I did the same as a work around, but I would prefer that the
functionality be fixed/brought in line with how other bogus file
blocking was being performed.
Note to Chris, this is zombie spam and it comes from all over the
place. I would imagine that every Declude user is seeing this problem
currently unless they have added SKIPIFEXT COM to their bannotify.eml
file, which is only a work around and not a common config. This was
probably always happening with COM files, but it took a spammer to
screw up and expose the flaw due to sheer volume. I would expect for
the problem to get worse with time as his spam campaign ramps up.
Matt
Scott Fisher wrote:
I had to put SKIPIFEXT COM into my
bannotify.eml file as a workaround.
-----
Original Message -----
Sent:
Wednesday, March 16, 2005 10:09 AM
Subject:
Re: [Declude.Virus] Spam .com files being blocked.
The problem has been growing on my end. This morning I had over 200 of
these bounce back to my postmaster account and my spool has 100 more of
these waiting.
Declude is detecting the "bogus" COM file extension, but still
generating a bounce. I believe this to be in error and in need of
fixing. My recollection is that when Declude detects a "bogus" file
type, it treats it as a vulnerability and then it should not create a
bounce according to banned extensions, yet these things are still
bouncing. Here's a sample of my logs:
03/16/2005 00:00:31 Qbd6eb1a701040a54 MIME file:
[text/html][quoted-printable; Length=5395 Checksum=490002]
03/16/2005 00:00:31 Qbd6eb1a701040a54 MIME file: [EMAIL PROTECTED]
[base64; Length=6414 Checksum=850887]
03/16/2005 00:00:31 Qbd6eb1a701040a54 Banning file with COM extension
[image/gif].
03/16/2005 00:00:31 Qbd6eb1a701040a54 Found a bogus .com file
03/16/2005 00:00:31 Qbd6eb1a701040a54 Scanned: Banned file extension.
[Prescan OK][MIME: 3 12614]
03/16/2005 00:00:31 Qbd6eb1a701040a54 From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
03/16/2005 00:00:31 Qbd6eb1a701040a54 Subject: denigrate cosmetic
scene serge midshipman
Bogus files should be treated as vulnerabilities are (historically),
and not as banned extensions. I'm running 1.82.
Declude, will you please respond to the problem.
Matt
Darin Cox wrote:
Yep. I just added SKIPIFEXT COM
to my bannotify.eml yesterday.
Darin.
-----
Original Message -----
Sent: Tuesday, March 15, 2005 3:31 PM
Subject: [Declude.Virus] Spam .com files being
blocked.
I block .com files.
The last 3 days, I've been
getting consistent blocking of spam messages referring to a gif file
named .com:
Content-Type: image/gif;
name="wdjgamexmail.com"
These are getting blocked, but
the users are getting a little tired of the bannotify.eml messages that
this triggers.
So I'm reluctantly forced to add
SKIPIFEXT COM to my bannotify.eml file.
Has anyone else been seeing this?
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|