Ken -
How are you managing these? How are you releasing them??
thanks -
Bob
On 3/10/2020 12:14 PM, K Post wrote:
This is incredible! Can you give some detail on what the system is that
does this analysis, scoring, etc. Then once confirmed okay, how does
the user get the attachment that's been cleared? This would be a HUGE
benefit to my user base. There's tons of pdf's that I'm releasing on a
daily basis.
Thanks
On Tue, Mar 10, 2020 at 10:36 AM Thomas Eckardt
<thomas.ecka...@thockar.com <mailto:thomas.ecka...@thockar.com>> wrote:
Sorry - you wanted to know how we deal with such attachments.
For me, ASSP_AFC marks them for a sandbox system for analysing and
let them all pass. The sandbox system extracts all attachments to
their atomic parts, let some windows VM's open every single part or
attachment and analyses every VM memory for malicious code and actions.
The sandbox system has ~600 blocking rules and several thousand
scoring rules. If an attachment is classified as bad, the mail is
moved to a quarantine for manual investigation.
Thomas
Von: "Robert K Coffman Jr. -Info From Data Corp."
<bcoff...@infofromdata.com <mailto:bcoff...@infofromdata.com>>
An: assp-user@lists.sourceforge.net
<mailto:assp-user@lists.sourceforge.net>
Datum: 10.03.2020 12:23
Betreff: Re: [Assp-user] PDF Scanning
------------------------------------------------------------------------
They all have this in common:
'prohibited JavaScript in PDF file' - SHA256:
D6CB05FFD99283A4C5C6BEAF37D0274B985E1D47DD3B12F08B348F42CC1A60CA
However the checksums vary unfortunately.
Thanks!
- Bob
On 3/10/2020 2:29 AM, Thomas Eckardt wrote:
> It would be nice to know, why these PDF's are blocked - the reason is
> shown in the maillog.txt.
>
> Thomas
>
>
>
>
>
> Von: "Robert K Coffman Jr. -Info From Data Corp."
> <bcoff...@infofromdata.com <mailto:bcoff...@infofromdata.com>>
> An: assp-user@lists.sourceforge.net
<mailto:assp-user@lists.sourceforge.net>
> Datum: 09.03.2020 17:53
> Betreff: [Assp-user] PDF Scanning
> ------------------------------------------------------------------------
>
>
>
> We are getting a large number of false positives on PDFs received.
>
> What are other people doing with these?
>
> Thanks!
>
> - Bob
>
>
>
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
> legally privileged and protected in law and are intended solely for the
> use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential,
legally privileged and protected in law and are intended solely for
the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be
no known virus in this email!
*******************************************************
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net <mailto:Assp-user@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user