Re: [Assp-user] How to split local mail from external mail.
if you've got the Relay Host and Relay Port set in ASSP, only mail received by ASSP on Relay Port will be forwarded to Relay Host, Yes and only mail received by ASSP on Listen Port will be forwarded to SMTP Destination? Yes Can I further assume that mail received by ASSP on Relay Port will be used for auto-whitelisting purposes? Yes :o) Doug - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor ([EMAIL PROTECTED]) wrote: if you've got the Relay Host and Relay Port set in ASSP, only mail received by ASSP on Relay Port will be forwarded to Relay Host, Yes and only mail received by ASSP on Listen Port will be forwarded to SMTP Destination? Yes Can I further assume that mail received by ASSP on Relay Port will be used for auto-whitelisting purposes? Yes :o) Doug Great stuff!! Thanx for all your help Doug, and thanx also to the ASSP developers for all their great work! Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Charles Marcus ([EMAIL PROTECTED]) wrote: By the way... how do you like eGroupware? I had never heard of it. Specifically, how is the mail client? The screenshots don't have anything for the mail client, and the demo install gives errors when trying to access the mail client. -- Best regards, Charles eGW currently has only FeLaMiMail as an actively developed mail client - it's gone through some drastic changes over the last 6 months as functionality like html editing, spell check, draft creation, auto-complete of addresses etc. were added. Last time I checked, it still couldn't do POP3 and multiple accounts. We're running an older version of eGW, and are still using AngleMail (which could do POP3 and multiple accounts from early 2004!), but it's missing draft and html editing functions, and is no longer supported. eGW has a growing list of modules, we only use calendaring and addressbook with email. Technically, I'm happy with it, but our users complain bitterly about the lack of functionality in the email client. Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor ([EMAIL PROTECTED]) wrote: egroupware is just a client, has no SMTP service and therefore does not do any type of delivery. It can be configured to access your MTA's IMAP and SMTP services right? Set eGroupWare to use qmail's smtp as before. Set qmail to forward all outgoing mail to smtp gateway where ASSP is listening on ASSP's relay port. Set up another service for delivery of email from ASSP to the world if needed. Thus far I've not used ASSP's Relay Host/Port settings at all - from the notes in the admin interface, I deduced that this is primarily for use with Exchange/Notes? I've configured ASSP to listen on port 25 and both the Internet and eGroupWare connects there for delivery! Since Vexira has only one destination smtp server setting, I can't set ASSP's Relay Host to Vexira, and since I'd prefer to not install yet another smtp relay, how about this: I configure ASSP with a Relay Port and configure eGW to connect to this port, I then configure ASSP to use my qmail server as its Relay Host. So Inbound mail will flow like this: Internet - ASSP (port 25) - Vexira (port 1025) - qmail server (port 25), Local mail will flow like this: eGW - ASSP (Relay Port, say 2225) - qmail (port 25, from ASSP's Relay Host setting), and Outbound mail will flow like this: eGW - ASSP (Relay Port, say 2225) - qmail (port 25, from ASSP's Relay Host setting) - Internet. I realise that local-to-local mail will flow in a round-about way, but is this a workable solution? If I can bypass Vexira like this for mail that originates locally, my problem would be solved. Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
eGW has a growing list of modules, we only use calendaring and addressbook with email. Technically, I'm happy with it, but our users complain bitterly about the lack of functionality in the email client. Thanks for the reply... Sounds like I'll need to try it out. We only use IMAP, so hopefully everything will just work. When you say 'technically, I'm happy with it'... does that mean it is reasonably easy to install and maintain? Do you use LDAP (if so, how is its LDAP support?)? Anyway, thanks again... I'll be setting up a test server sometime next week. -- Best regards, Charles - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Charles Marcus ([EMAIL PROTECTED]) wrote: eGW has a growing list of modules, we only use calendaring and addressbook with email. Technically, I'm happy with it, but our users complain bitterly about the lack of functionality in the email client. Thanks for the reply... Sounds like I'll need to try it out. We only use IMAP, so hopefully everything will just work. When you say 'technically, I'm happy with it'... does that mean it is reasonably easy to install and maintain? Do you use LDAP (if so, how is its LDAP support?)? Anyway, thanks again... I'll be setting up a test server sometime next week. -- Best regards, Charles It's very easy to install and maintain, do yourself a favor and read the install documentation first. It has good LDAP support, I've never used it though - we use it with mysql. Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor ([EMAIL PROTECTED]) wrote: Why not use DNS for delivery in Vexira instead of setting a destination smtp server? Is that not possible in Vexira? Since it runs on a different machine than your mail server qmail, you could point all the domains you manage to your qmail's local IP using local DNS settings to manage incoming external email and it would deliver non-local email via DNS to the Internet for outgoing email. AFAIK Vexira doesn't use DNS (I guess you mean MX records?) to deliver mail, even if it could, it wouldn't work because Vexira would still receive both locally originated and external originated mail from the same connecting IP (ASSP's, which is localhost) - this makes it impossible for Vexira to distinguish between legitimate local originated mail on its way to the Internet, and a spammer trying to use Vexira as an open relay. This will work to skip Vexira for local-local mail, but I use ASSP to block attachments coming from the Internet that I do not want to block for local-local mail so it still would not work for me. Plus, we do a lot of internal mail, sometimes with largish attachments, so I don't want my server wasting time passing all that traffic through ASSP too. The most efficient plan is to restrict internal mail to just the client and the MTA and have multiple layers of protection for email coming in from the Internet. Doug Traylor Well, thanx Doug, this conversation has given me two new possibilities to try - there's hope yet! Can I assume that if you've got the Relay Host and Relay Port set in ASSP, only mail received by ASSP on Relay Port will be forwarded to Relay Host, and only mail received by ASSP on Listen Port will be forwarded to SMTP Destination? Can I further assume that mail received by ASSP on Relay Port will be used for auto-whitelisting purposes? Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
egroupware is just a client, has no SMTP service and therefore does not do any type of delivery. It can be configured to access your MTA's IMAP and SMTP services right? Set eGroupWare to use qmail's smtp as before. Set qmail to forward all outgoing mail to smtp gateway where ASSP is listening on ASSP's relay port. Set up another service for delivery of email from ASSP to the world if needed. qmail should know what it's local domains are and should not try to route that local mail out through the next hop. I don't know qmail, but all the other MTA's I have used will do this correctly. all outgoing email from qmail will be handed off to ASSP on it's relay port. ASSP hands off to its relay host for delivery. The relay host can be the same as ASSP's SMTP destination if your program, Vexira, is smart enough to handle traffic in both directions or can be defined to deliver via DNS with local DNS entry for your qmail box. If not, or to simplify the process, you can install another simple SMTP relay service for ASSP to deliver through to the internet. At one site, I have to use a separate delivery service for ASSP. At another site, the AV gateway is able to be configured for incoming and outgoing email seperately and so I do not need a separate delivery service for ASSP. Good luck, Doug Traylor - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor wrote: egroupware is just a client, has no SMTP service and therefore does not do any type of delivery. By the way... how do you like eGroupware? I had never heard of it. Specifically, how is the mail client? The screenshots don't have anything for the mail client, and the demo install gives errors when trying to access the mail client. -- Best regards, Charles - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor wrote: egroupware is just a client, has no SMTP service and therefore does not do any type of delivery. By the way... how do you like eGroupware? I had never heard of it. Specifically, how is the mail client? The screenshots don't have anything for the mail client, and the demo install gives errors when trying to access the mail client. Never used it myself. Got my info from the web. It used to use something called Anglemail (in the obsolete section) http://www.egroupware.org/index.php?page_name=applicationswikipage=ManualEmail They now use something called FelaMiMail now (based on squirrelmail): http://www.egroupware.org/index.php?page_name=applicationswikipage=ManualFelamimail Comments on FelaMiMail: FeLaMiMail is a Web-based IMAP email client which is fully integrated into EGroupware, a Web-based groupware solution. Because it is integrated into EGroupware it is easy to install, is able to use the EGroupware addressbook and calendar, and can have different looks. http://freshmeat.net/projects/felamimail/ http://freshmeat.net/screenshots/28625/30183/ Felamimail is a standards-based webmail package written in PHP4. It is the result of a fork off the popular webmail application Squirrelmail and has been fully integrated into the phpGroupWare framework, http://packages.debian.org/unstable/web/phpgroupware-felamimail Comments Francois? Doug - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
My internal email does not go to ASSP. All my internal clients, including from VPN traffic, goes directly to our email server application. Only email that is routed to the outside or from the outside goes through ASSP and my AV layers. I have very strict rules in place for incoming external email that would not be acceptable for internal to internal mail. It sounds like you have a very similar setup to what we had prior to implementing ASSP - I changed the routing of our local mail to go via ASSP - A/V spam - mail server because the way I understand it is that auto-whitelisting won't work unless you route local mail this way. Whitelisting has nothing to do with Internal-Internal or local-local mail, it is only for External-Internal mail. Communications between internal employees is different then business comunication from the world to us so the added non-spam generated email is not very pertinent in