>And by "regular flow" i mean the full route of the email, from sender to
recipient inbox.
Simply configure assp this way.
>run ALL the checks/plugins even if the MessageLimit is reached
MsgScoreOnEnd
>Send250Ok
this is NONSENSE
>honeypot
spamaddresses
>IMHO resends triggered by admins should always release
>the original message to the original recipient.
NO!
>resend should be blocked with a notification to the user
next release will send notifications if the recipient is a local address
>like the admin requesting the blocked
>email to be sent to himself for analysis
next release:
All resend requests for mails with forbidden attachments and viruses will
require an 'edit' of the file.
If ASSP_AFC is installed and configured and the file contains no
'X-ASSP-ForceResend:' header tag, bad attachments and viruses will be
removed (replaced) - using the configured rules without any exception.
Thomas
Von: aquilinux <aquili...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 31.03.2016 11:08
Betreff: Re: [Assp-test] AFC Plugin question
On Tue, Mar 29, 2016 at 11:52 AM, Thomas Eckardt
<thomas.ecka...@thockar.com
> wrote:
> At this time, there is no way to call a plugin from inside the resend
> function. Extracting the missing runtime data from the 'X-ASSP-' headers
> would be possible and ok for a simple regular resend. But resend
requests
> may come from Admins, BlockReportAdmins , deputys .... ! This opens
> several question for the case where userbased attachment blocking is
> configured. One question is, which userbased configuration should be
used?
>
> - original receipient
> - original sender
> - requester
> - defined recipient of the resend
>
> If there are multiple matches, what should be ignored?
>
IMHO, all plugins/checks dealing with attachments (AV, AFC) should run at
least once in a regular email flow.
And by "regular flow" i mean the full route of the email, from sender to
recipient inbox.
Blocked mails do not do a regular flow, but are frozen on the way.
Here we have 2 chances:
1) run ALL the checks/plugins even if the MessageLimit is reached, so if
AFC is set to replace virus/attachement parts it will be able to do its
job. In this case, if a block is triggered by a plugin, the blocking
reason
should not be MessageLimit but the Plugin reason. The main reason is that
if i (the user) see in a report a message blocked by
"BadAttachment/Malware" i (the user) will be more careful with this
resend.
MessageLimit is too generic, and malware/ransomware/virus can do real
harm.
2) run the AFC/AV on the resend.
note: maybe i am wrong but when Send250OK is checked, i see that plugin
always run even if MessageLimit is reached. Also, Send250Ok description in
gui says "it will turn ASSP in a tarpit": shouldn't it say honeypot
instead
of tarpit? Tarpitting is about delaying, but what it is really doing there
is "send me whatever shit you want, i'll never answer with a 551". I
remembered i checked the Send250Ok because, years ago, i had a problem
with
blocked mails not stored. I found out that Send250Ok really mitigated the
issue, so i used it since then.
Can you clarify what Send250Ok really changes in the behaviour of assp?
about the userbase: IMHO resends triggered by admins should always release
the original message to the original recipient. user triggered resends
should release the message with filters (if virus/attachments are blocked,
resend should be blocked with a notification to the user, if
virus/attachments are set to replace, they will be replaced).
advanced configurations are possible, like the admin requesting the
blocked
email to be sent to himself for analysis.
You are right, there are many cases, but maybe we should start from the
most frequently used.
regards,
aqx
--
"Madness, like small fish, runs in hosts, in vast numbers of instances."
Nessuno mi pettina bene come il vento.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
