
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] removed
> > > > > > Disposition-Notification headers from mail
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] HMM Check
> > [scoring]
> > > -
> > > > > > Prob: 0.00000 => ham - answer/query relation: 22% of 50
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] Bayesian
Check
> > > > > [scoring]
> > > > > > -
> > > > > > Prob: 0.00000 => ham - answer/query relation: 71% of 52
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] [Plugin]
> calling
> > > > plugin
> > > > > > ASSP_AFC
> > > > > > Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] info: using
> user
> > > > based
> > > > > > compressed attachment check
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > [Attachment] 213.205.33.246 <[email protected]> to: [email protected]
> SPAM
> > > > FOUND
> > > > > > bad attachment 'N 19 convitto barcellona 20 23 marzo.xlsx' is
a
> '
> > -
> > > > the
> > > > > > file extension: '.xlsx' does not match the content based
> detected
> > > file
> > > > > > type
> > > > > > '''
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > [Attachment] 213.205.33.246 <[email protected]> to: [email protected]
> mail
> > > > > blocked
> > > > > > by Plugin ASSP_AFC - reason BadAttachment
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > [Attachment] 213.205.33.246 <[email protected]> to: [email protected]
> > [spam
> > > > > found]
> > > > > > (BadAttachment) [societa sardinia new tavel polizza 33489q 19
> > 2016];
> > > > > > Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] [SMTP Reply]
> 250
> > OK
> > > > > > Mar-17-16 13:20:18 m1-17156-26856 [Worker_1] [TLS-in]
[TLS-out]
> > > > > > 213.205.33.246 <[email protected]> to: [email protected] [SMTP Reply]
> 221
> > > > > > <myassphost> closing transmission
> > > > > >
> > > > > > this message is actually marked as spam but it is LOST....
> > > > > >
> > > > > > On Thu, Mar 17, 2016 at 12:41 PM, aquilinux
> <[email protected]>
> > > > wrote:
> > > > > >
> > > > > > > here's a different case of uncorrect detection:
> > > > > > >
> > > > > > > Mar-17-16 12:33:38 m1-14417-13392 [Worker_3] [TLS-in]
> [TLS-out]
> > > > > > > [Attachment] 92.246.34.74 <[email protected]> to: [email protected]
> SPAM
> > > > FOUND
> > > > > > > bad attachment 'Copia di Lista mezzi Truckcenter.xlsx' is a
'
> -
> > > the
> > > > > file
> > > > > > > extension: '.xlsx' does not match the content based detected
> > file
> > > > type
> > > > > > '''
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Mar 17, 2016 at 10:40 AM, aquilinux
> > <[email protected]>
> > > > > wrote:
> > > > > > >
> > > > > > >> Upgraded, thanks.
> > > > > > >> I have now an issue with another legitimate attachment:
> > > > > > >>
> > > > > > >> Mar-17-16 09:37:24 m1-03839-03606 [Worker_4] [TLS-in]
> [TLS-out]
> > > > > > >> [Attachment] 212.82.97.124 <[email protected]> to: [email protected]
> SPAM
> > > > FOUND
> > > > > > >> bad attachment 'CITYLIFE INTERVENTI ESEGUITI 16.03.16.zip'
is
> a
> > > > > > 'compressed
> > > > > > >> file 'CITYLIFE INTERVENTI ESEGUITI 16.03.16.zip' - contains
> > > > forbidden
> > > > > > >> executable file CITYLIFE - type: possibly a virus infected
> file
> > > > > (can't
> > > > > > >> read)'
> > > > > > >>
> > > > > > >> the zip file contains a folder (with spaces), containing 6
> PDF
> > > > files
> > > > > > >> (with spaces), all clean.
> > > > > > >> So, i removed the spaces from the zip (in folder and file
> > names)
> > > > and
> > > > > > now
> > > > > > >> the mail gets through as expected.
> > > > > > >> I think there is an issue with zip attachment with spaces
> that
> > > > > prevets
> > > > > > >> AFC from detecting correct file extensions.
> > > > > > >>
> > > > > > >> Regards,
> > > > > > >>
> > > > > > >> On Thu, Mar 17, 2016 at 7:36 AM, Thomas Eckardt <
> > > > > > >> [email protected]> wrote:
> > > > > > >>
> > > > > > >>> To detect .emz files you need to upgrade MIME::Types at
> least
> > to
> > > > > > version
> > > > > > >>> 2.13 (CPAN has it).