a bayesian standpoint. All outgoing email auto-whitelists the external recipients as it should. And I just want to add that this seems to work quite well - it's just a bummer that it leaves whatever you do after ASSP and before your mail server with no way to discern between external and internal mail. What are your thoughts on running two instances of ASSP on the same box though? It has been done for some that manage multiple domains, but for me there is no need. There is no need for ASSP to handle any internal email period. Even if we had external users(not physically connected to our internal network), we would have their email clients connect directly to our MTA on auth port 587 that wuold then send from the MTA through ASSP the same way for outgoing only. All outgoing email is routed from our MTA-ASSP-SMTP delivery service-Internet. This also works with our MTA's webmail application where there is no client app to connect to ASSP. Doug - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor ([EMAIL PROTECTED]) wrote: Whitelisting has nothing to do with Internal-Internal or local-local mail, it is only for External-Internal mail. Communications between internal employees is different then business comunication from the world to us so the added non-spam generated email is not very pertinent in a bayesian standpoint. All outgoing email auto-whitelists the external recipients as it should. I'm aware of all this and certainly don't route our local-to-local mail via ASSP by choice - it's just that I currently don't seem to have a choice, read on. It has been done for some that manage multiple domains, but for me there is no need. There is no need for ASSP to handle any internal email period. Even if we had external users(not physically connected to our internal network), we would have their email clients connect directly to our MTA on auth port 587 that wuold then send from the MTA through ASSP the same way for outgoing only. All outgoing email is routed from our MTA-ASSP-SMTP delivery service-Internet. This also works with our MTA's webmail application where there is no client app to connect to ASSP. Let me explain our setup and then ask you for ideas on how to improve the situation: We're running eGroupWare as MUA (webmail), it lives on a qmail server, and uses Courier IMAP as MDA. We have a separate server for mail scanning, ASSP receives Inbound mail here, and passes it on to Vexira (VAMS) which does virus and spam (now disabled) filtering, and then passes mail on to the qmail server. Prior to installing ASSP, eGroupWare was configured to deliver locally to the qmail server, which would then either deliver to a local mailbox (for local mail), or directly (without passing through the scanning server) to the intended recipient's (for external mail) mail server. eGroupWare can only be configured for a single SMTP destination server for sent mail - it can't sent local mail one way and external mail another way. So when I installed ASSP, I had to direct all mail being sent by eGroupWare to ASSP (in order to utilise auto-whitelisting), which would still pass all this on to Vexira, and then on to qmail, which would again deliver either locally or externally depending on the recipient. Apart from installing a separate ASSP instance that handles only the mail sent by eGroupWare, the only other solution I can think of is to install yet another daemon on the qmail/eGroupWare server. This daemon's purpose would be to do just one thing: split local mail from external mail, local mail gets delivered to the qmail daemon, and external mail is passed on to ASSP. I then point eGroupWare to this daemon instead of to ASSP. Does this seem like a workable idea, any other (simpler) ideas? Doug Thanx for bearing with me, Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Hi, Matti Haack schrieb: DT So far today (17 hours) ASSP 1.2.7(36) has blocked 400 emails with bad DT attachments, and missed 300 Uuencoded files which were then found to be DT viral by my SMTP AV scanner. Granted I am not using Clamd with ASSP due to DT the prior performance degredation, but... it would be nice for ASSP to DT reject all those Uuencoded emails containing EXE viruses too without the DT overhead of having to scan them. But ASSP (or better ClamAV) fails to filter specially Base64 encrypted eicar mails. You can request such a test virus here: http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=mimet Even whit a second email scanner, using clamd, it is not filtered. So the problem is with clamAV, not with ASSP I did just that yesterday/sunday evening. The bagle_q variant passed clamav, netsky_p was caught. Rainer - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
I have a tough time believing no-one has run into this problem before - if you run a separate virus/spam filter that sits between your ASSP and mail servers, virus checking will continue to function, but spam filtering will suffer (on the separate spam filter) due to the changed source IP (ASSP's) of the connection, right? My internal email does not go to ASSP. All my internal clients, including from VPN traffic, goes directly to our email server application. Only email that is routed to the outside or from the outside goes through ASSP and my AV layers. I have very strict rules in place for incoming external email that would not be acceptable for internal to internal mail. Doug Traylor - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Doug Traylor ([EMAIL PROTECTED]) wrote: My internal email does not go to ASSP. All my internal clients, including from VPN