in this case the email is correctly stored instead:
Mar-24-16 10:00:35 [Worker_4] 86.98.212.218 [SMTP Reply] 220 EAIT - Keep it
legit, or keep out
Mar-24-16 10:00:36 [Worker_4] 86.98.212.218 [SMTP Reply] 250 DSN
Mar-24-16 10:00:36 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> [SMTP Reply] 250 2.1.0 Ok
Mar-24-16 10:00:36 [Worker_4] r...@local.tld matches r...@local.tld in
noProcessing
Mar-24-16 10:00:36 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> noprocessing Regex: noProcessing
'liquidazione.fusion@europassista'
Mar-24-16 10:00:36 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld [SMTP Reply] 250 2.1.5
Ok
Mar-24-16 10:00:36 [Worker_4] r...@local.tld matches r...@local.tld in
noProcessing
Mar-24-16 10:00:36 m1-10036-04835 [Worker_4] [TLS-out] [NoProcessing]
86.98.212.218 <customer.serv...@axminster.co.uk> to: r...@local.tld message
proxied without processing (except checks enabled for noprocessing mails)
Mar-24-16 10:00:36 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld [SMTP Reply] 354 End
data with <CR><LF>.<CR><LF>
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld [Plugin] calling
plugin ASSP_AFC
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld info: attachment
LN4244786.docm found for Level-1
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld info: using user based
compressed attachment check
Mar-24-16 10:00:38 [Worker_4] Info: will detect executables in compressed
files
Mar-24-16 10:00:38 [Worker_4] Info: analyzing compressed file
/opt/assp/tmp/zip_4_1458810038/LN4244786.docm at zip-level 0
Mar-24-16 10:00:38 [Worker_4] Info: looking for filetype in: .zip
Mar-24-16 10:00:38 [Worker_4] Info: found compressed file with type: 'zip'
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] [Attachment]
86.98.212.218 <customer.serv...@axminster.co.uk> to: r...@local.tld SPAM
FOUND bad attachment 'LN4244786.docm' is a 'compressed file
'LN4244786.docm' - contains forbidden executable file vbaProject.bin -
type: Windows-Scripting-Host script'
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] [Attachment]
86.98.212.218 <customer.serv...@axminster.co.uk> to: r...@local.tld info:
Plugin ASSP_AFC has set the collection parameter to '6' = discard folder
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] [Attachment]
86.98.212.218 <customer.serv...@axminster.co.uk> to: r...@local.tld mail
blocked by Plugin ASSP_AFC - reason BadAttachment
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] [Attachment]
86.98.212.218 <customer.serv...@axminster.co.uk> to: r...@local.tld [spam
found] (BadAttachment) [Your order has been despatched] ->
/opt/assp/discarded/Your_order_has_been_despatched--3181134.eml;
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld [SMTP Reply] 250 OK
Mar-24-16 10:00:38 m1-10036-04835 [Worker_4] [TLS-out] 86.98.212.218 <
customer.serv...@axminster.co.uk> to: r...@local.tld [SMTP Reply] 221 <
assp2.europassistance.it> closing transmission
hope this helps further investigating...
On Wed, Mar 23, 2016 at 5:31 PM, aquilinux <aquili...@gmail.com> wrote:
> i don't know what's happening...
> again, no email stored...
