On 25 Feb 2015, at 17:15, Yves Goergen wrote:
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an
From: Axb axb.li...@gmail.com
Sent: Wednesday, February 25, 2015 4:32 AM
To: users@spamassassin.apache.org
Subject: Re: Lots of Polish spam
On 02/25/2015 01:42 AM, Alex Regan wrote:
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um 00
On Tue, 24 Feb 2015 23:06:02 +0100
Yves Goergen nospam.l...@unclassified.de wrote:
If the mail server now blocks all .exe in .zip without
actually scanning the contents, they're going to complain.
At some point, you need to be firm and take care of your users'
security. We run a commercial
On Feb 24, 2015, at 3:49 PM, Axb axb.li...@gmail.com wrote:
On 02/24/2015 11:39 PM, LuKreme wrote:
On Feb 24, 2015, at 15:24, Axb axb.li...@gmail.com wrote:
*.pdf.zip is a dangerous one to block on sight - FP risk is huge
Really? I've never seen a .pdf.zip that was legitimate.
KDE:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an inherently untrustworthy transport medium. Any sort of
executable received via email that is
On 2015-02-25 12:18, David F. Skoll wrote:
On Tue, 24 Feb 2015 23:06:02 +0100
Yves Goergen nospam.l...@unclassified.de wrote:
If the mail server now blocks all .exe in .zip without
actually scanning the contents, they're going to complain.
...
So far, no major complaints. The few who really
On 2015-02-25 11:42, Bill Cole wrote:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
I second this. Either go all the way, or don't do it, it's worse to
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an inherently untrustworthy transport medium. Any sort of
Am 25.02.2015 um 23:04 schrieb Dave Warren:
I second this. Either go all the way, or don't do it, it's worse to
leave users with a false sense of security. A mentality of The virus
scanner says it's safe, so it won't do any harm is exceedingly dangerous.
The virus scanner doesn't say anything
Am 25.02.2015 um 23:15 schrieb Yves Goergen:
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an
Am 25.02.2015 um 23:04 schrieb Dave Warren:
On 2015-02-25 12:18, David F. Skoll wrote:
So far, no major complaints. The few who really need to send such files
rename them to .ex_ before zipping them up. We have a fairly large
userbase (more than 140,000) so I think we would have heard lots of
Am 25.02.2015 um 23:23 schrieb Yves Goergen:
Am 25.02.2015 um 23:04 schrieb Dave Warren:
I second this. Either go all the way, or don't do it, it's worse to
leave users with a false sense of security. A mentality of The virus
scanner says it's safe, so it won't do any harm is exceedingly
25, 2015 1:28 PM
To: Dave Warren; users@spamassassin.apache.org
Subject: Re: Blocking .exe in zips (was Re: Lots of Polish spam)
Am 25.02.2015 um 23:04 schrieb Dave Warren:
On 2015-02-25 12:18, David F. Skoll wrote:
So far, no major complaints. The few who really need to send such
files
From: Yves Goergen nospam.l...@unclassified.de
Sent: Wednesday, February 25, 2015 4:15 PM
To: users@spamassassin.apache.org
Subject: Re: Lots of Polish spam
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't
On 2015-02-25 14:23, Yves Goergen wrote:
Am 25.02.2015 um 23:04 schrieb Dave Warren:
I second this. Either go all the way, or don't do it, it's worse to
leave users with a false sense of security. A mentality of The virus
scanner says it's safe, so it won't do any harm is exceedingly
On 02/25/2015 01:42 AM, Alex Regan wrote:
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um 00:56 schrieb Alex Regan:
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better.
W dniu 2015-02-24 o 19:22, Yves Goergen pisze:
Am 24.02.2015 um 19:00 schrieb Jeremy McSpadden:
Your better off to implement RBL at SMTP time, not SA. IMO
Which MTA are you using ?
Exim. But why should I do that? See my other message in this thread.
