Everything works like expected (- as I can see -) if 'ASSP_AFCReplBadAttach' is switched to 'ON'.
expect means: like described in the doc (GUI) Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 17.02.2015 22:52 Betreff: Re: [Assp-test] Attachment blocking I can't figure this out to save my life. Is there something wrong with the regex? If external is set to level 2 and block, how would mails like this get pushed through? It's not just .reg files, it's anything that I've tested including .bat. Thanks On Thu, Feb 12, 2015 at 9:58 PM, K Post <nntp.p...@gmail.com> wrote: > 15025 running on a windows box in my lab. > > I just tried sending an email from gmail with a .reg file attached to it. > Also tried with a .bat file. > The emails arrive even though I have reg and bat files blocked. The > gmail account is whitelisted, but I've tried with non-whitelisted accounts > too. > > I have ClamAV running and use the AFC-Plugin. If I disable one or both of > these, the email still arrives. > > I have v1.925 of Email::Mime installed. I haven't tried downgrading. > > DoBlockExes is set to block > BlockExes (external senders) is set to Level 2 > BlockWLExes (wl senders) is set to Level 1 > BlockNPExes (no processing) is set to Level 2 > > > For BadAttachLevel1 I have: > > ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|ms[cipt]|nch|pcd|pif|prf|ps1|reg|sc[frt]|scr|sh[bs]|vb|vb[es]|wms|ws[cfh] > (note that reg is listed there) > > For BadAttachLevel2 I have: > zip > > I would expect to see that a level 1 exe was detected and that it was > blocked. Instead it comes through and the log shows that a level 2 file > was found. > > Log snippit > > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org [scoring] DKIM signature verified-OK - > header-passed - sender policy is: neutral - author policy is: neutral > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org Message-Score: added -5 (dkimOkValencePB) for > DKIM pass, total score for this message is now -6 > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org Message-Score: added -5 (spfpValencePB) for > SPF pass, total score for this message is now -11 > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org info: SenderBase - query using SenderBase > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org SenderBase -- used Senderbase -- country:US > orgname:GOOGLE domain:google.com > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org HMM is not available - hmmdb is empty > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org Bayesian Check [scoring] - Prob: 0.00001 => ham > Feb-12-15 21:39:32 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org [Plugin]* calling plugin ASSP_AFC* > Feb-12-15 21:39:33 msg95171-02457 209.85.220.42 <test-acco...@gmail.com> > to: test...@ourcharity.org info: 1 attachment found for *Level-2* > Feb-12-15 21:39:33 msg95171-02457 [*MessageOK*] 209.85.220.42 < > test-acco...@gmail.com> to: test...@ourcharity.org message ok [testing > reg] -> messages/okmail/testing_reg--3448748.txt > > Could my regex be wrong somehow? Why would it find a Level 2 attachment, > when it only matches level 1? Why wouldn't it have been blocked? > > Thanks > ken > > > ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
