I added a bit. Confirm that this is correct? (see bold)
This feature replaces the above level definitions. If at least one valid
regular (not zip:...) attachment blocking rule is defined here, all level
definitions are ignored for all emails, *regardless of direction! This
means that if, for example, only a good-out *
*definition exists for a user, the level definitions for any email sent OR
RECEIVED will*
*be ignored. Only having a good-out defined for a user means that this
user will only be able*
*to send files matching that good-out definition, will not be able to send
any other kinds of*
*file, but will have no block-in definition, so any attachment type can be
sent to that user. To have the*
*level rules apply for a user in UserAttach, the level rule entries need to
be copied into userattach for each user.*
Also, still outstanding, if .dll is blocked in level 1 and the AFC plugin
is used, shouldn't a .dll within a .zip be blocked?
On Fri, Feb 19, 2016 at 9:34 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> This is the new GUI description for UserAttach - not much changed - but
> more clear.
>
> To define entries you have to use the 'file:...' option. Define one
> entry per line - comments are not allowed in a definition line.
> The syntax of an entry is as follows:
> username => good => goodAttachRegex , good-out => goodoutRegex , good-in
> => goodinRegex , block => blockAttachRegex , block-out => blockoutRegex ,
> block-in => blockinRegex
> username - Mail solely to or from any of these addresses. Accepts
> specific addresses (u...@domain.com), user parts (user) or entire domains
> (@domain.com) or a Group definition [GROUP]. Wildcards are supported
> (fribo*@domain.com).
> good => goodAttachRegex - good attachment for incoming and outgoing
> mails
> good-out => goodoutRegex - good attachment for outgoing mails
> good-in => goodinRegex - good attachment for incoming mails
> block => blockAttachRegex - bad attachment for incoming and outgoing
> mails
> block-out => blockoutRegex - bad attachment for outgoing mails
> block-in => blockinRegex - bad attachment for incoming mails
> For example:
> u...@domain.tld => good =>
>
> ai|asc|bhx|dat|doc|eps|gif|htm|html|ics|jpg|jpeg|hqx|od[tsp]|pdf|ppt|rar|rpt|rtf|snp|txt|xls|zip
> *@domain.tld => good => ai|asc|bhx , good-out => eps|gif , good-in =>
> htm|html , block => pdf|ppt , block-out => rar|rpt , block-in =>
> xls|exe\-bin
> At least one of the above option must be defined in a line - a maximum
> of all (six) could be defined, if this makes sense.
> This feature replaces the above level definitions. If at least one valid
> regular (not zip:...) attachment blocking rule is defined here, all level
> definitions are ignored for all emails!
> The defined blocking rules for the sender and the first envelope
> recipient are combined together using an OR logic.
> good, good-out and good-in - and also - block, block-out and block-in -
> will be logical OR combined according to the mail flow.
> Notice: if a bad attachment is found on a user based attachment check,
> the penalty box IP address scoring is skipped.
>
> Thomas
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