traffic, goes directly to our email server application. Only email that is routed to the outside or from the outside goes through ASSP and my AV layers. I have very strict rules in place for incoming external email that would not be acceptable for internal to internal mail. Doug Traylor It sounds like you have a very similar setup to what we had prior to implementing ASSP - I changed the routing of our local mail to go via ASSP - A/V spam - mail server because the way I understand it is that auto-whitelisting won't work unless you route local mail this way. And I just want to add that this seems to work quite well - it's just a bummer that it leaves whatever you do after ASSP and before your mail server with no way to discern between external and internal mail. What are your thoughts on running two instances of ASSP on the same box though? Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
If you read your clamd.log file, do you see any entries for Trojan.Downloader-647 or Trojan.Downloader-648? Those are from the recent Storm Worm which should be called the Recent News Worm since it has a subject line from recent news items, or false news items. yes. The problem here for the most installations was, that the default AVBytes was 10K. It is catching it with default AVBytes = 50k. If you configure Clamd to ban encrypted zip files and then send a password protected zip file in a Uuencoded plain text email to yourself, does ASSP/Clamd catch it and reject it as a virus as it should? Try it yourself. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Fritz Borgstedt ([EMAIL PROTECTED]) wrote: Is this possible to do with ASSP? Any help would be greatly appreciated. It would be possible to use the ClamAV viruschecker inside ASSP and skip your extra viruschecker altogether. You can define in ASSP if it should skip local mails. That would certainly simplify things, but we're not currently considering that option. I've just thought of the scenario of running two instances of ASSP on the same box, one answering on port 25 for incoming external mail, and another on a different port used only for local-to-anywhere mail - then I would be able to set the destination smtp servers independently, right? Is this even an option? Would I have to go to a database based ASSP to avoid file sharing issues? Please let me know if you think this is a feasible solution. I have a tough time believing no-one has run into this problem before - if you run a separate virus/spam filter that sits between your ASSP and mail servers, virus checking will continue to function, but spam filtering will suffer (on the separate spam filter) due to the changed source IP (ASSP's) of the connection, right? Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
[Assp-user] How to split local mail from external mail.
Hi list, I need to route local-to-local mail different from external-to-local mail, the purpose would be to bypass a virus checker that's sitting between ASSP and my mail server. So, for external-to-local mail I want the flow to be: external mail server - ASSP - virus checker - mail server. For local-to-local mail, I want: mail client - ASSP - mail server. Is this possible to do with ASSP? Any help would be greatly appreciated. Regards, Francois. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Is this possible to do with ASSP? Any help would be greatly appreciated. It would be possible to use the ClamAV viruschecker inside ASSP and skip your extra viruschecker altogether. You can define in ASSP if it should skip local mails. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
It would be possible to use the ClamAV viruschecker inside ASSP and skip your extra viruschecker altogether. You can define in ASSP if it should skip local mails. Fritz, Are you advocating using the ASSP integrated ClamAV as the only AntiVirus checker in the email stream for incoming email? Has ASSP been modified to decode Uuencoded emails? We often get virus's that pass right through ASSP with Uuencoded viral attachments, necessitating a second solution that decodes those emails before passing through its AV checker. For example, this latest virus run that attached EXE's. ASSP is configured to block EXE's but let 245 through in the last 3 days. I am not running the integrated ClamAV as I still have to scan every email that passes through ASSP to catch Uuencoded viruses with another scanner. Before this latest run, very few Uuencoded virus attachments made it through ASSP, but anyone relying on ASSP/ClamAV to protect then from this latest 'Storm Worm virus run will be hosed. http://www.toptechnews.com/news/New--Storm-Worm--Pummels-PCs/story.xhtml?story_id=103003JUAT55 http://news.google.com/news?q=%22storm%20worm%22 Doug Traylor - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy assp-user@lists.sourceforge.net schreibt: Before this latest run, very few Uuencoded virus attachments made it through ASSP, but anyone relying on ASSP/ClamAV to protect then from this latest 'Storm Worm virus run will be hosed. I am not talking ASSP integrated ClamAV, i am talking about using full ClamAV from ASSP with the help from File::Scan::ClamAV, which was introduced with some problems in 1.2.6 and is now rewritten nicely in 1.2.7. No virus or worm came through my 3 ASSP installations the last days. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