> > > > > > >>>
> > > > > > >>> Thomas
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> Von: aquilinux <[email protected]>
> > > > > > >>> An: For Users of ASSP
<[email protected]>
> > > > > > >>> Datum: 16.03.2016 10:08
> > > > > > >>> Betreff: Re: [Assp-user] bad attachment [...]
> possibly
> > a
> > > > > virus
> > > > > > >>> infected file (can't extract archive)'
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> thanks Thomas, i upgraded both assp.pl and plugin.
> > > > > > >>> now i'm facing this:
> > > > > > >>>
> > > > > > >>> Mar-16-16 09:56:08 m1-18566-15642 [Worker_5] [TLS-in]
> > [TLS-out]
> > > > > > >>> [Attachment] 92.246.34.74 <[email protected]> to: [email protected]
SPAM
> > > FOUND
> > > > > bad
> > > > > > >>> attachment 'image001.emz' is a ' - the file extension:
> '.emz'
> > > does
> > > > > not
> > > > > > >>> match the content based detected file type '''
> > > > > > >>>
> > > > > > >>> Mar-16-16 09:56:08 [Worker_5] Warning: possibly a virus
> > infected
> > > > > file
> > > > > > >>> (can't read) '/opt/assp/tmp/zip_5_1458118567/.10/.10' -
Not
> a
> > > > > > directory
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> regards,
> > > > > > >>> aqx
> > > > > > >>>
> > > > > > >>> On Wed, Mar 16, 2016 at 8:13 AM, Thomas Eckardt
> > > > > > >>> <[email protected]>
> > > > > > >>> wrote:
> > > > > > >>>
> > > > > > >>> > ASSP version 2.4.8(16074) + ASSP_AFC 3.26
> > > > > > >>> >
> > > > > > >>> > both available at SF-CVS
> > > > > > >>> >
> > > > > > >>> > will fix this.
> > > > > > >>> >
> > > > > > >>> > Thomas
> > > > > > >>> > ps: please use the "ASSP List"
> > [email protected]
> > > > if
> > > > > > you
> > > > > > >>> use
> > > > > > >>> > a dev version 2.4.8
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> > Von: aquilinux <[email protected]>
> > > > > > >>> > An: For Users of ASSP
> <[email protected]>
> > > > > > >>> > Datum: 15.03.2016 15:00
> > > > > > >>> > Betreff: [Assp-user] bad attachment [...]
possibly
> a
> > > > virus
> > > > > > >>> infected
> > > > > > >>> > file (can't extract archive)'
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> > Hi all,
> > > > > > >>> > I recently enforced attachment blocking with zip
> inspection
> > > but
> > > > > > >>> legitimate
> > > > > > >>> > attachements are blocked because of this:
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:09:55 [Worker_5] Warning: possibly a virus
> > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
'/opt/assp/tmp/zip_5_1458047395/MSC_Implementation_Activities_15.03.2016.xlsx'
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:39:15 [Worker_10] Warning: possibly a virus
> > > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
'/opt/assp/tmp/zip_10_1458049154/20150922_GAA_Global_Corporate_Commercial_ok.docx'
> > > > > > >>> > - - Could not chdir back to start dir '': '
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:04:22 [Worker_1] Warning: possibly a virus
> > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > > >>> >
> '/opt/assp/tmp/zip_1_1458047062/Figures_wo_VolvoTrucks.xlsm'
> > -
> > > -
> > > > > > Could
> > > > > > >>> > not
> > > > > > >>> > chdir back to start dir '': '
> > > > > > >>> >
> > > > > > >>> > Mar-15-16 14:08:09 [Worker_1] Warning: possibly a virus
> > > infected
> > > > > > file
> > > > > > >>> > (can't extract archive)
> > > > > '/opt/assp/tmp/zip_1_1458047289/errori.zip'
> > > > > > -
> > > > > > >>> -
> > > > > > >>> > Could not chdir back to start dir '': '
> > > > > > >>> >
> > > > > > >>> > what's happening?
> > > > > > >>> > ASSP version 2.4.8(16060) + ASSP_AFC 3.19
> > > > > > >>> >
> > > > > > >>> > thanks!
