Hi all,
2012-06-17
fixed in assp 2.2.2 build 12169:
- the penalty box scoring was not working for bad attachments
- the assp restart sequence was stucking if the stop sequence of the
MaintThread was hanging for any reason
changed:
- a new ASSP_MIB file is released
- ASSP_AFC.pm plugin version 2.02 is released
- the priority of the ChangeConfigSchedule is increased
added:
'UserAttach','User based Good and Bad Attachments*','This set of regular
expression is used to identify attachments
that should be allowed or blocked for specified users and/or domains.
Separate entries with a any of
'=>; , ; : space'. Separate multiple regex entries with pipe '|'. The
dot . is assumed to precede the regex,
so don't include it anywhere (except the user name).
To define entries you have to use the 'file:...' option. Define one
entry per line - comments are not allowed
in a definition line.
The syntax of an entry is as follows:
username => good => goodAttachRegex , good-out => goodoutRegex , good-in
=> goodinRegex , block => blockAttachRegex , block-out => blockoutRegex ,
block-in => blockinRegex
username - Mail solely to or from any of these addresses. Accepts
specific addresses ([email protected]),
user parts (user) or entire domains (@domain.com) or a Group definition
[GROUP]. Wildcards are supported
(fribo*@domain.com).
good => goodAttachRegex - good attachment for incoming and outgoing
mails
good-out => goodoutRegex - good attachment for outgoing mails
good-in => goodinRegex - good attachment for incoming mails
block => blockAttachRegex - bad attachment for incoming and outgoing
mails
block-out => blockoutRegex - bad attachment for outgoing mails
block-in => blockinRegex - bad attachment for incoming mails
For example:
[email protected] => good =>
ai|asc|bhx|dat|doc|eps|gif|htm|html|ics|jpg|jpeg|hqx|od[tsp]|pdf|ppt|rar|rpt|rtf|snp|txt|xls|zip
*@domain.tld => good => ai|asc|bhx , good-out => eps|gif , good-in =>
htm|html , block => pdf|ppt , block-out => rar|rpt , block-in => xls
At least one of the above option must be defined in a line - a maximum
of all (six) could be defined, if this makes sense.
If the user name matches for a sender or recipient and a (in/out) regex
definition is found in this file,
all level definition are overwritten for this mail.
good, good-out and good-in - and also - block, block-out and block-in -
will be logical OR combined according
to the mail flow.
Notice: if a bad attachment is found on a user based attachment check,
the penalty box IP address scoring is scipped.'
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
