Re: [AMaViS-user] Filtering before banned attachments
Robert, On Sat, 2008-01-26 at 01:53 +0100, mouss wrote: Robert Fitzpatrick wrote: I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. if the attachment is large, it will be skipped. The size is configurable, but spending cycles on huge messages is generally not worth the trouble. Up so far, spam rarely comes in large messages. The whole message is less than 30K and contains usually video.zip and is a virus. We use ClamAV with SaneSecurity, the first one we got with Trojan.Pandex Virus was not found in the ClamAV db, anyone else picking these up? We're starting to get more and more of these. Infected or banned contents cause spam checking to be skipped currently (but one should not rely on this). Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Filtering before banned attachments
On Sat, 2008-01-26 at 01:53 +0100, mouss wrote: Robert Fitzpatrick wrote: I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. if the attachment is large, it will be skipped. The size is configurable, but spending cycles on huge messages is generally not worth the trouble. Up so far, spam rarely comes in large messages. The whole message is less than 30K and contains usually video.zip and is a virus. We use ClamAV with SaneSecurity, the first one we got with Trojan.Pandex Virus was not found in the ClamAV db, anyone else picking these up? We're starting to get more and more of these. -- Robert - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Filtering before banned attachments
Robert Fitzpatrick wrote: I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. if the attachment is large, it will be skipped. The size is configurable, but spending cycles on huge messages is generally not worth the trouble. Up so far, spam rarely comes in large messages. My question, is there a way for amavis to filter with SA and only send through according to banned policies if CLEAN? - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Filtering before banned attachments
I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. My question, is there a way for amavis to filter with SA and only send through according to banned policies if CLEAN? -- Robert - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