> > > > > > >>> >
> > > > > > >>> > --
> > > > > > >>> > "Madness, like small fish, runs in hosts, in vast
numbers
> of
> > > > > > >>> instances."
> > > > > > >>> >
> > > > > > >>> > Nessuno mi pettina bene come il vento.
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > > >>> > Transform Data into Opportunity.
> > > > > > >>> > Accelerate data analysis in your applications with
> > > > > > >>> > Intel Data Analytics Acceleration Library.
> > > > > > >>> > Click to learn more.
> > > > > > >>> >
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> > _______________________________________________
> > > > > > >>> > Assp-user mailing list
> > > > > > >>> > [email protected]
> > > > > > >>> > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> > DISCLAIMER:
> > > > > > >>> > *******************************************************
> > > > > > >>> > This email and any files transmitted with it may be
> > > > confidential,
> > > > > > >>> legally
> > > > > > >>> > privileged and protected in law and are intended solely
> for
> > > the
> > > > > use
> > > > > > of
> > > > > > >>> the
> > > > > > >>> >
> > > > > > >>> > individual to whom it is addressed.
> > > > > > >>> > This email was multiple times scanned for viruses. There
> > > should
> > > > be
> > > > > > no
> > > > > > >>> > known virus in this email!
> > > > > > >>> > *******************************************************
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > > >>> > Transform Data into Opportunity.
> > > > > > >>> > Accelerate data analysis in your applications with
> > > > > > >>> > Intel Data Analytics Acceleration Library.
> > > > > > >>> > Click to learn more.
> > > > > > >>> >
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> > _______________________________________________
> > > > > > >>> > Assp-user mailing list
> > > > > > >>> > [email protected]
> > > > > > >>> > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>> >
> > > > > > >>> >
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> --
> > > > > > >>> "Madness, like small fish, runs in hosts, in vast numbers
of
> > > > > > instances."
> > > > > > >>>
> > > > > > >>> Nessuno mi pettina bene come il vento.
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > > >>> Transform Data into Opportunity.
> > > > > > >>> Accelerate data analysis in your applications with
> > > > > > >>> Intel Data Analytics Acceleration Library.
> > > > > > >>> Click to learn more.
> > > > > > >>>
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> _______________________________________________
> > > > > > >>> Assp-user mailing list
> > > > > > >>> [email protected]
> > > > > > >>> https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>> DISCLAIMER:
> > > > > > >>> *******************************************************
> > > > > > >>> This email and any files transmitted with it may be
> > > confidential,
> > > > > > legally
> > > > > > >>> privileged and protected in law and are intended solely
for
> > the
> > > > use
> > > > > of
> > > > > > >>> the
> > > > > > >>>
> > > > > > >>> individual to whom it is addressed.
> > > > > > >>> This email was multiple times scanned for viruses. There
> > should
> > > be
> > > > > no
> > > > > > >>> known virus in this email!
> > > > > > >>> *******************************************************
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > > >>>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > > >>> Transform Data into Opportunity.
> > > > > > >>> Accelerate data analysis in your applications with
> > > > > > >>> Intel Data Analytics Acceleration Library.
> > > > > > >>> Click to learn more.
> > > > > > >>>
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > >>> _______________________________________________
> > > > > > >>> Assp-user mailing list
> > > > > > >>> [email protected]
> > > > > > >>> https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > > >>>
> > > > > > >>>
> > > > > > >>
> > > > > > >>
> > > > > > >> --
> > > > > > >> "Madness, like small fish, runs in hosts, in vast numbers
of
> > > > > > instances."
> > > > > > >>
> > > > > > >> Nessuno mi pettina bene come il vento.
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > > > > instances."
> > > > > > >
> > > > > > > Nessuno mi pettina bene come il vento.
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > > > instances."
> > > > > >
> > > > > > Nessuno mi pettina bene come il vento.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > > Transform Data into Opportunity.
> > > > > > Accelerate data analysis in your applications with
> > > > > > Intel Data Analytics Acceleration Library.
> > > > > > Click to learn more.
> > > > > >
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > _______________________________________________
> > > > > > Assp-user mailing list
> > > > > > [email protected]
> > > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > DISCLAIMER:
> > > > > > *******************************************************
> > > > > > This email and any files transmitted with it may be
> confidential,
> > > > > legally
> > > > > > privileged and protected in law and are intended solely for
the
> > use
> > > of
> > > > > the
> > > > > >
> > > > > > individual to whom it is addressed.
