[qmailtoaster] Block exe files inside zip file
Hi Everyone, Today one of my user received a virus attachment inside zip file. I just checked and found a exe file inside zip file. Exe file extension are already blocked on server but now how do I block zip files having such executable file. Amit Dalia Join Us: http://www.facebook.com/IKFPune cid:image001.png@01CBA820.E533FB00 http://in.linkedin.com/in/ikfpune cid:image002.png@01CBA820.E533FB00 http://twitter.com/ikfpune cid:image003.png@01CBA820.E533FB00 http://maps.google.co.in/maps?oe=utf-8client=firefox-aie=UTF8q=ikf+pune; fb=1gl=inhq=ikfhnear=Pune,+Maharashtrahl=enview=mapcid=144792588562531 50229iwloc=Aved=0CBoQpQYsa=Xei=jOwVTe_gJqngyQTAssjeCg cid:image004.png@01CBA820.E533FB00 http://ikf-pune.blogspot.com/ cid:image005.png@01CBA820.E533FB00 image007.pngimage008.pngimage009.pngimage010.gifimage011.gif
[qmailtoaster] Re: Block exe files inside zip file
On 12/16/2011 05:15 AM, Amit wrote: Hi Everyone, Today one of my user received a virus attachment inside zip file. I just checked and found a exe file inside zip file. Exe file extension are already blocked on server but now how do I block zip files having such executable file. *Amit Dalia** * I don't know for sure if QMT scans the contents of zip files or not. It should IMO. Is this a virus that clamav would have caught if it weren't in a zip file, or is it a virus that clamav simply missed? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Block exe files inside zip file
Hi Eric, It is actually a Trojan which ClamAV missed. Amit Dalia -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, December 16, 2011 6:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Block exe files inside zip file On 12/16/2011 05:15 AM, Amit wrote: Hi Everyone, Today one of my user received a virus attachment inside zip file. I just checked and found a exe file inside zip file. Exe file extension are already blocked on server but now how do I block zip files having such executable file. *Amit Dalia** * I don't know for sure if QMT scans the contents of zip files or not. It should IMO. Is this a virus that clamav would have caught if it weren't in a zip file, or is it a virus that clamav simply missed? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Block exe files inside zip file
I see by the looks of /etc/clamd.conf that archive files are scanned by default. I presume this includes zip files. I don't know of a way to block .exe files within zip files. I don't think I'd want to do that though. I presume your clamav is current, and that freshclam is working. Can you report this to the clamav folks so that an appropriate signature is added, or has that already been done? Thanks Amit. -- -Eric 'shubes' On 12/16/2011 06:25 AM, Amit wrote: Hi Eric, It is actually a Trojan which ClamAV missed. Amit Dalia -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, December 16, 2011 6:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Block exe files inside zip file On 12/16/2011 05:15 AM, Amit wrote: Hi Everyone, Today one of my user received a virus attachment inside zip file. I just checked and found a exe file inside zip file. Exe file extension are already blocked on server but now how do I block zip files having such executable file. *Amit Dalia** * I don't know for sure if QMT scans the contents of zip files or not. It should IMO. Is this a virus that clamav would have caught if it weren't in a zip file, or is it a virus that clamav simply missed? - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Spamdyke-Stats-Report script no longer working
Casey Price wrote: I'm having a problems on one of my toasters...just updated with qtp-newmodel and now I'm having trouble with the Spamdyke-Stats-Report.pl script. It runs without error, but the email that it sends out an email without any stats: Summary Allowed:00.00% Timeout:00.00% Errors :00.00% Denied :00.00% Total :00.00% However, when I run the following command: cat /var/log/qmail/smtp/current | ./spamdyke-stats I get the following: 6998 46.77% DENIED_GRAYLISTED 5780 38.63% DENIED_RDNS_MISSING 11867.92% ALLOWED 6904.61% DENIED_RBL_MATCH --- Breakdown --- - 1541.02% DENIED_SENDER_NO_MX 1511.00% TIMEOUT 10.00% DENIED_OTHER Summary Allowed: 11867.92% Timeout: 1511.00% Errors :00.00% Denied :13623 91.06% Total :14960 100.00% Any idea why? I was having a few issues with perl modules installed from CPAN, so I went through and made sure everything was up to date. It was working fine up until a few days ago, and I'm fairly certain the only the I've changed on my end was updating QMT. Any ideas? Thanks! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal In the Spamdyke-Stats-Report.pl script, there's $ScriptRoot, $TempFile and $SMTPLogRoot. Check the rights on these to make sure they weren't changed. I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Spamdyke-Stats-Report script no longer working
