Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

onnection > > set debugCode to: > > $Con{$fh}->{mailfrom} =~ /\@gmail\.com/ && $Con{$fh}->{SIZE} > 1024000 > > 1024000 can be larger > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <

Re: [Assp-test] infostats page request

. On Wed, Aug 3, 2016 at 1:12 PM, K Post <nntp.p...@gmail.com> wrote: > Would you consider giving us the at least the option to display the full > email address / server name in infostats if we want, instead of always > truncating them? Maybe let the words wrap if they're

[Assp-test] infostats page request

Would you consider giving us the at least the option to display the full email address / server name in infostats if we want, instead of always truncating them? Maybe let the words wrap if they're too long within the td? Makes it easier to get info from the info stats window. For example, I

Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

and it only took 35 seconds. thanks again On Tue, Aug 2, 2016 at 9:44 PM, K Post <nntp.p...@gmail.com> wrote: > scratch that Bob. I'm still closer to 1.5-2mb per minute despite the > tweaks. > > On Tue, Aug 2, 2016 at 9:36 PM, K Post <nntp.p...@gmail.com> wrote: >

Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

scratch that Bob. I'm still closer to 1.5-2mb per minute despite the tweaks. On Tue, Aug 2, 2016 at 9:36 PM, K Post <nntp.p...@gmail.com> wrote: > Thanks Thomas, but what OpenSSL should I be using? I really don't think > this is the problem, but I might as well eliminate i

Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

gt; is compiled static, means it contains all required openssl code. > > >I'd love to find the time to give this a go, > You'll find something better to do, than to compile this module on > windows. > > > Thomas > > > > > Von:K Post <nntp.p...@gmail

Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

u may use an innocent selfcert > certificate and key - create it with openssl - for a while. > BTW. assp will create such certificate and keys, if the 'assp/certs' > folder is empty at startup. :):) > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> >

Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

; Only to be complete: > Backend for the mail environment and LDAP stuff is a Domino 9.0.1FP6. > All the stuff above (and very much more) is running on a single VMWare > vSphere 5.5 ( 8x 2.66GHz 48GB / x3650M2). > Backups are done with EMC-Networker + EBR + DataDomain-VE, stored at a >

Re: [Assp-test] Inbound TLS from gmail.com addresses / servers

SCLAIMER Dolphin ICT Limited, a private > limited company, with company registration number 6206916, registered in > the United Kingdom, the registered office of which is at US15a, Armstrong > House, First Avenue, Robin Hood Airport, Doncaster, DN9 3GA VAT > registration number GB 918 1896 88.

[Assp-test] Inbound TLS from gmail.com addresses / servers

I originally thought that we had a problem with all TLS inbound email. As it turns out, my conclusion appears to have been wrong. - There are some SLOW servers outside that are just plain slow (nothing I can do there), - TLS seems to work reasonably fast with most inbound mail, though

Re: [Assp-test] Perl Versions

iveState Perl 5.22 and 5.24 will be not useable. But StrawberryPerl can > be used, because the gcc and many header files are included there - so the > missing modules can be compiled with this Perl. > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com&

Re: [Assp-test] Perl Versions

Correction, ActiveState DOES allow for 5.22.2.220 to be downloaded (missed that) - so my same questions apply. Is are all of the modules available for Windows for 5.22? On Wed, Jul 20, 2016 at 11:30 PM, K Post <nntp.p...@gmail.com> wrote: > In one of my other threads, it was

Re: [Assp-test] Perl Versions

Correction, ActiveState DOES allow for 5.22.2.220 to be downloaded (missed that) - so my same questions apply. Are all of the modules available for 5.22 windows? On Wed, Jul 20, 2016 at 11:30 PM, K Post <nntp.p...@gmail.com> wrote: > In one of my other threads, it was mentioned th

[Assp-test] Perl Versions

In one of my other threads, it was mentioned that Thomas said (somewhere) that perl 5.22 and 5.24 are "possible." Is this true?? Thomas, I see the readme says: version 2.5.2 build (16177) requires at least Perl 5.10 recommended is at least Perl 5.16.3 (5.016003) best run is on Perl 5.20.x for

