The assp code for this feature is untouched for a long long time - but the used Perl module was changed. I just made some tests and got the same result, because the attachment was not detected by the code.
I'll try to fix this. Thomas Von: Ivano Meneghello <iv...@hypergrid.it> An: assp-test@lists.sourceforge.net Datum: 05.05.2015 17:53 Betreff: Re: [Assp-test] Attachment name in bombRe Hello Thomas and thank you for the answer, MaxBytes is set at 4000 bytes but the body of the test message is way shorter. Here follows an extract from a corresponding debug file: > >Mag-05-15 17:42:28 [Worker_1] <doing line <------=_Part_488451_869742710.1430840540408[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <Content-Type: text/plain; charset=UTF-8[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <Content-Transfer-Encoding: 7bit[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <test 0505 1[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <------=_Part_488451_869742710.1430840540408[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <Content-Type: application/msword[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <Content-Transfer-Encoding: base64[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <Content-Disposition: attachment; > filename=01234567.doc[CR][LF] > > > >Mag-05-15 17:42:28 [Worker_1] <Maillog > >Mag-05-15 17:42:28 [Worker_1] <doing line <Content-ID: > <e229d68b-45f2-4d28-fd71-82ca640c0...@yahoo.com>[CR][LF] I cut it right where the encoded attachment would start but the "filename=01234567.doc" is present. Yet bombReData ignored the filename, so I am still puzzled. Greetings, Ivano Meneghello HyperGrid s.r.l. V.le Golgi 63 - 27100 Pavia - ITALY http://www.hypergrid.it Tel: +39-0382-528875 Fax: +39-0382-049303 E-mail: iv...@hypergrid.it <mailto:iv...@hypergrid.it> More than a decade of Digital Security <http://www.hypergrid.it/socialnetworks> Il 05/05/2015 17:11, Thomas Eckardt ha scritto: > It could be happen that the attachment is outside the range of MaxBytes - > in this case it will be not detected. > >> Amazingly if I write the actual sentence "attachment:01234567.doc" in the > message body then it >> triggers the bomb filter. > ASSP is simply doing the same - it adds such string for every found > attachment to the content that will be analyzed. > > Thomas > > > > > Von: Ivano Meneghello <iv...@hypergrid.it> > An: assp-test@lists.sourceforge.net > Datum: 05.05.2015 14:45 > Betreff: [Assp-test] Attachment name in bombRe > > > > Hello all, > > we use ASSP 2.4.3 and we're looking for a way to score email messages by > attachment name and not > only by extension. > > Anybody knows if the "attachment:filename" form of bombRe and bombReData > is still working? > > I have to ask because, apparently, it's not. > > Putting something like: > > attachment:01234567\.doc > > in either bombReData or bombRe has no effect at all on a test message with > the file "01234567.doc" > attached. > > Amazingly if I write the actual sentence "attachment:01234567.doc" in the > message body then it > triggers the bomb filter. > > Any help would be greatly appreciated. > > > Greetings, > > Ivano Meneghello > > HyperGrid s.r.l. > V.le Golgi 63 - 27100 Pavia - ITALY > http://www.hypergrid.it > > Tel: +39-0382-528875 > Fax: +39-0382-049303 > E-mail: iv...@hypergrid.it <mailto:iv...@hypergrid.it> > > More than a decade of Digital Security > > <http://www.hypergrid.it/socialnetworks> > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