RBLs make mistakes. But then, only one of
On 02/24/2015 09:28 PM, Yves Goergen wrote:
Am 24.02.2015 um 19:56 schrieb Axb:
- Please post missed spam samples in pastebin.com - do not post samples
to mailing lists
It's too many to process them individually in pastebin. Here's an
archive with ~60 messages in files:
On 02/24/2015 10:32 PM, Kris Deugau wrote:
Yves Goergen wrote:
Hello,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters
Yves Goergen wrote:
Hello,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language. Some messages have
Am 24.02.2015 um 19:56 schrieb Axb:
- Please post missed spam samples in pastebin.com - do not post samples
to mailing lists
It's too many to process them individually in pastebin. Here's an
archive with ~60 messages in files:
Hi,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language. Some messages have a .pl domain as
sender
On Tue, 24 Feb 2015, Yves Goergen wrote:
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling me, I
don't understand a single word.
SpamAssassin doesn't seem to be too successful in filtering them out
On 02/24/2015 06:35 PM, Yves Goergen wrote:
Hello,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language
Hello,
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language. Some messages have a .pl domain as
sender
, 2015, at 11:35 AM, Yves Goergen
nospam.l...@unclassified.demailto:nospam.l...@unclassified.de wrote:
Hello,
for a few months I'm getting lots of Polish spam to one of my e-mail addresses,
sometimes a dozen per day. I have no idea what it's telling me, I don't
understand a single word. I just
Am 24.02.2015 um 18:39 schrieb Jeremy McSpadden:
Usually scores are 6 low 10 high. Are you running any RBLs ?
I have the default settings plus the attached custom configuration.
There are several RBLs among them.
--
Yves Goergen
http://unclassified.software
# BAYES
Am 24.02.2015 um 18:58 schrieb Yves Goergen:
Am 24.02.2015 um 18:39 schrieb Jeremy McSpadden:
Usually scores are 6 low 10 high. Are you running any RBLs ?
I have the default settings plus the attached custom configuration.
There are several RBLs among them
RBL's long before the
Am 24.02.2015 um 19:00 schrieb Jeremy McSpadden:
Your better off to implement RBL at SMTP time, not SA. IMO
Which MTA are you using ?
Exim. But why should I do that? See my other message in this thread.
RBLs make mistakes. But then, only one of them makes the mistake, not all.
Are RBLs the
Am 24.02.2015 um 19:15 schrieb Yves Goergen:
Am 24.02.2015 um 19:02 schrieb Reindl Harald:
RBL's long before the contentfilter!
Do you mean to reject messages as soon as a single RBL triggers it?
That's definitely not what I want to do! I've had way too much trouble
with others doing that.
Am 24.02.2015 um 19:02 schrieb Reindl Harald:
RBL's long before the contentfilter!
Do you mean to reject messages as soon as a single RBL triggers it?
That's definitely not what I want to do! I've had way too much trouble
with others doing that. RBLs get points and the score decides. Never
W dniu 2015-02-24 o 19:56, Axb pisze:
[...]
- Please post missed spam samples in pastebin.com - do not post samples
to mailing lists
Yes, please share it, I'll take a look what kind of spamt it is.
Am 24.02.2015 um 22:00 schrieb Axb:
On 02/24/2015 09:28 PM, Yves Goergen wrote:
https://drive.google.com/file/d/0B8CN0ghdY1SdSzBqdkswRUdOb0U/view
ZIP password: spam
(Google thinks there's a virus in it so I needed to encrypt it.)
didn't need a password to extract but... whatever format those
Am 24.02.2015 um 22:49 schrieb Alex Regan:
for a few months I'm getting lots of Polish spam to one of my e-mail
addresses, sometimes a dozen per day. I have no idea what it's telling
me, I don't understand a single word. I just recognise characteristic
characters to know the language. Some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 24-02-15 22:56, Yves Goergen wrote:
Am 24.02.2015 um 22:00 schrieb Axb:
On 02/24/2015 09:28 PM, Yves Goergen wrote:
https://drive.google.com/file/d/0B8CN0ghdY1SdSzBqdkswRUdOb0U/view
ZIP password: spam
(Google thinks there's a virus in it
On Tue, 24 Feb 2015, Alex Regan wrote:
Does anyone know/think it would be a good idea to add .pdf.zip to the mime
types reject list? Has anyone seen a real example that wasn't a virus?
Pretty much *any* double-extension filename is suspect.