Re: [Assp-test] Very slow TLS sessions - Windows server

Any more thoughts on this? I'm stuck. THANKS! On Fri, Jun 10, 2016 at 2:57 PM, K Post <nntp.p...@gmail.com> wrote: > another thing to note, having restarted a couple of days ago with TLS off, > I see in the infostats GUI average CPU usage at 5%. > After updating with PPM, I did a

Re: [Assp-test] VB: Very slow TLS sessions - Windows server

> > Install 2.5.2(16158) > set 'TCPBufferSize' to : sslrcv = 0, sslsnd = 0 > > tell me if TLS speed is better or not > > > set 'TCPBufferSize' to : tcprcv = 1024000 , tcpsnd = 1024000 ,sslrcv = > 1024000, sslsnd = 1024000 > > are there any performance

Re: [Assp-test] Very slow TLS sessions - Windows server

obviously). Can you explain what that server > could be doing to slow down TLS sessions to ASSP? > > I'm really at a loss here. Keeping TLS off isn't a real option, but > turning it on with this speed isn't realistic. Thanks all for your input! > > On Fri, Jun 10, 2016 at 2:43 AM, Grayhat

Re: [Assp-test] Very slow TLS sessions - Windows server

t 2:43 AM, Grayhat <gray...@gmx.net> wrote: > :: On Thu, 9 Jun 2016 12:37:26 -0400 > :: <CALhpkAnBjGc9rn+JhT2Oe2SK4hrVhkEQG928s5V=bed7p+e...@mail.gmail.com> > :: K Post <nntp.p...@gmail.com> wrote: > > > Windows 2012 R2 > > the certificate is a 2048 bit RS

Re: [Assp-test] Very slow TLS sessions - Windows server

fer is empty. > > Setting the TCP-buffer size in assp lower than the system buffer size > will > > lead in to a performance penalty. > > Setting the SSL- buffer size in assp above 16KB may lead into > > renegotiation problems (SSL want a read/write first) - 16KB is a safe

Re: [Assp-test] Very slow TLS sessions - Windows server

and no, no other AV on the machine. On Thu, Jun 9, 2016 at 11:31 AM, Grayhat wrote: > :: On Thu, 9 Jun 2016 17:27:28 +0200 > :: <20160609172728.0...@gmx.net> > :: Grayhat wrote: > > > also, what OS are you running on ? > > I mean windows version, btw;

Re: [Assp-test] Very slow TLS sessions - Windows server

Also, I tried setting all to 8192 and got lots of messages in the log like warning: there are 7268 byte pending in SSL buffer - this should not happen Turned tls off again for now. On Thu, Jun 9, 2016 at 10:52 AM, K Post <nntp.p...@gmail.com> wrote: > Updated to the newest version. &

Re: [Assp-test] Very slow TLS sessions - Windows server

: sslrcv = 0, sslsnd = 0 > > tell me if TLS speed is better or not > > > set 'TCPBufferSize' to : tcprcv = 1024000 , tcpsnd = 1024000 ,sslrcv = > 1024000, sslsnd = 1024000 > > are there any performance improvements? > > Thomas > > > > Von:K Post <nnt

Re: [Assp-test] Very slow TLS sessions - Windows server

at 12:25 PM, K Post <nntp.p...@gmail.com> wrote: > also, with DoTLS set to drop, the WebUI is 500% faster. Doing searches in > maillog returns results like a dream! > > On Wed, Jun 1, 2016 at 12:11 PM, K Post <nntp.p...@gmail.com> wrote: > >> Running 16142, thoug

Re: [Assp-test] Very slow TLS sessions - Windows server

also, with DoTLS set to drop, the WebUI is 500% faster. Doing searches in maillog returns results like a dream! On Wed, Jun 1, 2016 at 12:11 PM, K Post <nntp.p...@gmail.com> wrote: > Running 16142, though I suspect this problem has been going on for a while > now. > Wind

