and in this case the message is blocked, but it is not stored anywhere:
Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> info: found message size announcement:
23.25 kByte
Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> [SMTP Reply] 250 2.1.0 Ok
Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply] 250 2.1.5 Ok
Mar-17-16 13:19:16 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply] 354 End data
with <CR><LF>.<CR><LF>
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld DKIM-Signature found
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld info: found known good
HELO 'smtp.tiscali.it' - weight is -2
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld Message-Score: added -40
for KnownGoodHelo, total score for this message is now -40
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld info: domain tiscali.it
has published a DMARC record
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld strictspf Regex:
strictSPFRe 'tiscali.it'
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld Message-Score: added -15
(pbwValencePB) for In Penalty White Box, total score for this message is
now -55
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld removed
Disposition-Notification headers from mail
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld HMM Check [scoring] -
Prob: 0.00000 => ham - answer/query relation: 22% of 50
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld Bayesian Check [scoring] -
Prob: 0.00000 => ham - answer/query relation: 71% of 52
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld [Plugin] calling plugin
ASSP_AFC
Mar-17-16 13:19:17 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld info: using user based
compressed attachment check
Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 213.205.33.246 <o...@remote.tld> to: i...@local.tld SPAM FOUND
bad attachment 'N 19 convitto barcellona 20 23 marzo.xlsx' is a ' - the
file extension: '.xlsx' does not match the content based detected file type
'''
Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 213.205.33.246 <o...@remote.tld> to: i...@local.tld mail blocked
by Plugin ASSP_AFC - reason BadAttachment
Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
[Attachment] 213.205.33.246 <o...@remote.tld> to: i...@local.tld [spam found]
(BadAttachment) [societa sardinia new tavel polizza 33489q 19 2016];
Mar-17-16 13:19:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply] 250 OK
Mar-17-16 13:20:18 m1-17156-26856 [Worker_1] [TLS-in] [TLS-out]
213.205.33.246 <o...@remote.tld> to: i...@local.tld [SMTP Reply] 221
<myassphost> closing transmission
this message is actually marked as spam but it is LOST....
On Thu, Mar 17, 2016 at 12:41 PM, aquilinux <aquili...@gmail.com> wrote:
> here's a different case of uncorrect detection:
>
> Mar-17-16 12:33:38 m1-14417-13392 [Worker_3] [TLS-in] [TLS-out]
> [Attachment] 92.246.34.74 <o...@remote.tld> to: i...@local.tld SPAM FOUND
> bad attachment 'Copia di Lista mezzi Truckcenter.xlsx' is a ' - the file
> extension: '.xlsx' does not match the content based detected file type '''
>
>
> On Thu, Mar 17, 2016 at 10:40 AM, aquilinux <aquili...@gmail.com> wrote:
>
>> Upgraded, thanks.
>> I have now an issue with another legitimate attachment:
>>
>> Mar-17-16 09:37:24 m1-03839-03606 [Worker_4] [TLS-in] [TLS-out]
>> [Attachment] 212.82.97.124 <sen...@yahoo.it> to: m...@my.tld SPAM FOUND
>> bad attachment 'CITYLIFE INTERVENTI ESEGUITI 16.03.16.zip' is a 'compressed
>> file 'CITYLIFE INTERVENTI ESEGUITI 16.03.16.zip' - contains forbidden
>> executable file CITYLIFE - type: possibly a virus infected file (can't
>> read)'
>>
>> the zip file contains a folder (with spaces), containing 6 PDF files
>> (with spaces), all clean.
>> So, i removed the spaces from the zip (in folder and file names) and now
>> the mail gets through as expected.
>> I think there is an issue with zip attachment with spaces that prevets
>> AFC from detecting correct file extensions.
>>
>> Regards,
>>
>> On Thu, Mar 17, 2016 at 7:36 AM, Thomas Eckardt <
>> thomas.ecka...@thockar.com> wrote:
>>
>>> To detect .emz files you need to upgrade MIME::Types at least to version
>>> 2.13 (CPAN has it).
>>>
>>> Thomas
>>>
>>>
>>>
>>>
>>> Von: aquilinux <aquili...@gmail.com>
>>> An: For Users of ASSP <assp-user@lists.sourceforge.net>
>>> Datum: 16.03.2016 10:08
>>> Betreff: Re: [Assp-user] bad attachment [...] possibly a virus
>>> infected file (can't extract archive)'
>>>
>>>
>>>
>>> thanks Thomas, i upgraded both assp.pl and plugin.
>>> now i'm facing this:
>>>
>>> Mar-16-16 09:56:08 m1-18566-15642 [Worker_5] [TLS-in] [TLS-out]
>>> [Attachment] 92.246.34.74 <x...@xyz.tld> to: a...@abc.tld SPAM FOUND bad
>>> attachment 'image001.emz' is a ' - the file extension: '.emz' does not
>>> match the content based detected file type '''
>>>
>>> Mar-16-16 09:56:08 [Worker_5] Warning: possibly a virus infected file
>>> (can't read) '/opt/assp/tmp/zip_5_1458118567/.10/.10' - Not a directory
>>>
>>>
>>> regards,
>>> aqx
>>>
>>> On Wed, Mar 16, 2016 at 8:13 AM, Thomas Eckardt
>>> <thomas.ecka...@thockar.com>
>>> wrote:
>>>
>>> > ASSP version 2.4.8(16074) + ASSP_AFC 3.26
>>> >
>>> > both available at SF-CVS
>>> >
>>> > will fix this.
