All resent mails are scanned for viruses -> result is (.err.virus
extension).
Use the BlockReportFilter to prevent resend requests from regular users
for blocked attachments and viruses.
Yes, it is right - if a mail was blocked by any check before the ASSP_AFC
plugin was called and the virusscanner detects no virus at a resend
request, the mail will be resent - even it contains a forbidden
attachment.
At this time, there is no way to call a plugin from inside the resend
function. Extracting the missing runtime data from the 'X-ASSP-' headers
would be possible and ok for a simple regular resend. But resend requests
may come from Admins, BlockReportAdmins , deputys .... ! This opens
several question for the case where userbased attachment blocking is
configured. One question is, which userbased configuration should be used?
- original receipient
- original sender
- requester
- defined recipient of the resend
If there are multiple matches, what should be ignored?
I'll think about this and it is now on the TODO-list for any of the next
versions.
Thomas
Von: aquilinux <aquili...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 29.03.2016 10:46
Betreff: [Assp-test] AFC Plugin question
Hi there, just a question on assp logic:
If a mail gets blocked by MessageLimit before it reaches the AFC plugin,
will the resend of this mail trigger the AFC plugin? i'm asking because
behind 98% of my AFC blocks there is a malware/script that is still not
catch by ClamAV.
My concern is that (as it was for Clamav scan) AFC is not triggered on a
resend.
If it is so, can this be implemented as well as the AV scan logic (ie. the
mail asked to be re-sent will be scanned by both AV and AFC).
At this point, what to do with the mail elegible for resend that has a bad
attachment?
I think we can deal with it in 3 ways:
- Let it through (this is the standard way i guess, since BadAttachment is
just an ordinary check as others)
- Replace attachment (already implemented if mail is blocked in the way of
message scoring, but not applied in a resend)
- Block block block (not available atm, but helpful, just as the AV logic
on a resend)
Maybe i've gone too far but i just wanted to point out that, imho, the AFC
plugin should be run always (run it in a resend if not run on mail check
routine)
One more point. I see blocked mail with viruses in the resend folder
(.err.virus extension). good.
Wouldn't it be nicer to notify the user, in this case, that the email he
requested was blocked because it contained a virus? The user perception
now
is that the resend for that particular mail is not working as expected
without further notice. I see in attachment blocking part that there is
the
possibilty to replace virus part with a message. But why should a user
receive a clearly spam message that carries a virus, even with the
replaced
virus part?
Thanks!
Regards,
--
"Madness, like small fish, runs in hosts, in vast numbers of instances."
Nessuno mi pettina bene come il vento.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