Re: [Assp-test] SSL Proxy and TLS support

sorry, wrong thread. On Wed, Jun 1, 2016 at 12:24 PM, K Post <nntp.p...@gmail.com> wrote: > also, with DoTLS set to drop, the WebUI is 500% faster. Doing searches in > maillog returns results like a dream! > > On Thu, May 26, 2016 at 6:33 AM, Martin Voßloh <martin.vos

Re: [Assp-test] SSL Proxy and TLS support

also, with DoTLS set to drop, the WebUI is 500% faster. Doing searches in maillog returns results like a dream! On Thu, May 26, 2016 at 6:33 AM, Martin Voßloh wrote: > (BanFailedSSLIP) > (noBanFailedSSLIP) > > Hello, > > I only have trouble with some big senders and

[Assp-test] Very slow TLS sessions - Windows server

Running 16142, though I suspect this problem has been going on for a while now. Windows. I just discovered that large inbound emails (bit attachments say over 10mb) that use TLS connections are taking forever to complete. For example, a 13mb email from a gmail.com address (and confirm coming

Re: [Assp-test] urgent please help - DKIMgen (stuck)

Restarting ASSP seemed to resolve it. Haven't ever seen that before and I'm fine writing it off as an anomaly,but any idea as to what could ahve cased that? On Wed, Jun 1, 2016 at 10:25 AM, K Post <nntp.p...@gmail.com> wrote: > out of the blue, workers are getting stuck with > DK

[Assp-test] urgent please help - DKIMgen (stuck)

out of the blue, workers are getting stuck with DKIMgen (stuck) Don't know what to do. -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users,

Re: [Assp-test] preHeaderRe not working as expected, Chinese hack attempts HEAD /favicon.ico HTTP/1.0

lyzer was switched on > - assp crashes several times because of misbehaved SMTP sessions or > content > - the crashAnalyzer has analyzed the misbehaved SMTP sessions or content > and gives an advice to configure preHeaderRe > > 'MaxErrors' is the right way to penalize this misbehavi

Re: [Assp-test] preHeaderRe not working as expected, Chinese hack attempts HEAD /favicon.ico HTTP/1.0

score this misbehavior, let the client do the wrong things and catch > the misbehavior with 'MaxErrors'. > > Thomas > > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> >

[Assp-test] preHeaderRe not working as expected, Chinese hack attempts HEAD /favicon.ico HTTP/1.0

We're getting TONS of requests, all from Chinese IP's sending HEAD /favicon.ico HTTP/1.0 close (and a blank line) through ASSP. Essentially, our server says helo, their server responds with the "head" line above, we say that's not valid, they say close, we say, that's not valid, they send a

Re: [Assp-test] 7-zip vulnerability

ive::XS to > prevent assp from calling system executables. > > Thomas > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 15.05.2016 01:32 > Betreff:Re: [Assp-test] 7-zip vulnerabili

Re: [Assp-test] 7-zip vulnerability

ideo, DVD-Audio or HFS+ emailed. > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 13.05.2016 17:55 > Betreff:[Assp-test] 7-zip vulnerability >

[Assp-test] 7-zip vulnerability

I always worry when software calls other software Now that ASSP supports 7-zip, what can we do to insure we're protected? http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html Is it just a matter of waiting for the libraries to be updated?

[Assp-test] Still getting some (but not as many) can't find name server registration for legit domains

One of your recent released GREATLY reduced the number of warnings about bad sender domains, but we still get a bunch, always from different counties across the US. For example *Warning: can't find a name server registration for the sender domain 'co.pg.md.us ' - all DNS

Re: [Assp-test] Big Request: Virus notification for outbound only??