> > > > > > This email was multiple times scanned for viruses. There
should
> be
> > > no
> > > > > > known virus in this email!
> > > > > > *******************************************************
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > > Transform Data into Opportunity.
> > > > > > Accelerate data analysis in your applications with
> > > > > > Intel Data Analytics Acceleration Library.
> > > > > > Click to learn more.
> > > > > >
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > > _______________________________________________
> > > > > > Assp-user mailing list
> > > > > > [email protected]
> > > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > > instances."
> > > > >
> > > > > Nessuno mi pettina bene come il vento.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > Transform Data into Opportunity.
> > > > > Accelerate data analysis in your applications with
> > > > > Intel Data Analytics Acceleration Library.
> > > > > Click to learn more.
> > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > [email protected]
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > DISCLAIMER:
> > > > > *******************************************************
> > > > > This email and any files transmitted with it may be
confidential,
> > > > legally
> > > > > privileged and protected in law and are intended solely for the
> use
> > of
> > > > the
> > > > >
> > > > > individual to whom it is addressed.
> > > > > This email was multiple times scanned for viruses. There should
be
> > no
> > > > > known virus in this email!
> > > > > *******************************************************
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > > Transform Data into Opportunity.
> > > > > Accelerate data analysis in your applications with
> > > > > Intel Data Analytics Acceleration Library.
> > > > > Click to learn more.
> > > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
> > > > > _______________________________________________
> > > > > Assp-user mailing list
> > > > > [email protected]
> > > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > "Madness, like small fish, runs in hosts, in vast numbers of
> > instances."
> > > >
> > > > Nessuno mi pettina bene come il vento.
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > Transform Data into Opportunity.
> > > > Accelerate data analysis in your applications with
> > > > Intel Data Analytics Acceleration Library.
> > > > Click to learn more.
> > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [email protected]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > > >
> > > >
> > > > DISCLAIMER:
> > > > *******************************************************
> > > > This email and any files transmitted with it may be confidential,
> > > legally
> > > > privileged and protected in law and are intended solely for the
use
> of
> > > the
> > > >
> > > > individual to whom it is addressed.
> > > > This email was multiple times scanned for viruses. There should be
> no
> > > > known virus in this email!
> > > > *******************************************************
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > > Transform Data into Opportunity.
> > > > Accelerate data analysis in your applications with
> > > > Intel Data Analytics Acceleration Library.
> > > > Click to learn more.
> > > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > > _______________________________________________
> > > > Assp-user mailing list
> > > > [email protected]
> > > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > > >
> > > >
> > >
> > >
> > > --
> > > "Madness, like small fish, runs in hosts, in vast numbers of
> instances."
> > >
> > > Nessuno mi pettina bene come il vento.
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > Transform Data into Opportunity.
> > > Accelerate data analysis in your applications with
> > > Intel Data Analytics Acceleration Library.
> > > Click to learn more.
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > _______________________________________________
> > > Assp-user mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use
of
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be
no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> > >
> > >
> >
> >
>
>
------------------------------------------------------------------------------
> > > Transform Data into Opportunity.
> > > Accelerate data analysis in your applications with
> > > Intel Data Analytics Acceleration Library.
> > > Click to learn more.
> > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > > _______________________________________________
> > > Assp-user mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> >
> >
> > --
> > "Madness, like small fish, runs in hosts, in vast numbers of
instances."
> >
> > Nessuno mi pettina bene come il vento.
> >
> >
>
>
------------------------------------------------------------------------------
> > Transform Data into Opportunity.
> > Accelerate data analysis in your applications with
> > Intel Data Analytics Acceleration Library.
> > Click to learn more.
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > _______________________________________________
> > Assp-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
> >
>
>
------------------------------------------------------------------------------
> > Transform Data into Opportunity.
> > Accelerate data analysis in your applications with
> > Intel Data Analytics Acceleration Library.
> > Click to learn more.
> > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> > _______________________________________________
> > Assp-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
>
>
> --
> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>
> Nessuno mi pettina bene come il vento.
>
>
------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> _______________________________________________
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> _______________________________________________
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
--
"Madness, like small fish, runs in hosts, in vast numbers of instances."
Nessuno mi pettina bene come il vento.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
