15025 running on a windows box in my lab. I just tried sending an email from gmail with a .reg file attached to it. Also tried with a .bat file. The emails arrive even though I have reg and bat files blocked. The gmail account is whitelisted, but I've tried with non-whitelisted accounts too.
I have ClamAV running and use the AFC-Plugin. If I disable one or both of these, the email still arrives. I have v1.925 of Email::Mime installed. I haven't tried downgrading. DoBlockExes is set to block BlockExes (external senders) is set to Level 2 BlockWLExes (wl senders) is set to Level 1 BlockNPExes (no processing) is set to Level 2 For BadAttachLevel1 I have: ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|ms[cipt]|nch|pcd|pif|prf|ps1|reg|sc[frt]|scr|sh[bs]|vb|vb[es]|wms|ws[cfh] (note that reg is listed there) For BadAttachLevel2 I have: zip I would expect to see that a level 1 exe was detected and that it was blocked. Instead it comes through and the log shows that a level 2 file was found. Log snippit Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org [scoring] DKIM signature verified-OK - header-passed - sender policy is: neutral - author policy is: neutral Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org Message-Score: added -5 (dkimOkValencePB) for DKIM pass, total score for this message is now -6 Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org Message-Score: added -5 (spfpValencePB) for SPF pass, total score for this message is now -11 Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org info: SenderBase - query using SenderBase Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org SenderBase -- used Senderbase -- country:US orgname:GOOGLE domain:google.com Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org HMM is not available - hmmdb is empty Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org Bayesian Check [scoring] - Prob: 0.00001 => ham Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org [Plugin]* calling plugin ASSP_AFC* Feb-12-15 21:39:33 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> to: test...@ourcharity.org info: 1 attachment found for *Level-2* Feb-12-15 21:39:33 msg95171-02457 [*MessageOK*] 209.85.220.42 < test-acco...@gmail.com> to: test...@ourcharity.org message ok [testing reg] -> messages/okmail/testing_reg--3448748.txt Could my regex be wrong somehow? Why would it find a Level 2 attachment, when it only matches level 1? Why wouldn't it have been blocked? Thanks ken ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
