>and last checks the hashes No, this is the first check after decompressing. If assp finds a hash it does not know if the file is good or bad (because this should not matter). If a good hash is found, it exceptional stops processing the attachment.
>ALLOWPARTONLY What should happen, if for example two good hashes are found - one with and one without this tag? First with tag - second wihout ..... first without - second with? Different in different compression levels, Same in ... but different elsewhere ... to be continued endless. The code logic for the sequence how attachment are decompressed and analyzed is fixed - there is no need to change it. This feature is (as I wrote) an exceptional additional check (quick and simple like it should be). Anything like 'ALLOWPARTONLY' will raise the complexity of the code and the configuration to an expotentional level. And if I think about anyone requests extensions like: INOFFICEONLY, IGNOREINOLE, INDOCONLY, INXLSONLY .... (to be continued infinity) - because he/she is unable to aggree to the required level of trust - I am getting dizzy. The concept to build and to implement this feature is over a year old. I had to put in to the dev pipeline because of the templating feature in UserAttach. Some code may be changed - but not the concept (keep existing features, keep the procesing sequence, keep exceptional handling of exceptions). If you are unable to trust you partners, you need to build your own trust level - but assp is not the right application to do such things. To build your own trust level, use any of the leading behavior/thread analyzers like: Cisco Advanced Malware Protection Virtual Private Cloud Appliance trendmicro Deep Discovery Analyzer checkpoint advanced threat protection windows defender advanced threat protection depending on the required performance they are from ~50.000 to ~120.000 $US (checkpoint offers also some cheaper solutions, if less performance is required) or you spend some days or weeks to build and to configure your own "cuckoo sandbox" envirionment (for free) Thomas DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