For those of you following this thread, implemented in 16130 THANK YOU THOMAS! On Sat, Apr 30, 2016 at 1:24 PM, K Post <nntp.p...@gmail.com> wrote: > We're getting a lot of inbound viruses (and heuritstic detections of spam) > caught by clamav. This suddenly started working a cou

[Assp-test] ImageMagick vulnerability

Just a heads up, ImageMagick has a pretty significant vulnerability. Would be hard to exploit on ASSP, but imagine that it's possible. Thoughts? https://www.us-cert.gov/ncas/current-activity/2016/05/04/ImageMagick-Vulnerability more info

[Assp-test] Big Request: Virus notification for outbound only??

We're getting a lot of inbound viruses (and heuritstic detections of spam) caught by clamav. This suddenly started working a couple versions of ASSP/AFC ago. So nice to have this working! It's at the point where having EmailVirusToReport enabled is no longer reasonable. I'm getting hundreds of

Re: [Assp-test] [request] AFC and rar archives

Sane/Clam AV is reporting rar's being used... http://sanesecurity.blogspot.com/2016/03/locky-javascript-malware-that-arrives.html On Thu, Apr 28, 2016 at 9:09 AM, aquilinux wrote: > > > > in practice, I don't know if it may be worth > > > i bet this will be the next virus

Re: [Assp-test] Warning: Main_Thread found socket without SocketCalls - please report!

found socket without SocketCalls! often I'll get this 2 or 3 times in a row. On Tue, Apr 19, 2016 at 12:03 PM, K Post <nntp.p...@gmail.com> wrote: > Thanks for replying Thomas. . > > It doesn't look like there was high load on the system or anything wonky > with the network,

Re: [Assp-test] fixes in assp 2.5.2 build 16117

Eckardt <thomas.ecka...@thockar.com> wrote: > >Do you know when the 'DoDKIM' error was introduced? > > this was possibly build 16089. > > >And on the low port restriction, on a Windows system > > low port restriction on Windows for the 'system' account ??? > >

Re: [Assp-test] fixes in assp 2.5.2 build 16117

And commas in the byte count in the smtp sessions window. THANK YOU. So much easier to read. On Tue, Apr 26, 2016 at 9:15 PM, K Post <nntp.p...@gmail.com> wrote: > Do you know when the 'DoDKIM' error was introduced? > > And on the low port restriction, on a Windows system wi

Re: [Assp-test] microsoft.com and w3.org detected in URI scan

Makes perfect sense - thanks On Thu, Apr 21, 2016 at 2:02 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > 'URIBLwhitelist' can be used. > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list

[Assp-test] microsoft.com and w3.org detected in URI scan

Outlook likes to put something like: http://schemas.microsoft.com/office/2004/12/omml; xmlns=" http://www.w3.org/TR/REC-html40;> on its HTML emails. I've noticed that X-ASSP-Detected-URI shows microsoft.com and w3.org for all of these emails, as you'd expect. Does it matter? Any point in

Re: [Assp-test] Request for shutdown list (SMTP Connections)

Good point, though the USA is the only place that matters :-) The comma thing is really insignificant. On Wed, Apr 20, 2016 at 1:47 PM, Robert K Coffman Jr. -Info From Data Corp. wrote: > > And while you're at it, could you add commas to separate every set of 3 >

[Assp-test] Request for shutdown list (SMTP Connections)

Is there any chance that you'd be willing to right align the bytes and duration columns of the SMTP Connection screen? And while you're at it, could you add commas to separate every set of 3 digits to improve readability? Thanks!

Re: [Assp-test] Warning: Main_Thread found socket without SocketCalls - please report!

sult - which leads in to the warning one time. > > Under normal conditions the MaillogTail with a 'tail bytes' setting of > 10.000 takes not longer than three seconds.. > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing li

[Assp-test] Warning: Main_Thread found socket without SocketCalls - please report!