Brent Gardner wrote: Casey Price wrote: I'm having a problems on one of my toasters...just updated with qtp-newmodel and now I'm having trouble with the Spamdyke-Stats-Report.pl script. It runs without error, but the email that it sends out an email without any stats: Summary Allowed:00.00% Timeout:00.00% Errors :00.00% Denied :00.00% Total :00.00% However, when I run the following command: cat /var/log/qmail/smtp/current | ./spamdyke-stats I get the following: 6998 46.77% DENIED_GRAYLISTED 5780 38.63% DENIED_RDNS_MISSING 11867.92% ALLOWED 6904.61% DENIED_RBL_MATCH --- Breakdown --- - 1541.02% DENIED_SENDER_NO_MX 1511.00% TIMEOUT 10.00% DENIED_OTHER Summary Allowed: 11867.92% Timeout: 1511.00% Errors :00.00% Denied :13623 91.06% Total :14960 100.00% Any idea why? I was having a few issues with perl modules installed from CPAN, so I went through and made sure everything was up to date. It was working fine up until a few days ago, and I'm fairly certain the only the I've changed on my end was updating QMT. Any ideas? Thanks! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal In the Spamdyke-Stats-Report.pl script, there's $ScriptRoot, $TempFile and $SMTPLogRoot. Check the rights on these to make sure they weren't changed. I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner More info: My $ScriptRoot points to /usr/share/qmt/scripts, looks like this: drwxr-xr-x 3 vpopmail vchkpw 4.0K Oct 24 10:17 scripts My $TempFile points to $ScriptRoot/tmp/spamdyke-stats-report. The /tmp/ in there looks like this: drwxr-xr-x 2 vpopmail vchkpw 4.0K Dec 16 02:00 tmp My $SMTPLogRoot points to /var/log/qmail/smtp, looks like this: drwxr-xr-x 3 qmaill qmail 4.0K Dec 6 06:56 smtp I run the Spamdyke-Stats-Report.pl as a root, crontab entry looks like this: 05 00 * * * root /usr/share/qmt/scripts/Spamdyke-Stats-Report.pl 21 /dev/null Brent Gardner - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Spamdyke-Stats-Report script no longer working
On 12/16/2011 11:25 AM, Brent Gardner wrote: I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner Brent, I'd like to know specifically what happened with this. I'm guessing it's water over the dam now though. Updating clamav-toaster (using any method) shouldn't be touching anything in /var/log/qmail/smtp/. Please let us know next time so this can be fixed if it's indeed a problem. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Spamdyke.run script
Easy question I am sure, so easy I did not want to sign up for another list (spamdyke users) just to ask. What does the entry REQUIRE_AUTH=0 mean/do in the spamdyke.run script? Does it relate at all to the filter-level in the config file? My guess is it turns smtp auth off, 1 turns it on? Are there other options? I have looked in the docs and faq and cannot find anything. Perhaps I missed it? Thx. Helmut
[qmailtoaster] Re: Spamdyke.run script
On 12/16/2011 02:44 PM, Helmut Fritz wrote: Easy question I am sure, so easy I did not want to sign up for another list (spamdyke users) just to ask. What does the entry REQUIRE_AUTH=0 mean/do in the spamdyke.run script? Does it relate at all to the filter-level in the config file? My guess is it turns smtp auth off, 1 turns it on? Are there other options? I have looked in the docs and faq and cannot find anything. Perhaps I missed it? Thx. Helmut It means that authentication is not required (but can be done, so it's not exactly disabled), which allows external domains to send mail to local (rcpthost) domains. REQUIRE_AUTH=1 means authentication is required. You'll see this setting in the submission run script. FWIW, this is not really related to spamdyke at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Spamdyke-Stats-Report script no longer working
