Thomas, thanks for your immediate reply!
Yes, Email::MIME::Modifier is installed and available: Aug-4-08 12:39:44 ASSP version 1.4.1.0.28 (Perl 5.008008) initializing Aug-4-08 12:39:44 File::Scan::ClamAV module version 1.8 installed and available Aug-4-08 12:39:44 ASSP running on server: xxxxxx (127.0.0.1) Aug-4-08 12:39:44 Net::DNS module version 0.63 installed and available Aug-4-08 12:39:44 Email::Valid module version 0.179 installed and available Aug-4-08 12:39:44 Compress::Zlib module version 2.012 installed - HTTP compression available Aug-4-08 12:39:44 Digest::MD5 module version 2.36 installed - delaying can use MD5 keys for hashes Aug-4-08 12:39:44 Digest::SHA1 module version 2.11 installed - FBMTV check available Aug-4-08 12:39:44 File::ReadBackwards module version 1.04 installed - searching of log files enabled Aug-4-08 12:39:44 Time::HiRes module version 1.86 installed - CPU usage statistics available Aug-4-08 12:39:44 Sys::Syslog module version 0.13 installed - Unix centralized logging enabled Aug-4-08 12:39:44 Tie::RDBM module not installed - mysql usage not available Aug-4-08 12:39:44 Net::IP::Match::Regexp module not installed - CIDR notation for IP range not available Aug-4-08 12:39:44 Net::CIDR::Lite module not installed - hyphenated IP address range not available Aug-4-08 12:39:44 Net::SenderBase module version 1.01 installed - senderbase service available Aug-4-08 12:39:44 LWP::Simple module version 5.810 installed - procedural LWP interface available Aug-4-08 12:39:44 Email::MIME::Modifier module version 1.442 installed - MIME attachment detection available ClamAV Bytes and MaxBytes are set to 1000000 for testing purposes but this does not help so far, e.g. a testmail with attached '.exe' which is not on the list of allowed attachments: Aug-4-08 12:49:51 id-46985-10752 212.xxx.xxx.xxx <[EMAIL PROTECTED]> to: xxxx ClamAV: scanned 322207 bytes in whitelisted message - OK Aug-4-08 12:49:51 id-46985-10752 [Whitelisted] 212.xxx.xxx.xxx <[EMAIL PROTECTED]> to: xxxx whitelisted (no bad attachments) [WG test exe] -> ./notspam/10752.eml Aug-4-08 12:49:51 Disconnected: 212.xxx.xxx.xxx Logging is set to 'verbose' but the filename is not visible here - only when blocked. My assp.cfg looks like this in the attachment area: DoBlockExes:=1 BlockExes:=4 BlockWLExes:=4 BlockNPExes:=4 BadAttachL1:=ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs] |isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb| vb[es]|wms|ws[cfh]|gxx BadAttachL2:= BadAttachL3:=zip GoodAttach:=doc|xls|ppt|pdf|zip|rtf|txt|gif|jpg|jpeg|tif|stp|iges|drw|igs|xp o|cdr|AUF|svg|ps|eps|stl|ept|prt|dwg|dtf|idx|rar|pps|wmv|csv|sldasm|edrw|ZSE |ZPV|ics|png|dat|bmp|x_t|bxl|uic|easm|dxf >From my point of view the config is correct and attachments without an extension listed in 'GoodAttach' should be blocked. I also tried Level 3 for whitelisted senders and sent a '.zip'. This went through too. TIA Michel ________________________________ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Thomas Eckardt/eck Gesendet: Montag, 4. August 2008 12:38 An: ASSP development mailing list Betreff: [Assp-test] Antwort: ASSP 1.4.1 going to be closed Michel, >For further testing it would be nice if the filename of any attachment .... Switch AttachmentLog to verbose - this should log all detected attachments! Can you see the follwing message in the maillog (at startup): Email::MIME::Modifier module$ver installed - MIME charset conversion interface and attachment detection available Attachments will be only detected in the range of MaxBytes/ClamAVBytes! If there are multiple attachments and the first attachment is larger than this values, the other attachments will not be detected - there is no change in this behavior. Thomas "Michel" <[EMAIL PROTECTED]> Gesendet von: [EMAIL PROTECTED] 04.08.2008 12:16 Bitte antworten an ASSP development mailing list <[email protected]> An <[email protected]> Kopie Thema [Assp-test] ASSP 1.4.1 going to be closed Good morning Fritz! Many thanks for your support! I tried 1.4.1.0.28 now with Email::MIME::Modifier installed and sent some test messages. Attachment blocking is still on Level 4 for all, but e.g. a file "test.mgg" went through. The extension is definitely not on the list of allowed file extensions. Even '.exe' went through - in 2.0.0 as well It seems that attachment blocking does not work as expected at the moment. For further testing it would be nice if the filename of any attachment (blocked or not) is shown in the maillog. TIA Michel >Is that enough information to recheck the attachment-section? > > >Yes, it was (we think)))). > >please try .26 > >Attention: >Email::MIME::Modifier required for attachment detection! >- new - all (not only the first) attachments within >MaxBytes/ClamAVBytes will be detected and processed! ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
