Re: [Assp-test] fixes in assp 2.4.4 build 14295
On 22 Oct 2014, at 11:42 pm, Thomas Eckardt thomas.ecka...@thockar.com mailto:thomas.ecka...@thockar.com wrote: Under normal conditions the scan will be done by the SMTP-worker, if assp is under a havy workload Small typo - should be ‘heavy workload’. For both ClamAVLogScan and FileLogScan. Thanks for this ‘new’ feature Thomas - I never knew about it and think it’s a great thing to make sure all emails the user gets have been checked with latest virus signatures. James. -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] fixes in assp 2.4.4 build 14295
Hi all, fixed in assp 2.4.4 build 14295: changed: - the hidden config variables 'ClamAVLogScan' and 'FileLogScan' are now moved to regular GUI config 'ClamAVLogScan','Scan Stored Files for Virus with ClamAV' 'If virus check is enabled ( UseAvClamd ), every file/mail in the 'resendmail' (except reports) folder and every collected file is scanned for virus before it is sent or stored. If a virus is found, the file/mail is not (re)sent (it will get the extension '.virus'). Infected collected files are moved in to the SpamVirusLog folder. If enabled (default for security reasons), it could be possible, that the virus scanner (clamd) forces a very high system workload. Under normal conditions the scan will be done by the SMTP-worker, if assp is under a havy workload, the scan request will be transfered to the High-Workers (1/10001).' 'FileLogScan','Scan Stored Files for Virus with FileScan' 'If virus check is enabled ( DoFileScan ), every file/mail in the 'resendmail' (except reports) folder and every collected file is scanned for virus before it is sent or stored. If a virus is found, the file/mail is not (re)sent (it will get the extension '.virus'). Infected collected files are moved in to the SpamVirusLog folder. If enabled (default for security reasons), it could be possible, that the virus scanner ( FileScanCMD ) forces a very high system workload. Under normal conditions the scan will be done by the SMTP-worker, if assp is under a havy workload, the scan request will be transfered to the High-Workers (1/10001).' Thomas DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 14:42:58 +0200 :: titc.03729f3878.ofcd7ece66.f480b515-onc1257d79.0045488a-c1257d79.0045d...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: 'FileLogScan','Scan Stored Files for Virus with FileScan' 'If virus check is enabled ( DoFileScan ), every file/mail in the 'resendmail' (except reports) folder and Thomas... why don't you change this feature to some kind of stored mail scan; that is, if the flag is enabled, ASSP may queue received mails into some list, then a separate, background thread will call the ClamAV scanner to scan each file and, if needed, quarantine it (as a note the quarantine folder may be used during spamcorpus rebuild :D) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 14:49:43 +0200 :: 20141022144943.0...@gmx.net :: Grayhat gray...@gmx.net wrote: Thomas... why don't you change this feature to some kind of stored mail scan; that is, if the flag is enabled, ASSP may queue received mails into some list, then a separate, background thread will call the ClamAV scanner to scan each file and, if needed, quarantine it (as a note the quarantine folder may be used during spamcorpus rebuild :D) to explain it better, ASSP will save files as it does, but it will also queue names so that the worker handling the scan will extract them from the queue and scan them; this will avoid the need of separately scanning them *and* may allow placing a notice in the spamreport which will show infected :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
ASSP may queue received mails into some list, to explain it better, ASSP will save files as it does, but it will also queue names so that the worker handling the scan will extract them from the queue and scan them; It is exactly working this way, if the running conditions are require this. Under normal conditions the scan will be done by the SMTP-worker, if assp is under a havy workload, the scan request will be transfered to the High-Workers (1/10001). normal condition is : - the SMTP worker has nothing else to do, it has just time and the resources to scan the file/mail it is still processing How ever, assp has to make sure, that no other assp process is able to access the file before it was scanned - so, a long term queue (anytime queue) is not an option. Thomas Von:Grayhat gray...@gmx.net An: assp-test@lists.sourceforge.net Datum: 22.10.2014 14:53 Betreff:Re: [Assp-test] fixes in assp 2.4.4 build 14295 :: On Wed, 22 Oct 2014 14:42:58 +0200 :: titc.03729f3878.ofcd7ece66.f480b515-onc1257d79.0045488a-c1257d79.0045d...