>
> Mar-23-16 17:26:16 [Worker_2] 74.125.82.46 [SMTP Reply] 220 EAIT - Keep it
> legit, or keep out
> Mar-23-16 17:26:16 [Worker_2] 74.125.82.46 [SMTP Reply] 250 DSN
> Mar-23-16 17:26:16 [Worker_2] 74.125.82.46 [SMTP Reply] 220 2.0.0 Ready to
> start TLS
> Mar-23-16 17:26:16 [Worker_2] [TLS-in] [TLS-out] 74.125.82.46 [SMTP Reply]
> 250 DSN
> Mar-23-16 17:26:16 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> info: found message size announcement:
> 15.05 kByte
> Mar-23-16 17:26:16 [Worker_2] aquili...@gmail.com matches
> aquili...@gmail.com in noDelayAddresses
> Mar-23-16 17:26:16 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> [SMTP Reply] 250 2.1.0 Ok
> Mar-23-16 17:26:16 [Worker_2] r...@local.tld matches r...@local.tld in
> spamLovers
> Mar-23-16 17:26:16 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld [SMTP Reply] 250
> 2.1.5 Ok
> Mar-23-16 17:26:16 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld [SMTP Reply] 354
> End data with <CR><LF>.<CR><LF>
> Mar-23-16 17:26:17 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld Whitelisted sender
> address: aquili...@gmail.com for recipient r...@local.tld
> Mar-23-16 17:26:17 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld Admininfo:
> whitelist addition: aquili...@gmail.com - AutoWhite on sent mail by
> aquili...@gmail.com
> Mar-23-16 17:26:17 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld DKIM-Signature found
> Mar-23-16 17:26:17 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld [Plugin] calling
> plugin ASSP_AFC
> Mar-23-16 17:26:17 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld info: attachment
> test.zip found for Level-1
> Mar-23-16 17:26:17 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld info: using user
> based compressed attachment check
> Mar-23-16 17:26:17 [Worker_2] Info: will detect executables in compressed
> files
> Mar-23-16 17:26:17 [Worker_2] Info: analyzing compressed file
> /opt/assp/tmp/zip_2_1458750377/test.zip at zip-level 0
> Mar-23-16 17:26:17 [Worker_2] Info: looking for filetype in: .zip
> Mar-23-16 17:26:17 [Worker_2] Info: found compressed file with type: 'zip'
> Mar-23-16 17:26:17 [Worker_2] Info: analyzing compressed file
> /opt/assp/tmp/zip_2_1458750377/.10/assp_attch_test.docx at zip-level 1
> Mar-23-16 17:26:17 [Worker_2] Info: looking for filetype in: .zip
> Mar-23-16 17:26:17 [Worker_2] Info: found compressed file with type: 'zip'
> Mar-23-16 17:26:17 [Worker_2] Info: analyzing compressed file
> /opt/assp/tmp/zip_2_1458750377/.10/assp_attch_test.xlsx at zip-level 1
> Mar-23-16 17:26:17 [Worker_2] Info: looking for filetype in: .zip
> Mar-23-16 17:26:17 [Worker_2] Info: found compressed file with type: 'zip'
> Mar-23-16 17:26:18 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> [Attachment] 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld SPAM
> FOUND bad attachment 'test.zip' is a 'compressed file 'test.zip' - contains
> forbidden file /opt/assp/tmp/zip_2_1458750377/.10/pippo.js'
> Mar-23-16 17:26:18 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> [Attachment] 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld info:
> Plugin ASSP_AFC has set the collection parameter to '6' = discard folder
> Mar-23-16 17:26:18 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> [Attachment] 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld mail
> blocked by Plugin ASSP_AFC - reason BadAttachment
> Mar-23-16 17:26:18 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> [Attachment] 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld [spam
> found] (BadAttachment) [Fwd test zip files];
> Mar-23-16 17:26:18 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld [SMTP Reply] 250 OK
> Mar-23-16 17:26:18 m1-50376-07789 [Worker_2] [TLS-in] [TLS-out]
> 74.125.82.46 <aquili...@gmail.com> to: r...@local.tld [SMTP Reply] 221 <
> assp1.europassistance.it> closing transmission
>
> i tried to set a different collect folder for attachment (quarantine) but
> it seems the collection parameter is not changing (maybe hardcoded?).
>
> regards,
>
> On Wed, Mar 23, 2016 at 5:05 PM, aquilinux <aquili...@gmail.com> wrote:
>
>> Thomas, i don't really know what caused that regression.
>> I mean, after 16081 i didn't have the issue with cwd anymore.
>> then, it suddendly stopped working for me and i was back to the cwd issue.
>> i was really puzzled...
>> so i tried 16081 in test, and cwd was working!
>> the same assp version, perl modules, and AFC plugin gave me 2 different
>> behaviours....
>>
>> now, i upgraded to 16083 and everything is working fine again..