Eric Shubert wrote: On 12/16/2011 11:25 AM, Brent Gardner wrote: I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner Brent, I'd like to know specifically what happened with this. I'm guessing it's water over the dam now though. Updating clamav-toaster (using any method) shouldn't be touching anything in /var/log/qmail/smtp/. Please let us know next time so this can be fixed if it's indeed a problem. It's probably a problem on my end, but the next time I update, I'll pay more attention. I admin my toasters using an unprivileged account and sudo. Before I knew about the nice qtp scripts that have been created to view logs, I wrote my own. I give them a date range and path to files containing log entries created by DJB products and they spit out log file entries with -MM-DD hh:mm:ss.z time stamps that I can pipe to grep or any other utility. I've grown accustomed to them so I continue to use them. It's easier to use them without sudo, so I loosen up the rights on /var/log/qmail/spamd and /var/log/qmail/smtp. So as fas as my systems go, it's probably a problem I have caused. qtp-newmodel probably resets rights on these directories to more a more secure default. Brent Gardner - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Spamdyke-Stats-Report script no longer working
On 12/16/2011 03:07 PM, Brent Gardner wrote: Eric Shubert wrote: On 12/16/2011 11:25 AM, Brent Gardner wrote: I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner Brent, I'd like to know specifically what happened with this. I'm guessing it's water over the dam now though. Updating clamav-toaster (using any method) shouldn't be touching anything in /var/log/qmail/smtp/. Please let us know next time so this can be fixed if it's indeed a problem. It's probably a problem on my end, but the next time I update, I'll pay more attention. I admin my toasters using an unprivileged account and sudo. Before I knew about the nice qtp scripts that have been created to view logs, I wrote my own. I give them a date range and path to files containing log entries created by DJB products and they spit out log file entries with -MM-DD hh:mm:ss.z time stamps that I can pipe to grep or any other utility. I've grown accustomed to them so I continue to use them. It's easier to use them without sudo, so I loosen up the rights on /var/log/qmail/spamd and /var/log/qmail/smtp. So as fas as my systems go, it's probably a problem I have caused. qtp-newmodel probably resets rights on these directories to more a more secure default. Brent Gardner - Thanks for clearing that up Brent. FWIW (to be clear), it's the package spec file which controls/sets permissions of files belonging to the various packages. qtp-newmodel doesn't do this itself, but simply builds the packages and runs the typical rpm command(s) to install the packages. Thanks again. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Spamdyke-Stats-Report script no longer working
Thanks Brent. Looks like its working now. Not exactly sure what it was I did that fixed it...but somewhere along the lines of rebuilding all the QMT packages and reinstalling Perl modules seems to have done the trick. Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal On 12/16/11 10:25 AM, Brent Gardner wrote: Casey Price wrote: I'm having a problems on one of my toasters...just updated with qtp-newmodel and now I'm having trouble with the Spamdyke-Stats-Report.pl script. It runs without error, but the email that it sends out an email without any stats: Summary Allowed:00.00% Timeout:00.00% Errors :00.00% Denied :00.00% Total :00.00% However, when I run the following command: cat /var/log/qmail/smtp/current | ./spamdyke-stats I get the following: 6998 46.77% DENIED_GRAYLISTED 5780 38.63% DENIED_RDNS_MISSING 11867.92% ALLOWED 6904.61% DENIED_RBL_MATCH --- Breakdown --- - 1541.02% DENIED_SENDER_NO_MX 1511.00% TIMEOUT 10.00% DENIED_OTHER Summary Allowed: 11867.92% Timeout: 1511.00% Errors :00.00% Denied :13623 91.06% Total :14960 100.00% Any idea why? I was having a few issues with perl modules installed from CPAN, so I went through and made sure everything was up to date. It was working fine up until a few days ago, and I'm fairly certain the only the I've changed on my end was updating QMT. Any ideas? Thanks! Casey Price Smile Global Technical Support Submit or check trouble tickets http://billing.smileglobal.com www.smileglobal.com http://www.smileglobal.com Follow us on Twitter https://twitter.com/#%21/SmileInternet Like us on Facebook https://www.facebook.com/smileglobal In the Spamdyke-Stats-Report.pl script, there's $ScriptRoot, $TempFile and $SMTPLogRoot. Check the rights on these to make sure they weren't changed. I updated clam the other day using qtp-newmodel and I had to fix rights on /var/log/qmail/smtp. Some of my scripts I was running interactively weren't working right because of this. I fixed the rights issue before the daily report jobs ran, so I don't know if they would have been affected. Brent Gardner - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com