>>> >
>>> > Thomas
>>> > ps: please use the "ASSP List" assp-t...@lists.sourceforge.net if you
>>> use
>>> > a dev version 2.4.8
>>> >
>>> >
>>> >
>>> >
>>> > Von: aquilinux <aquili...@gmail.com>
>>> > An: For Users of ASSP <assp-user@lists.sourceforge.net>
>>> > Datum: 15.03.2016 15:00
>>> > Betreff: [Assp-user] bad attachment [...] possibly a virus
>>> infected
>>> > file (can't extract archive)'
>>> >
>>> >
>>> >
>>> > Hi all,
>>> > I recently enforced attachment blocking with zip inspection but
>>> legitimate
>>> > attachements are blocked because of this:
>>> >
>>> > Mar-15-16 14:09:55 [Worker_5] Warning: possibly a virus infected file
>>> > (can't extract archive)
>>> >
>>> >
>>>
>>> '/opt/assp/tmp/zip_5_1458047395/MSC_Implementation_Activities_15.03.2016.xlsx'
>>> >
>>> > Mar-15-16 14:39:15 [Worker_10] Warning: possibly a virus infected file
>>> > (can't extract archive)
>>> >
>>> >
>>>
>>> '/opt/assp/tmp/zip_10_1458049154/20150922_GAA_Global_Corporate_Commercial_ok.docx'
>>> > - - Could not chdir back to start dir '': '
>>> >
>>> > Mar-15-16 14:04:22 [Worker_1] Warning: possibly a virus infected file
>>> > (can't extract archive)
>>> > '/opt/assp/tmp/zip_1_1458047062/Figures_wo_VolvoTrucks.xlsm' - - Could
>>> > not
>>> > chdir back to start dir '': '
>>> >
>>> > Mar-15-16 14:08:09 [Worker_1] Warning: possibly a virus infected file
>>> > (can't extract archive) '/opt/assp/tmp/zip_1_1458047289/errori.zip' -
>>> -
>>> > Could not chdir back to start dir '': '
>>> >
>>> > what's happening?
>>> > ASSP version 2.4.8(16060) + ASSP_AFC 3.19
>>> >
>>> > thanks!
>>> >
>>> > --
>>> > "Madness, like small fish, runs in hosts, in vast numbers of
>>> instances."
>>> >
>>> > Nessuno mi pettina bene come il vento.
>>> >
>>> >
>>>
>>> ------------------------------------------------------------------------------
>>> > Transform Data into Opportunity.
>>> > Accelerate data analysis in your applications with
>>> > Intel Data Analytics Acceleration Library.
>>> > Click to learn more.
>>> > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
>>> > _______________________________________________
>>> > Assp-user mailing list
>>> > Assp-user@lists.sourceforge.net
>>> > https://lists.sourceforge.net/lists/listinfo/assp-user
>>> >
>>> >
>>> >
>>> >
>>> > DISCLAIMER:
>>> > *******************************************************
>>> > This email and any files transmitted with it may be confidential,
>>> legally
>>> > privileged and protected in law and are intended solely for the use of
>>> the
>>> >
>>> > individual to whom it is addressed.
>>> > This email was multiple times scanned for viruses. There should be no
>>> > known virus in this email!
>>> > *******************************************************
>>> >
>>> >
>>> >
>>> >
>>>
>>> ------------------------------------------------------------------------------
>>> > Transform Data into Opportunity.
>>> > Accelerate data analysis in your applications with
>>> > Intel Data Analytics Acceleration Library.
>>> > Click to learn more.
>>> > http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
>>> > _______________________________________________
>>> > Assp-user mailing list
>>> > Assp-user@lists.sourceforge.net
>>> > https://lists.sourceforge.net/lists/listinfo/assp-user
>>> >
>>> >
>>>
>>>
>>> --
>>> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>>>
>>> Nessuno mi pettina bene come il vento.
>>>
>>> ------------------------------------------------------------------------------
>>> Transform Data into Opportunity.
>>> Accelerate data analysis in your applications with
>>> Intel Data Analytics Acceleration Library.
>>> Click to learn more.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential, legally
>>> privileged and protected in law and are intended solely for the use of
>>> the
>>>
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Transform Data into Opportunity.
>>> Accelerate data analysis in your applications with
>>> Intel Data Analytics Acceleration Library.
>>> Click to learn more.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>
>>
>> --
>> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>>
>> Nessuno mi pettina bene come il vento.
>>
>
>
>
> --
> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>
> Nessuno mi pettina bene come il vento.
>
--
"Madness, like small fish, runs in hosts, in vast numbers of instances."
Nessuno mi pettina bene come il vento.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
