That's GREAT to know. Maybe indicate in the GUI that only the hashes of each part are sent to VirusTotal, and not the whole file? I suspect you'll get lots of questions about this as people realize information from email is being sent externally for scanning. Sending the hash only isn't a risk at all in my book, I just wasn't sure if the whole file was sent or what. A gui note would clarify that.
On Wed, Jun 5, 2019 at 1:06 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > Currently only hashes are checked (for each MIME part). > URL's are checked, if virustotal is configured in 'URIBLServiceProvider'. > > Thomas > > > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 05.06.2019 05:13 > Betreff: Re: [Assp-test] fixes in assp 2.6.4 *SPAM-Evaporator* > build 19151 > ------------------------------ > > > > If ASSP_AFCDoVirusTotalVirusScan is enabled, is the entire file sent to > VirusTotal, or just hashes? If the entire file is sent, is there a way to > disable the file scanning and only scan URL's? > Thanks for this valuable addition to ASSP. > Ken > > On Fri, May 31, 2019 at 5:57 AM Thomas Eckardt < > *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote: > Hi all, > > fixed in assp 2.6.4 *SPAM-Evaporator* build 19151: > > - 'fillUpImportDBDir' was not working on some systems > > - a good rule '.*' in UserAttach was ignored > > > added: > > - queries for viruses and bad URL's to *www.virustotal.com* > <http://www.virustotal.com/> are now supported > virus checks require ASSP_AFC.pm (version 5.10) > > lib/ASSP_VirusTotal_API.pm (version 1.01) and the changed ASSP_AFC.pm > (version 5.10) and > > 'VirusTotalAPIKey','The Privat API-Key for VirusTotal' > 'To query *www.VirusTotal.com* <http://www.virustotal.com/> for URIs > and/or viruses (ASSP_AFC.pm), a valid API-Key is required. An API-Key is > provided by VirusTotal for free, after your registration at > *www.virustotal.com* <http://www.virustotal.com/>. > Such a free API-Key is limited to four queries at VirusTotal per minute. > API-Keys for a higher query volume are also provided by VirusTotal. > Systems that are part of the ASSP-Global-PenalyBox network can leave this > value empty. They are getting an API-Key with a much higher query volume > from the GPB-Server automatically, > without any additionally costs. This API-Key is not shown here!' > > 'ASSP_AFCDoVirusTotalVirusScan','Enable VirusTotal Virus Scan' > 'If a VirusTotalAPIKey is provided and this option is enabled, all > MIME-parts will be (in addition to ClamAV and/or FileScan) checked by > *www.virustotal.com.'* <http://www.virustotal.com.'/> > > > - DBD::MariaDB is now supported > > > changed: > > 'enhancedOriginIPDetect','Do an Enhanced Origin IP Address Detection in > the Mail Header' > Local and private IP's, IP's assigned by IANA to the Shared Address > Space (*100.64.0.0/10 RFC6598* <http://100.64.0.0/10RFC6598>) and IP's > listed in ispip, acceptAllMail, whiteListedIPs, noProcessingIPs, noDelay > and noPB > will be ignored. > > 'RBLServiceProvider','RBL Service Providers*' > references to *combined.njabl.org* <http://combined.njabl.org/> are > removed from the GUI > > 'URIBLServiceProvider','URIBL Service Providers*' > ... > If VirusTotalAPIKey is configured, assp is able to query URIs on > *www.virustotal.com* <http://www.virustotal.com/> . The API answers are > in the range 127.0.0.2-127.0.0.253 (or none for OK), where the last digits > represents HITS + 1. > Queries to VirusTotal are using HTTPS connections ( > *https://www.virustotal.com/..* <https://www.virustotal.com/>.) instead > of DNS! > example: > virustotal=>127.0.0.2=>1 # one hit > virustotal=>127.0.0.3=>0.5 # two hits > virustotal=>127.0.0.4=>0.33 # three hits > virustotal=>127.0.0.*=>0.25 # more than three hits' > > > > Thomas > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