Reporting, because it said to... I see this on occasion when I click on maillog from the main assp admin screen. Maillog eventually comes up, but can take 20+ seconds. Machine seems plenty fast, lots of ram. Maillog has always been slow to load though. Apr-19-16 10:33:55 Error: Worker_4

Re: [Assp-test] 16106 Virus Detected: 'Heuristics.Phishing.Email.SpoofedDomain'

that in Outlook, only the from shows up. Subject is blank, which makes it hard to spot these. On Sun, Apr 17, 2016 at 11:53 AM, K Post <nntp.p...@gmail.com> wrote: > Thanks for chiming in Robert. I had previously looked tat that info > page. What I'm trying to figure out is if somet

Re: [Assp-test] 16106 Virus Detected: 'Heuristics.Phishing.Email.SpoofedDomain'

Thanks for chiming in Robert. I had previously looked tat that info page. What I'm trying to figure out is if something changed in one of the last couple of releases of ASSP that could be causing these false positives now. And I don't understand why they would be delivered to the end user if

Re: [Assp-test] 16106 Virus Detected: 'Heuristics.Phishing.Email.SpoofedDomain'

to do with anything. Thanks On Sat, Apr 16, 2016 at 1:19 PM, K Post <nntp.p...@gmail.com> wrote: > We've seen several rejected emails since 16106 listing: Virus Detected: > 'Heuristics.Phishing.Email.SpoofedDomain' > > These have been all legitimate emails from Citibank.

[Assp-test] 16106 Virus Detected: 'Heuristics.Phishing.Email.SpoofedDomain'

We've seen several rejected emails since 16106 listing: Virus Detected: 'Heuristics.Phishing.Email.SpoofedDomain' These have been all legitimate emails from Citibank. I don't know why ClamAV is suddenly catching these erroneously. Previously, Citibank emails the sent using the same method have

Re: [Assp-test] RFC 1480 Locality Domains Re: can't find a name server registration

> host (co.delaware.pa.us) > > the logic of assp: > > Because (pa.us) is a TLD and (delaware.pa.us) is not a TLD , ( > > delaware.pa.us) must be a registered user domain and > > (co.delaware.pa.us) > > must be a host. > > > > I'll try to workaround this. But f

Re: [Assp-test] can't find a name server registration

workaround this. But first I'll ask IANA and will force them > to close the .us TLD but at least the pa.us domain :):) > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum:

Re: [Assp-test] can't find a name server registration

AIN' - (any > other error is ignored by assp) > > If the answer for 'co.county.state.us' is 'NXDOMAIN', you should check > your name server. It should never answer with 'NXDOMAIN' in case of a > timeout! > > Thomas > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP d

Re: [Assp-test] can't find a name server registration

t; > ASSP is smart and ask for 'ANY' DNS registration for the domainpart of the > sender address - no entry -> no luck! > > disable 'DoRFC822' if this is not working for you > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP de

Re: [Assp-test] can't find a name server registration

, but shouldn't ASSP be looking for a name server registration for navy.mil <http://navy.mil> and not the full hostname? *I don't know, I'm asking. Just seems odd that the only time I get these warnings are for hostnames with more than just 2 parts. Thanks On Tue, Feb 23, 2016 at 12:44 PM, K Post &

Re: [Assp-test] Max Number Duplicate File Names

or spam > and notspam of the Bayesian and HMM engine - for 100.000 incoming mails. > The detection rate before the event occured was 99,0% spam-detection with > no false positives for the Bayesian and HMM engine (only!) > > assumed distribution of real spam / notspam > > 95.00

Re: [Assp-test] Max Number Duplicate File Names

. > > Now - reading this you must come to a conclusion - 'MaxAllowedDups' is > NONSENSE - and YES you are right - SWITCH IT OFF! > > Thomas > > > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@list

Re: [Assp-test] Max Number Duplicate File Names

t; basic concepts of HMM and bayes. > > >I know that we must be missing something significant. > > Yes - the concept! > > You waste my time Ken. > > Thomas > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@

Re: [Assp-test] Max Number Duplicate File Names

ust can't understand how making every effort to insure that our notspam corpus remains diverse doesn't make sense. Thanks again. Hope we can continue this discussion. On Mon, Mar 14, 2016 at 5:28 PM, K Post <nntp.p...@gmail.com> wrote: > On of our staff inadvertently sent about 3400 of the

