Scanning the content on VirusTotal takes very much to long. How ever, I'll add the following to the ASSP_AFC 5.11 GUI
ASSP_AFCDoVirusTotalVirusScan ....There will be no mail content sent to VirusTotal, only hashes are queried! Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 06.06.2019 15:45 Betreff: Re: [Assp-test] fixes in assp 2.6.4 *SPAM-Evaporator* build 19151 That's GREAT to know. Maybe indicate in the GUI that only the hashes of each part are sent to VirusTotal, and not the whole file? I suspect you'll get lots of questions about this as people realize information from email is being sent externally for scanning. Sending the hash only isn't a risk at all in my book, I just wasn't sure if the whole file was sent or what. A gui note would clarify that. On Wed, Jun 5, 2019 at 1:06 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: Currently only hashes are checked (for each MIME part). URL's are checked, if virustotal is configured in 'URIBLServiceProvider'. Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" < assp-test@lists.sourceforge.net> Datum: 05.06.2019 05:13 Betreff: Re: [Assp-test] fixes in assp 2.6.4 *SPAM-Evaporator* build 19151 If ASSP_AFCDoVirusTotalVirusScan is enabled, is the entire file sent to VirusTotal, or just hashes? If the entire file is sent, is there a way to disable the file scanning and only scan URL's? Thanks for this valuable addition to ASSP. Ken On Fri, May 31, 2019 at 5:57 AM Thomas Eckardt <thomas.ecka...@thockar.com > wrote: Hi all, fixed in assp 2.6.4 *SPAM-Evaporator* build 19151: - 'fillUpImportDBDir' was not working on some systems - a good rule '.*' in UserAttach was ignored added: - queries for viruses and bad URL's to www.virustotal.com are now supported virus checks require ASSP_AFC.pm (version 5.10) lib/ASSP_VirusTotal_API.pm (version 1.01) and the changed ASSP_AFC.pm (version 5.10) and 'VirusTotalAPIKey','The Privat API-Key for VirusTotal' 'To query www.VirusTotal.com for URIs and/or viruses (ASSP_AFC.pm), a valid API-Key is required. An API-Key is provided by VirusTotal for free, after your registration at www.virustotal.com. Such a free API-Key is limited to four queries at VirusTotal per minute. API-Keys for a higher query volume are also provided by VirusTotal. Systems that are part of the ASSP-Global-PenalyBox network can leave this value empty. They are getting an API-Key with a much higher query volume from the GPB-Server automatically, without any additionally costs. This API-Key is not shown here!' 'ASSP_AFCDoVirusTotalVirusScan','Enable VirusTotal Virus Scan' 'If a VirusTotalAPIKey is provided and this option is enabled, all MIME-parts will be (in addition to ClamAV and/or FileScan) checked by www.virustotal.com.' - DBD::MariaDB is now supported changed: 'enhancedOriginIPDetect','Do an Enhanced Origin IP Address Detection in the Mail Header' Local and private IP's, IP's assigned by IANA to the Shared Address Space (100.64.0.0/10 RFC6598) and IP's listed in ispip, acceptAllMail, whiteListedIPs, noProcessingIPs, noDelay and noPB will be ignored. 'RBLServiceProvider','RBL Service Providers*' references to combined.njabl.org are removed from the GUI 'URIBLServiceProvider','URIBL Service Providers*' ... If VirusTotalAPIKey is configured, assp is able to query URIs on www.virustotal.com . The API answers are in the range 127.0.0.2-127.0.0.253 (or none for OK), where the last digits represents HITS + 1. Queries to VirusTotal are using HTTPS connections ( https://www.virustotal.com/...) instead of DNS! example: virustotal=>127.0.0.2=>1 # one hit virustotal=>127.0.0.3=>0.5 # two hits virustotal=>127.0.0.4=>0.33 # three hits virustotal=>127.0.0.*=>0.25 # more than three hits' Thomas DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