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: 'FileLogScan','Scan Stored Files for Virus with FileScan' 'If virus check is enabled ( DoFileScan ), every file/mail in the 'resendmail' (except reports) folder and Thomas... why don't you change this feature to some kind of stored mail scan; that is, if the flag is enabled, ASSP may queue received mails into some list, then a separate, background thread will call the ClamAV scanner to scan each file and, if needed, quarantine it (as a note the quarantine folder may be used during spamcorpus rebuild :D) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 15:09:47 +0200 :: titc.6372c6e693.of581c4ccf.bef7cd3e-onc1257d79.00471ba1-c1257d79.00484...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: How ever, assp has to make sure, that no other assp process is able to access the file before it was scanned - so, a long term queue (anytime queue) is not an option. thinking loud: store the file in a separate scan folder, then the scanner process will decide where to move it (regular storage or quarantine); this way only the scanner will know where the file is :) As for using a regular thread or an high one... I wonder why you aren't spawning another thread just for this task; all in all it will run only if this scan is enabled :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
As for using a regular thread or an high one... I wonder why you aren't spawning another thread just for this task; Yes, this would be an option, if both High-Threads are overloaded - let's see how it works the simple way. For the last days, this feature (and every change I made) was running on my prod systems without any issue. I use both scanner options. Yes, the overall system workload was a little growing, but this is normal, if now every mail or file is scanned for a virus. And not any other implementation would change this. I wonder why you aren't spawning another thread Sounds nice and easy - but it is'nt. Implementing another High-Thread requires a redesign of many code parts. - startup - shutdown - thread controll and monitoring - stats - SNMP - GUI - health check Before I would create a new thread for the scanning, I see the chance to make both new options a 'select' [OFF, resend folder only , resend folder and collected files] . If there are virus infected files in the corpus, this does not matter as long as nobody want to access them. Even infected mail parts are used by the rebuildspamdb to make the spam detection more accuate. Only the resend is dangerous - an infected file should not (never) be resent. Thomas Von:Grayhat gray...@gmx.net An: assp-test@lists.sourceforge.net Datum: 22.10.2014 15:25 Betreff:Re: [Assp-test] fixes in assp 2.4.4 build 14295 :: On Wed, 22 Oct 2014 15:09:47 +0200 :: titc.6372c6e693.of581c4ccf.bef7cd3e-onc1257d79.00471ba1-c1257d79.00484...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: How ever, assp has to make sure, that no other assp process is able to access the file before it was scanned - so, a long term queue (anytime queue) is not an option. thinking loud: store the file in a separate scan folder, then the scanner process will decide where to move it (regular storage or quarantine); this way only the scanner will know where the file is :) As for using a regular thread or an high one... I wonder why you aren't spawning another thread just for this task; all in all it will run only if this scan is enabled :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 16:03:05 +0200 :: titc.5372cf6baa.of7b87b0fb.218efdb5-onc1257d79.004a1b98-c1257d79.004d2...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: used by the rebuildspamdb to make the spam detection more accuate. Only the resend is dangerous - an infected file should not (never) be resent. uhm... well, in general I'd agree, but think about AV false positives; in such cases having the ability to get the email may be quite useful :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
but think about AV false positives; AV false positives - is not really an assp problem, first this must be fixed in the AV-software scanning exceptions. btw: never saw such thing Because reports are not scanned by assp, the only way is to rename the file to a report-file-name. for example n123345.eml This is safe, because only system- or assp admins are able to this. FC (file commander GUI) could be used for example. Such a file name could not be forced/spoofed by a spammer - or better : will never be created by assp because of any setting or mail subject. Only reports created by assp are named this way. Thomas Von:Grayhat gray...@gmx.net An: assp-test@lists.sourceforge.net Datum: 22.10.2014 17:01 Betreff:Re: [Assp-test] fixes in assp 2.4.4 build 14295 :: On Wed, 22 Oct 2014 16:03:05 +0200 :: titc.5372cf6baa.of7b87b0fb.218efdb5-onc1257d79.004a1b98-c1257d79.004d2...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: used by the rebuildspamdb to make the spam detection more accuate. Only the resend is dangerous - an infected file should not (never) be resent. uhm... well, in general I'd agree, but think about AV false positives; in such cases having the ability to get the email may be quite useful :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test