--
John Hardin KA7OHZ
On Tue, 24 Feb 2015 22:56:08 +0100
Yves Goergen wrote:
Am 24.02.2015 um 22:00 schrieb Axb:
I'd definitely suggest you enable the Spamhaus SURBL rules.
They have strange TOS that actually forbid using them for more than a
single mailbox. Otherwise you need to pay for it.
That's not
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um 00:56 schrieb Alex Regan:
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better. Can you recommend a antivirus
other than
Am 24.02.2015 um 22:56 schrieb Yves Goergen:
Last but not least, get your Bayes setup running and it will give you
the extra edge.
I once had Bayes enabled, but since it's an unattended server system, it
can only learn from itself. And that had worked really bad in the past.
So I disabled it
Am 24.02.2015 um 23:18 schrieb John Hardin:
On Tue, 24 Feb 2015, Alex Regan wrote:
Does anyone know/think it would be a good idea to add .pdf.zip to
the mime types reject list? Has anyone seen a real example that wasn't
a virus?
Pretty much *any* double-extension filename is suspect
on
On Feb 24, 2015, at 15:24, Axb axb.li...@gmail.com wrote:
*.pdf.zip is a dangerous one to block on sight - FP risk is huge
Really? I've never seen a .pdf.zip that was legitimate.
On February 24, 2015 11:06:31 PM Yves Goergen nospam.l...@unclassified.de
wrote:
From the description, they only block by file name pattern. I can't
block all archives with executable files in them. People need to send
those files from time to time. And they know that a plain attached .exe
Axb wrote:
didn't need a password to extract but... whatever format those .eml
are in, none of text editors was able to handle them so that didn't
help.
$ mkdir Spam; cd Spam
$ 7z e -pspam ../Spam.zip
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not
Hi,
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better. Can you recommend a antivirus
other than Sophos that works well with Linux/Fedora?
Sophos is a no-go with Fedora, apparently.
Am 25.02.2015 um 00:56 schrieb Alex Regan:
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better. Can you recommend a antivirus
other than Sophos that works well with Linux/Fedora?
Sophos is a
Am 24.02.2015 um 22:42 schrieb Axb:
On 02/24/2015 10:32 PM, Kris Deugau wrote:
These are almost certainly viruses. Upload one or two of the .zip files
to virustotal.com to check against a long list of AV scanners.
Didn't check it. Avira AntiVir (my desktop scanner) didn't notice any of
Am 24.02.2015 um 23:39 schrieb LuKreme:
On Feb 24, 2015, at 15:24, Axb axb.li...@gmail.com wrote:
*.pdf.zip is a dangerous one to block on sight - FP risk is huge
Really? I've never seen a .pdf.zip that was legitimate
and i sent hundrets which where by just right click on the pdf and chose
On 02/24/2015 11:39 PM, LuKreme wrote:
On Feb 24, 2015, at 15:24, Axb axb.li...@gmail.com wrote:
*.pdf.zip is a dangerous one to block on sight - FP risk is huge
Really? I've never seen a .pdf.zip that was legitimate.
KDE: right click on a blah.pdf compress as Zip Archive and bang:
On February 24, 2015 11:57:23 PM Axb axb.li...@gmail.com wrote:
I can imagine other Linux Desktops doing the same. Dunno about Windows
or Apple
users is not asked for a filename, since the default seems fine :)
W dniu 2015-02-24 o 21:28, Yves Goergen pisze:
Am 24.02.2015 um 19:56 schrieb Axb:
- Please post missed spam samples in pastebin.com - do not post samples
to mailing lists
It's too many to process them individually in pastebin. Here's an
archive with ~60 messages in files:
On 02/24/2015 11:18 PM, John Hardin wrote:
On Tue, 24 Feb 2015, Alex Regan wrote:
Does anyone know/think it would be a good idea to add .pdf.zip to
the mime types reject list? Has anyone seen a real example that wasn't
a virus?
Pretty much *any* double-extension filename is suspect.
Am 24.02.2015 um 23:06 schrieb Yves Goergen:
Am 24.02.2015 um 22:42 schrieb Axb:
ClamAV has become a framework... and atm, you can open a a bottle of
bubbly if the official sigs actually detect anything.
Oh great. Now that I've finally set up ClamAV on the server, it's
useless? At least it
52 matches
Mail list logo
