THE GUI!
If the user name matches for a sender or recipient and a (in/out) regex
definition is found in this file, all level definition are overwritten for
this mail.
good, good-out and good-in - and also - block, block-out and block-in -
will be logical OR combined according to the mail flow.
>If so, what does a blank good-in and bad-in rule do? Everything is good,
>but everything is bad? Which wins?
No rule - no check.
If I define a zip: line for a specific user but not a non-zip: line, will
the level 1,2,3,4 blocks still be effective?
yes - zip: (as written in the doc) is an extension provided by AFC.
Thomas
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 18.02.2016 01:56
Betreff: Re: [Assp-test] AFC Plugin, UserAttach. Encrypted zip
Here's my pertinent settings:
DoBlockExes block
BlockExec (external) Level 2
BlockWLExes Level 1
BlockNPExecs Level 1
BaddAttachLevel1
exe-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh
Levels2, 3, 4 are currently blank
In UserAttach I have only this:
zip: allo...@ourdomain.org => good-out => *|crypt\-zip
DoASSP_AFC enabled
ASSP_AFCblockEncryptedZip is checked
No matter if the documentation is clear, I find the options to be a bit
convoluted and the way I understand it doesn't match what I see happening.
Here's what happening for me
1) No user may send or receive encrypted zip files except
allo...@ourdomain.org [as expected]
2) If I didn't have the *|crypt\-zip and instead just had crypt\-zip,
allowed@ourdomain could not send non-encrypted zip files [as expected]
3) files that match level 1 (but aren't zipped) are blocked for all users
[as expected]
4) The allo...@ourdomain.org user, the one who is in the UserAttach file,
CAN receive zip files (just not encrypted) despite what you've explained.
I thought you said that if the line isn't fully defined, everything else
would be a block. [*not as expected*]
5) all users >can< receive zip files that contain dll files as an example.
I though that they'd be disallowed as dll is in level 1 [*not as
expected*]
6) I didn't test allo...@ourdomain.com and other non-zip attachments. What
would you expect to happen?
*So, let me please restate my questions, maybe more clearly?*
Based on my settings, does it look like I'm doing something wrong? Is it
working as expected, but I just don't understand?
If there isn't a FULLY definted UserAttach line for a user and there's
only
say a good-out, are you saying that bad-out, bad-in, and good-in will be
considered to be blank?
If so, what does a blank good-in and bad-in rule do? Everything is good,
but everything is bad? Which wins?
If I define a zip: line for a specific user but not a non-zip: line, will
the level 1,2,3,4 blocks still be effective?
On Wed, Feb 17, 2016 at 12:40 PM, Thomas Eckardt
<thomas.ecka...@thockar.com
> wrote:
> The doc is clear. If a user entry is made and matches - all level
> definitions are skipped!
> Yes, zip: definitions have to be made explicite.
> If you want to act AFC the same way for regular attachments and zip file
> content, you'll need two identical definitions - one without and one
with
> the leading zip:
>
> Thomas
>
>
>
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 17.02.2016 16:39
> Betreff: Re: [Assp-test] AFC Plugin, UserAttach. Encrypted zip
>
>
>
> and a followup, even though I've got both exe-bin and dll listed in
level
> 1, it seems that zip files that include those extensions are still
allowed
> through to / from all users.
>
> Is there a way to have AFC block attachments for all (not counting
> UserAttach exceptions) if any level 1,2,3 file is inside a zip? I'm
not
> talking encrypted, just a regular zip.
>
> On Wed, Feb 17, 2016 at 9:55 AM, K Post <nntp.p...@gmail.com> wrote:
>
> > sorry, hit send by mistake....
> >
> > If I put a line like
> >
> > zip: theuser@ourdomain => => good-out => crypt\-zip
> >
> > 1) that will allow the encrypted zips right?
> >
> > 2) Will that block the person from being able to send zips that are
NOT
> > encrypted? If so, how do we allow encrypted zips and any other zip
to
> go
> > EXCEPT those that contain something prohibited by Level 1?
> >
> > 3) The description's unclear to me - if you have a line in the user
> > attach file but only specify what IS allowed and don't have a block
bit
> to
> > the line, does that remove all blocks from Level 1 etc?
> >
> > 4) If I wanted different attachment handling for a person and
different
> > zip handling for that same person, am I correct in saying that I'd use
2
> > lines in userattach, one normal, and one prefixed with zip?
> >
> > THANK YOU
> >
> >
> >
> > On Wed, Feb 17, 2016 at 9:49 AM, K Post <nntp.p...@gmail.com> wrote:
> >
> >>
> >> I've read and reread the gui, but still am not completely clear.
> >>
> >> Attachment blocking works well. We don't allow, in or out, the
> standard
> >> stuff: exe, etc.
> >>
> >> I've got ASSP_AFCblockEncryptedZIP checked, and that works well too.
> >>
> >> My problem is that I've got 2 users who need to be able to send
> encrypted
> >> zip files, but not receive them. All other restrictions, in and out,
> for
> >> those users should be the standard.
> >>
> >> I assume I use UserAttach for this. If I understand correctly, if I
> had
> >> a regular line in UserAttach, that will override everything else in
the
> >> attachment blocking section.
> >>
> >> If I put a line like
> >>
> >> zip: theuser@ourdomain => => good-out => crypt\-zip
> >>
> >> 1) that will allow the encrypted zips right?
> >>
> >> 2) Will that block the person from being able to send zips that are
NOT
> >> encrypted?
> >>
> >
> >
>
>
------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