Re: [Assp-test] fixes in assp 2.5.2 build 16080

estion - what should be done with mails that > reaches the 'MaxAllowedHamDups' without breaking any concept and without > creating a new folder (which breaks several concepts)? > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP develop

Re: [Assp-test] fixes in assp 2.5.2 build 16080

ore aggressive to follow the configuration of > 'MaxAllowedDups'. > > >I'm guessing this is based on our discussions about not > keeping dups of notspam too... > > No. > > Thomas > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing

Re: [Assp-test] fixes in assp 2.5.2 build 16080

ooh lala. Appetite wet for all of these changes. Are the 'MaxAllowedDups' changes listed in the GUI? I'm guessing this is based on our discussions about not keeping dups of notspam too... Thanks for the quick work. On Sun, Mar 20, 2016 at 9:25 AM, Thomas Eckardt

Re: [Assp-test] Bad DNSBL detection

ected in the next release > > Thank you > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 19.03.2016 23:22 > Betreff:[Assp-test] Bad DNSBL detection >

Re: [Assp-test] Virus detected

txt' > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 15.03.2016 20:40 > Betreff:Re: [Assp-test] Virus detected > > > > It was on, but tried with i

[Assp-test] Bad DNSBL detection

Saw an email get rejected due to a hit on DNSBL. It was from a legit user using Comcast's (major ISP here in the US) webmail system. All of the received lines were fine, and the home cable modem's address was not listed there. However, there was a line below the received lines like this:

[Assp-test] ASSP as smarthost - reverse DNS

I don't think this is an ASSP problem, but wanted to make sure as I'm at the end of my rope on this. Regular inbound messages are fine. As long as the helo matches reverse DNS, then the received line is like Received: from whatever.outside.com (1.2.3.4 helo=whatever.outside.com). If the

Re: [Assp-test] ASSP as smarthost - reverse DNS

? On Wed, Mar 16, 2016 at 12:21 PM, K Post <nntp.p...@gmail.com> wrote: > I don't think this is an ASSP problem, but wanted to make sure as I'm at > the end of my rope on this. > > Regular inbound messages are fine. As long as the helo matches reverse > DNS, then the

Re: [Assp-test] ASSP as smarthost - reverse DNS

PM, Thomas Eckardt wrote: > >> ? > > > > > >> On Wed, Mar 16, 2016 at 12:21 PM, K Post <nntp.p...@gmail.com> wrote: > > > > This useless post was ignored by me - but now I can't any longer - > > I'sorry. > > > > reverse DNS for privat h

Re: [Assp-test] Virus detected

wrote: > What is your setting of 'EmailVirusReportsHeader'? > Try the opposit setting - does it work? > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 14

Re: [Assp-test] Virus detected

Even with 16074 and the latest ASSP_AFC, if I have my email address in EmailVirusReportsTo, I DO get the report, but the subject line and to line are blank blank. Looking at the header of the notification email, there doesn't appear to be a to or subject line.

Re: [Assp-test] Attachment blocking and ClamAV suspicious only

at 11:47 AM, K Post <nntp.p...@gmail.com> wrote: > EXCELLENT- didn't see suspicious virus setting. THanks > > On Sun, Mar 13, 2016 at 6:49 AM, Thomas Eckardt < > thomas.ecka...@thockar.com> wrote: > >> >Is there a way to tell ClamAV or ASSP to reject even

Re: [Assp-test] fixes in assp 2.4.8 build 16074

R record via DNS: status=no PTR • RWLcheck returned OK for : status=unknown On Mon, Mar 14, 2016 at 1:53 PM, K Post <nntp.p...@gmail.com> wrote: > can't wait to try this! THANK YOU. > > On Mon, Mar 14, 2016 at 1:42 PM, Thomas Eckardt < > thomas.ecka...@thockar.com> wro