>>
>> Mar-23-16 16:41:15 [Worker_1] Info: will detect executables in compressed
>> files
>> Mar-23-16 16:41:15 [Worker_1] Info: analyzing compressed file
>> /opt/assp/tmp/zip_1_1458747675/test.zip at zip-level 0
>> Mar-23-16 16:41:15 [Worker_1] Info: looking for filetype in: .zip
>> Mar-23-16 16:41:15 [Worker_1] Info: found compressed file with type: 'zip'
>> Mar-23-16 16:41:15 [Worker_1] Info: analyzing compressed file
>> /opt/assp/tmp/zip_1_1458747675/.10/assp_attch_test.docx at zip-level 1
>> Mar-23-16 16:41:15 [Worker_1] Info: looking for filetype in: .zip
>> Mar-23-16 16:41:15 [Worker_1] Info: found compressed file with type: 'zip'
>> Mar-23-16 16:41:15 [Worker_1] Info: analyzing compressed file
>> /opt/assp/tmp/zip_1_1458747675/.10/assp_attch_test.xlsx at zip-level 1
>> Mar-23-16 16:41:15 [Worker_1] Info: looking for filetype in: .zip
>> Mar-23-16 16:41:15 [Worker_1] Info: found compressed file with type: 'zip'
>> Mar-23-16 16:41:16 m1-47674-12726 [Worker_1] [TLS-in] [TLS-out]
>> 74.125.82.45 <aquili...@gmail.com> to: r...@local.tld whitelisted (no
>> bad attachments)
>>
>> so, is it possible that assp files (maybe in sl-cache) get corrupted in
>> any way?
>> how can this behaviour be explained?
>>
>>
>> About MaxAllowedDups, i always set it to 0 because i didn't care about
>> this feature..
>> I know that there is a flaming discussion about this, but, really, i
>> trust your implementation of Bayes and HMM, so i don't care arguing about
>> this or opening the box to have a look at what's inside.
>> i was just wondering now (since this issue about moved files) what's the
>> best setting for MaxAllowedDups in order to have both:
>>
>> - no problem with resend requests (yes, even if this is really spam) so,
>> any blocked email should be elegible for a resend
>>
>> - the best results on bayes/hmm training with the less amount of useless
>> stored email.
>>
>> i don't know if any of these sentences make sense :)
>> but i hope i've been clear enough.
>>
>> thanks, as usual,
>>
>>
>>
>>
>>
>>
>> On Wed, Mar 23, 2016 at 4:25 PM, Thomas Eckardt <
>> thomas.ecka...@thockar.com> wrote:
>>
>>> just released updates for assp.pl and ASSP_AFC at CVS
>>>
>>> - fixes the unexpected stop of decompression in ASSP_AFC
>>>
>>> - using build 16081 - files were unexpected moved from 'spam' to
>>> 'discarded' if 'MaxAllowedDups' was set to zero
>>>
>>> - the resend link in BlockReports was missing, if a collected file was
>>> moved from 'spam' to 'discarded'
>>>
>>> Thomas
>>>
>>>
>>>
>>>
>>> Von: aquilinux <aquili...@gmail.com>
>>> An: For Users of ASSP <assp-user@lists.sourceforge.net>
>>> Datum: 23.03.2016 16:07
>>> Betreff: Re: [Assp-user] bad attachment [...] possibly a virus
>>> infected file (can't extract archive)'
>>>
>>>
>>>
>>> On Wed, Mar 23, 2016 at 3:44 PM, Thomas Eckardt
>>> <thomas.ecka...@thockar.com>
>>> wrote:
>>>
>>> > perl -e 'use Cwd;print cwd();'
>>>
>>>
>>> this works:
>>>
>>> root@assp1:~# perl -e 'use Cwd;print cwd();'
>>> /rootroot@assp1:~#
>>>
>>> i'll do more extensive tests.
>>>
>>> thanks
>>> --
>>> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>>>
>>> Nessuno mi pettina bene come il vento.
>>>
>>> ------------------------------------------------------------------------------
>>> Transform Data into Opportunity.
>>> Accelerate data analysis in your applications with
>>> Intel Data Analytics Acceleration Library.
>>> Click to learn more.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential, legally
>>> privileged and protected in law and are intended solely for the use of
>>> the
>>>
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be no
>>> known virus in this email!
>>> *******************************************************
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Transform Data into Opportunity.
>>> Accelerate data analysis in your applications with
>>> Intel Data Analytics Acceleration Library.
>>> Click to learn more.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>
>>
>> --
>> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>>
>> Nessuno mi pettina bene come il vento.
>>
>
>
>
> --
> "Madness, like small fish, runs in hosts, in vast numbers of instances."
>
> Nessuno mi pettina bene come il vento.
>
--
"Madness, like small fish, runs in hosts, in vast numbers of instances."
Nessuno mi pettina bene come il vento.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