I am not talking ASSP integrated ClamAV, i am talking about using full ClamAV from ASSP with the help from File::Scan::ClamAV, which was introduced with some problems in 1.2.6 and is now rewritten nicely in 1.2.7. No virus or worm came through my 3 ASSP installations the last days. That is great news! I was of course referring to the recent integration with clamd, not the old ASSP builtin ClamAV scanner, but I admit I have not tried the latest upgrades you have added 1.2.7 to improve ASSP/Clamd's performance. If you read your clamd.log file, do you see any entries for Trojan.Downloader-647 or Trojan.Downloader-648? Those are from the recent Storm Worm which should be called the Recent News Worm since it has a subject line from recent news items, or false news items. If you configure Clamd to ban encrypted zip files and then send a password protected zip file in a Uuencoded plain text email to yourself, does ASSP/Clamd catch it and reject it as a virus as it should? So far today (17 hours) ASSP 1.2.7(36) has blocked 400 emails with bad attachments, and missed 300 Uuencoded files which were then found to be viral by my SMTP AV scanner. Granted I am not using Clamd with ASSP due to the prior performance degredation, but... it would be nice for ASSP to reject all those Uuencoded emails containing EXE viruses too without the overhead of having to scan them. Does ASSP send an email to Clamd if it does not think there is an attachment? Thanks, Doug Traylor - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
I have just had two of these emails get through ASSP 1.2.7.1 (54) and it's ClamAV. Perhaps ClamAV has not had its virus defs updated to include this virus? Also, it has allowed this .exe file pass through, even though I am using External Attachment Blocking level 1, so no .exe files should be allowed. James. On 21/01/2007, at 10:55 AM, Doug Traylor wrote: I am not talking ASSP integrated ClamAV, i am talking about using full ClamAV from ASSP with the help from File::Scan::ClamAV, which was introduced with some problems in 1.2.6 and is now rewritten nicely in 1.2.7. No virus or worm came through my 3 ASSP installations the last days. That is great news! I was of course referring to the recent integration with clamd, not the old ASSP builtin ClamAV scanner, but I admit I have not tried the latest upgrades you have added 1.2.7 to improve ASSP/Clamd's performance. If you read your clamd.log file, do you see any entries for Trojan.Downloader-647 or Trojan.Downloader-648? Those are from the recent Storm Worm which should be called the Recent News Worm since it has a subject line from recent news items, or false news items. If you configure Clamd to ban encrypted zip files and then send a password protected zip file in a Uuencoded plain text email to yourself, does ASSP/Clamd catch it and reject it as a virus as it should? So far today (17 hours) ASSP 1.2.7(36) has blocked 400 emails with bad attachments, and missed 300 Uuencoded files which were then found to be viral by my SMTP AV scanner. Granted I am not using Clamd with ASSP due to the prior performance degredation, but... it would be nice for ASSP to reject all those Uuencoded emails containing EXE viruses too without the overhead of having to scan them. Does ASSP send an email to Clamd if it does not think there is an attachment? Thanks, Doug Traylor - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
I am not talking ASSP integrated ClamAV, i am talking about using full ClamAV from ASSP with the help from File::Scan::ClamAV, which was introduced with some problems in 1.2.6 and is now rewritten nicely in 1.2.7. No virus or worm came through my 3 ASSP installations the last days. BTW, I have had one, just one, of the new viruses get through ASSP antispam (delaying, RBL, SPF, HELO testing etc. etc.), ASSP file blocking(all executable types), expensive Trend Micro based SMTP antivirus gateway, and a ClamAV based SMTP AV scanner using the most up-to-date signatures. The only thing that stopped it was another layer I have in place to block ALL emails containing attached exe's and other exploitable file types. This has to be here as a last resort to block Uuencoded emails with viruses. :o( Doug - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
I have just had two of these emails get through ASSP 1.2.7.1 (54) and it's ClamAV. Perhaps ClamAV has not had its virus defs updated to include this virus? Also, it has allowed this .exe file pass through, even though I am using External Attachment Blocking level 1, so no .exe files should be allowed. James. Thanks for the heads up James. This is exactly what I am warning about, but since this is the first one that got through on your network, can we assume that Clamd is effectively catching the other emails with uuencoded exe's that it knows about? Thanks, Doug - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] How to split local mail from external mail.
On 21/01/2007, at 11:26 AM, Doug Traylor wrote: I have just had two of these emails get through ASSP 1.2.7.1 (54) and it's ClamAV. Perhaps ClamAV has not had its virus defs updated to include this virus? Also, it has allowed this .exe file pass through, even though I am using External Attachment Blocking level 1, so no .exe files should be allowed. James. Thanks for the heads up James. This is exactly what I am warning about, but since this is the first one that got through on your network, can we assume that Clamd is effectively catching the other emails with uuencoded exe's that it knows about? Thanks, Doug According to my stats, since reset, ASSP has only blocked 20 messages, and detected 266 viruses. This is with 104,000 messages processed. I'm at home now, but will have a look on Monday. James. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