Re: [Assp-test] Max Number Duplicate File Names

3400 were in notspam. So, could we, and does it make sense, to keep discussing this? On Thu, Mar 10, 2016 at 1:47 PM, K Post <nntp.p...@gmail.com> wrote: > Isn't that exact same logic an argument for having the maximum number of > duplicate subjects apply to the HAM / notspam folde

Re: [Assp-test] fixes in assp 2.4.8 build 16074

can't wait to try this! THANK YOU. On Mon, Mar 14, 2016 at 1:42 PM, Thomas Eckardt wrote: > Hi all, > > fixed in assp 2.4.8 build 16074: > > added: > > - the Perl module Email::MIME is currently not able to process (decode) > RFC2231 encoded MIME-header-lines like >

Re: [Assp-test] ASSP Outlook Ribbon Shortcuts 2013

sent over - the file in the corpus is fine though - has been this way for a long time) On Sun, Mar 13, 2016 at 4:29 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > contact the author > > http://assp.sourceforge.net/forum/viewtopic.php?f=8=2795 > > Thomas > > &

Re: [Assp-test] Attachment blocking and ClamAV suspicious only

ult is > processes by assp. > > 'vsValencePB' > > RTMF: > > 'SuspiciousVirus' It is possible to weight such results. . > > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lis

Re: [Assp-test] Attachment blocking and ClamAV suspicious only

way around) allow the file through?? On Sat, Mar 12, 2016 at 2:14 PM, K Post <nntp.p...@gmail.com> wrote: > 2 questions: > > 1) I've been doing some ClamAV testing. It mostly works, but I've also > seen: > [VIRUS][scoring] 149.202.232.193 <securitych...@emailsecurit

[Assp-test] Attachment blocking and ClamAV suspicious only

2 questions: 1) I've been doing some ClamAV testing. It mostly works, but I've also seen: [VIRUS][scoring] 149.202.232.193 to: virust...@ourdomain.org 'Eicar-Test-Signature' passing the virus check because of only suspicious virus 'Eicar' Is there a way to

[Assp-test] ASSP Outlook Ribbon Shortcuts 2013

Saw the Outlook module code that is posted as SF. I haven't tried it yet, but should we be forwarding as an attachment to send all of the headers? -- Transform Data into Opportunity. Accelerate data analysis in your

Re: [Assp-test] Conditional DNS Forwarders

-bump- On Tue, Mar 8, 2016 at 10:12 AM, K Post <nntp.p...@gmail.com> wrote: > Another thought: Would it make any sense for ASSP to have 2 sets of DNS > servers, with the second set (optional) being used for those services that > would not work well with a dns server that for

Re: [Assp-test] Max Number Duplicate File Names

t; > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 10.03.2016 16:58 > Betreff:Re: [Assp-test] Max Number Duplicate File Names > > > > I know you'r

Re: [Assp-test] ASSP_AFC Priority

Eckardt <thomas.ecka...@thockar.com> wrote: > >located at c:/assp/Plugins/ASSP_AFC.pm > >located at c:/assp//Plugins/ASSP_AFC.pm > > This will be fixed in the next release. > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com&

Re: [Assp-test] Max Number Duplicate File Names

sh is better, if you translate it > back to english. > > Thomas > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 10.03.2016 00:29 > Betreff:[Assp-test] Max Number Duplicate Fil

[Assp-test] Max Number Duplicate File Names

I've got UseSubjectAsMaillogNames checked (the messages are stored in the folders user the subject name followed by a 6 digit number as expected) I've got MaxAllowedDups set to 3 MaxBayesFileAge is 0 MaxFiles is 15000 I'm noticing that MaxAllowedDups doesn't seem to be working. For example, a

[Assp-test] ASSP_AFC Priority

The only plugin I use is the ASSP_AFC plugin. I had the priority set to the default of 6. I just got this warning: Mar-09-16 17:20:07 ERROR: runlevel 'complete mail' - priority 8, requested by Plugin 'ASSP_AFC' (located at c:/assp/Plugins/ASSP_AFC.pm), is already occupied by Plugin 'ASSP_AFC'

