- make a backup - upgrade openssl (including the dev header files) - upgrade libarchive ( at least 3.3.1 ), 7z and rar - make sure all required perl modules are installed (assp.mod.zip - mod_inst.pl) - install the perl modules App::cpanminus and App::cpanoutdated - make sure all perl modules are on the latest version (cpan-outdated -p|cpanm [--sudo] -n) - download the latest dev version (assp.pl, version.txt, Plugins/ASSP_AFC.pm) from https://sourceforge.net/p/assp/svn/HEAD/tree/assp2/trunk/ - replace the downloaded content - start assp - check moduleLoadErrors.txt for errors (solve them and restart assp) - configure ASSP_AFC.pm
Thomas Von: "Leandro N. Castro - INSETEC Informática" <leandro.cas...@insetec.com.ar> An: "For Users of ASSP" <assp-user@lists.sourceforge.net> Datum: 27.12.2018 15:35 Betreff: Re: [Assp-user] Regular expression to identify malformed FROM: header Hi everyone I have a couple of questions: I have many servers with ASSP, generally I use the autoupdate feature to upgrade version, one of them came from versión ASSP_2.5.3_16347, actually with version 2.6.1 *Fortress* build 18103, but not show me the “ASSP_AFC-Plugin” option in “Main Menu”, someone knows how can enable it? Another question: How can I test a development version? Only replace the “assp.pl” file? To do that I need to be in the same version like “version 2.6.1 build 18103” to “version 2.6.1 build 18337” for example? Thanks in advance! :) De: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Enviado el: sábado, 22 de diciembre de 2018 01:59 Para: For Users of ASSP Asunto: Re: [Assp-user] Regular expression to identify malformed FROM: header The current development version has a new feature to detect such mails. 2018-12-03 fixed in assp 2.6.2 *Fortress* build 18337: added: - 'DoNoFromSelect','Select Checks for From: and Sender: Header' Select which check should be done in DoNoFrom . 1 - from: and sender: header tag are both missing 2 - different domains found in from: and sender: email addresses 4 - multiple from: addresses or from: header tags found 8 - multiple sender: addresses or sender: header tags found 16 - no or an invalid email address found in from: header tag 32 - no or an invalid email address found in sender: header tag Simply form the sum of the numbers in front of the checks you want to select (0...63). Default vaule is 63 (1+2+4+8+16+32) - all checks are selected.' >make the user open the attached document (usually .doc containing macro viruses not identified by ClamAV) configure ClamAV to detect OLE2 content use the ASSP_AFC.pm plugin to detect executable code in attachments (including .doc with macro) Thomas Von: <marka...@gmx.de> An: <assp-user@lists.sourceforge.net> Datum: 21.12.2018 11:10 Betreff: [Assp-user] Regular expression to identify malformed FROM: header These days there's a lot of incoming mails with a malformed FROM: header looking like this: From: Real Person <real.per...@wellknowndomain.com> <spam...@anydomain.xy> This header fools MS Outlook (and probably other mail clients) to show the well known real e-mail-address to make the user open the attached document (usually .doc containing macro viruses not identified by ClamAV). I'm wondering if we could use bombHeaderRe to identify and score/block these messages. How should a regular expression look like to do that? Regards, Markus PS: season's greetings to all of you. _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
