If set ASSP_AttachmentFullCheckReplaceBadAttachment and/or ASSP_AttachmentFullCheckReplaceViriParts
the mail will be never blocked - the bad parts will be replaced: the filename by *.txt and the content by the defined text. I just saw - I forgot to delete a statement in the plugin - so detection but no action - sorry, this will be fixed! Thomas Scott MacLean <a...@hollsco.com> 29.04.2009 19:19 Bitte antworten an ASSP development mailing list <assp-test@lists.sourceforge.net> An ASSP development mailing list <assp-test@lists.sourceforge.net> Kopie Thema Re: [Assp-test] Antwort: Re: Antwort: Attachments still not blocking RC22... At 11:27 AM 4/29/2009, Thomas Eckardt/eck wrote: >Scott, > >set maxBytes back to the 'reasonable' 8000 - this is just enough - for >bomb regexes. Look in to the file files/bombre.txt - the complete file is >compiled in to one regular expression (and if I remember right - your are >using this file twice , which is one time to much). Correct, I had it checking header and data, and then data again - I removed it from the data. >This regex is running >over maxBytes and the time that is needed to do this, is rising up >expotentional to the scanned content. >Try (never do that) to set maxBytes to 100.000 and you'll see your system >stucking minutes on one mail searching for bombs. The same belongs to >ClamAVBytes. Understood. >Use the Attachment-Plugin (configure it to your needs). This will set the >limit for every mime part to maxBytes for virusscan . Every message is >checked two times: first check is the one inside ASSP (on maxBytes like >now) - second is the check from the Plugin for the complete mail (finding >any attachment) unless the message is larger than npSize. I tried this, but it is not working correctly. The plugin is loading correctly: ASSP version 2.0.1(RC 0.0.25) (Perl 5.010000) (on MSWin32) initializing Info: try loading plugin ASSP_AttachmentFullCheck ASSP_AttachmentFullCheck: Plugin successful called! Info: plugin ASSP_AttachmentFullCheck version 1.06 loaded for runlevel 'complete mail'. DoASSP_AttachmentFullCheck is enabled, and ASSP_AttachmentFullCheckSelect is set to "do attachments". It looks like it first uses the regular attachment check, which doesn't find anything (because Maxbytes is set to 8000), and then hands it to the plugin, which DOES find the bad attachment...but doesn't do anything about it, and the message is still sent through normally. I also tried enabling ASSP_AttachmentFullCheckReplaceBadAttachment, and setting the ASSP_AttachmentFullCheckReplaceBadAttachmentText to some text, but even though the log shows it was found, the attachment was not removed, and the text was not inserted: [Whitelisted] x.x.x.x <sen...@email.com> to: recipi...@email.com whitelisted (no bad attachments) [8000 plugin test] -> c:/ASSP/notspam/1469.eml x.x.x.x <sen...@email.com> to: recipi...@email.com [Plugin] calling plugin ASSP_AttachmentFullCheck x.x.x.x <sen...@email.com> to: recipi...@email.com info: attachment Test.js found for Level-1 [MessageOK] x.x.x.x <sen...@email.com> to: recipi...@email.com message ok [8000 plugin test] -> c:/ASSP/notspam/1469.eml ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