Re: [Assp-test] Conditional DNS Forwarders

:59 PM, K Post <nntp.p...@gmail.com> wrote: > I know that running ASSP pointing to dns servers that use forwarding is > HIGHLY discouraged, and I understand why. > > For performance reasons, I'd like to start using forwarders on our 3 > internal dns servers (the same servers th

[Assp-test] Conditional DNS Forwarders

I know that running ASSP pointing to dns servers that use forwarding is HIGHLY discouraged, and I understand why. For performance reasons, I'd like to start using forwarders on our 3 internal dns servers (the same servers that ASSP uses). Other than for ASSP, forwarders would be quite

[Assp-test] Warning: Main_Thread found socket without SocketCalls - please report!

Went to load up the GUI and it was very slow and ultimately timed out. I then saw this: Mar-07-16 16:43:16 Warning: Main_Thread found socket without SocketCalls - please report! So I'm reporting as requested. v. 16060 on windows

[Assp-test] warning: try to terminate inactive/stuck Worker_

Since whatever version was before 16036, and still with 16060, I'm seeing messages like *warning: try to terminate inactive/stuck Worker_3*a couple of times a day. It was pretty bad with the version before 16036, but is much better with 16060. Info: Loop in Worker_3 was not active for 181

Re: [Assp-test] OpenSSL 1.0.2g - update to Net:SSLeay?

::ssleay (really the DLL that goes with it). On Wed, Mar 2, 2016 at 11:28 AM, K Post <nntp.p...@gmail.com> wrote: > > Back in January, I was able to get ASSP on my Windows machine to report > OpenSSL 1.0.2c by removing Net:SSLeay and reinstalling it using > ActiveState's ppm. >

[Assp-test] OpenSSL 1.0.2g - update to Net:SSLeay?

Back in January, I was able to get ASSP on my Windows machine to report OpenSSL 1.0.2c by removing Net:SSLeay and reinstalling it using ActiveState's ppm. Overnight, OpenSSL released 1.0.2g which plugs the DROWN vulnerability. In previous discussions, I've been told that Net::SSLeay installs

Re: [Assp-test] can't find a name server registration

and co.delaware.pa.us Thomas, any ideas? On Mon, Feb 1, 2016 at 3:47 PM, K Post <nntp.p...@gmail.com> wrote: > At least it's not just me. > > James - FYI, you definitely don't want to use public DNS servers for ASSP > - too slow and more importantly you could have trouble with things like > D

Re: [Assp-test] Unexpected SEGV - v16036, Line 38599

about 24 hours after completely blanking that whitere file, the problems remain gone. GREAT. I still don't understand why that would have all of a sudden started the problem, but it's resolved I guess... On Sun, Feb 21, 2016 at 10:58 AM, K Post <nntp.p...@gmail.com> wrote: >

Re: [Assp-test] Unexpected SEGV - v16036, Line 38599

sses. > And write them a bitterly angry email - that they should provide an SPF > record. > > Thomas > > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 21.02.2016 1

Re: [Assp-test] Unexpected SEGV - v16036, Line 38599

When I go to Worker Status, I see most of the workers showing: ThreadGetNewCon On Sun, Feb 21, 2016 at 9:53 AM, K Post <nntp.p...@gmail.com> wrote: > I've got WhiteRe in a file. > > It's: > > Google Alert - victim(?:s)(?:')? help > Google Alert - human trafficing >

Re: [Assp-test] Unexpected SEGV - v16036, Line 38599

ine 38599 is checking the mail body against 'whiteRe' - so what is your > config value for this? > > Thomas > > > > > Von:K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 21.02.2016 02:45 >

Re: [Assp-test] Unexpected SEGV - v16036, Line 38599

for clarification, the the SEGV error hits, I see more than 100 of them in the same second in the log On Sat, Feb 20, 2016 at 8:44 PM, K Post <nntp.p...@gmail.com> wrote: > My 16036 installation, windows, all modules up to date is throwing this > warning over and over: >

<    1   2   3   4   5   6   7   8   9   10   >