Hello,
Thought you people would like to know about the following :
The other day an exec downloaded a message pretending to be from UPS,
informing him that if he does not answer the message, a package he is
waiting will get lost.
Anyway, the exec opened the message. Inside the message was a
ASSP v1.6.5.4(1.0.0.4)
Slackware Linux v12.0 on an Intel cele...@3.0ghz
2Gb of RAM
80Gb IDE/ATAPI HITACHI HDD
PERL v5.10.0 built for i486-linux-thread-multi
Forgot... the above just tells us about the system;
but it would be useful to know about the modules
used by ASSP and in particular if
Any help would be appreciated,
use grep to check the logs, don't use the ASSP GUI
the log search facility in there is meant just for a quick
check, not for extensive searching and personally I
don't use it so much; when I've the need to parse the
logs I usually fire up a shell on the ASSP box
Hi GrayHat,
No, not ClamAV.
I tried to install it but it's not in the official CPAN repos, so
I avoided installing it.
Here's the complete list of the perl modules :
Compress::Zlib 2.021
Digest::MD5 2.39
Digest::SHA12.12
Email::Valid0.182
Email::Send 2.198
Email::MIME::Modifier
What the heck is going on,I really don't know.
In regards to my previous message, I went ahead and checked by text
most of the log files through an ssh session to the mail server.
Here' s what I've found :
--
Mar-02-10 21:12:03 [MessageOK] 83.218.67.228 eccentricall...@itweetu.com to:
Mar-03-10 00:38:58 89.231.179.196 luncheon...@te.com to: clients'@domain.gr
[monitoring] -- Blocked Country PL - Multime
dia Polska S. A. -- [UPS Delivery Problem NR 56631];
People !
WHat gives ! ??
This is dangerous. There's about twenty message like this one (and the
previous one
Well,
After a bit of searching, i've found the offending message :
Mar-04-10 10:10:37 [MessageOK] 93.93.184.190 boldestfy...@cmarealtygroup.com
to: clients'@domain.gr -- Message OK -- [UPS Delivery Problem NR 50345];
Again, this message is marked as notspam (Message OK), but it
File::Scan::ClamAV has always been available by default in any distro's cpan
repo's that I've ever used. I might not understand what you mean.
Paul K. Dickson
Systems Administrator
Frederick County Government, IIT
Frederick, MD 21701
pdick...@frederickcountymd.gov
301-600-2399/x12399
From:
What is your collection frequency?
Paul K. Dickson
Systems Administrator
Frederick County Government, IIT
Frederick, MD 21701
pdick...@frederickcountymd.gov
301-600-2399/x12399
From: Spyros Tsiolis sts...@yahoo.co.uk
Reply-To: For Users of ASSP assp-user@lists.sourceforge.net
Date: Tue, 9
Turn on uniqeIDLogging so you can easily find all entries related to a
certain mail.
That aside, unless Fritz released a sub update/fix for 1.6.5, there is a bug
in it that in some rare cases causes the whitelist to be ignored. Not sure
what else. 1.7 seems to be perfectly stable and
Didnt you say you located it with grep? grep will tell you where it is.
`grep -irH 'UPS Delivery Problem NR 50345' /assp_directory`
That is case insensitive -i, recursive -r, and show files -H
--
Scott * If you contact me off list replace talklists@ with scott@ *
On Mar 9, 2010, at 9:00 AM,
Hi again and . . . thank you again for your reply,
Here goes :
RebuildSpamDB 2.6.5.4 (1.0.04) started - Tue Mar 9 01:00:02 2010
Running in basedirectory '/usr/local/assp'
---ASSP Settings---
Do Not Collect RedRe Messages: Enabled
**Messages matching the RedRe will be removed from the
Not exactly what I meant. Do you have all the options for collecting set
for their defaults? If not, which ones are different?
Paul K. Dickson
Systems Administrator
Frederick County Government, IIT
Frederick, MD 21701
pdick...@frederickcountymd.gov
301-600-2399/x12399
From: Spyros Tsiolis
Sorry, also, what I was looking to find out but mentioned the wrong section,
was if you have fileLogging turned on.
Paul K. Dickson
Systems Administrator
Frederick County Government, IIT
Frederick, MD 21701
pdick...@frederickcountymd.gov
301-600-2399/x12399
From: Spyros Tsiolis
On 3/9/2010 11:38 AM, Spyros Tsiolis wrote:
Hi GrayHat,
No, not ClamAV.
I tried to install it but it's not in the official CPAN repos, so
I avoided installing it.
Sounds like you answered your own question. If you don't do virus
scanning you will get infected emails through the
15 matches
Mail list logo