Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Andrew McGlashan 



On 22/06/18 06:58, Gene Heskett wrote:
> All sounds well and good, but where do I find the tut and tools to adjust 
> this?


http://www.openspf.org/Project_Overview

Cheers
A.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Gene Heskett 
On Thursday 21 June 2018 23:08:34 Andrew McGlashan wrote:

> On 22/06/18 07:21, Gene Heskett wrote:
> > On Thursday 21 June 2018 17:12:51 Al Varnell wrote:
> >> Gene,
> >>
> >> If you aren't responsible for an e-mail domain, then none of this
> >> applies to you.
> >>
> >> Based on the e-mail address you are using, this isn't anything you
> >> should care about.
> >>
> >> -Al-
> >
> > That is what I was trying to drill down to Al. The email address to
> > get to me, is totally independent of the web address in the sig. 
> > That I buy from namecheap, in 5 year blocks.
> >
> > But that has not prevented me from getting spammed by my own address
> > occasionally.
>
> You have an SPF entry, were you not responsible for it's setup?
>
> ghesk...@shentel.net
>
> # dig -t txt shentel.net +short
> "v=spf1 ip4:204.111.2.0/25 ip4:204.111.1.0/24 ip4:204.111.6.73
> ip4:204.111.6.123 ip4:204.111.6.124 ~all"
>
> Is that provided on your behalf by barracuda?
>
> # host shentel.net
> shentel.net has address 204.111.6.122
> shentel.net mail is handled by 10 barracuda.cloud.shentel.net.
>
> If they tightened up your SPF and mail servers respect the rules; then
> you can expect less spam -- you cannot expect zero spam as lots of
> senders will not use "standard" mail servers and many receiving mail
> server will not give SPF the weight it deserves by rejecting false
> senders.

I get what I would call minimum spam, just enough to train SA with.
A bad day is 10. When I was using my old account at the tv station, 
several years ago, the spam count was often 200+ a day. Whatever 
barracuda is trained to do, its doing it very well.

So if you hear me complaining about spam, its plainly been a bad day all 
around, and  likely some other straw has broke this old camels back. :)

Thanks Andrew.


> Cheers
> A.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Andrew McGlashan 



On 22/06/18 07:21, Gene Heskett wrote:
> On Thursday 21 June 2018 17:12:51 Al Varnell wrote:
> 
>> Gene,
>>
>> If you aren't responsible for an e-mail domain, then none of this
>> applies to you.
>>
>> Based on the e-mail address you are using, this isn't anything you
>> should care about.
>>
>> -Al-
>>
> That is what I was trying to drill down to Al. The email address to get 
> to me, is totally independent of the web address in the sig.  That I buy 
> from namecheap, in 5 year blocks.
> 
> But that has not prevented me from getting spammed by my own address 
> occasionally.

You have an SPF entry, were you not responsible for it's setup?

ghesk...@shentel.net

# dig -t txt shentel.net +short
"v=spf1 ip4:204.111.2.0/25 ip4:204.111.1.0/24 ip4:204.111.6.73
ip4:204.111.6.123 ip4:204.111.6.124 ~all"

Is that provided on your behalf by barracuda?

# host shentel.net
shentel.net has address 204.111.6.122
shentel.net mail is handled by 10 barracuda.cloud.shentel.net.

If they tightened up your SPF and mail servers respect the rules; then
you can expect less spam -- you cannot expect zero spam as lots of
senders will not use "standard" mail servers and many receiving mail
server will not give SPF the weight it deserves by rejecting false senders.

Cheers
A.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Gene Heskett 
On Thursday 21 June 2018 17:12:51 Al Varnell wrote:

> Gene,
>
> If you aren't responsible for an e-mail domain, then none of this
> applies to you.
>
> Based on the e-mail address you are using, this isn't anything you
> should care about.
>
> -Al-
>
That is what I was trying to drill down to Al. The email address to get 
to me, is totally independent of the web address in the sig.  That I buy 
from namecheap, in 5 year blocks.

But that has not prevented me from getting spammed by my own address 
occasionally.

Thanks Al.

> On Thu, Jun 21, 2018 at 01:58 PM, Gene Heskett wrote:
> > All sounds well and good, but where do I find the tut and tools to
> > adjust this?



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Al Varnell 
Gene,

If you aren't responsible for an e-mail domain, then none of this applies to 
you.

Based on the e-mail address you are using, this isn't anything you should care 
about.

-Al-

On Thu, Jun 21, 2018 at 01:58 PM, Gene Heskett wrote:
> All sounds well and good, but where do I find the tut and tools to adjust 
> this?



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Gene Heskett 
On Thursday 21 June 2018 11:47:02 Andrew McGlashan wrote:

> On 21/06/18 23:29, Gene Heskett wrote:
> > What I'd like to see is a good description of SPF.  All these
> > acronyms get thrown around, usually with no references as to why its
> > even needed or how to implement it. Does it help control the
> > neighborhood feral cat problem or what?
>
> If email is setup for a domain name (that you are responsible for),
> you can and should specify which servers are allowed to send email for
> that domain name.  If any servers (or any other Internet connected
> device) sends emails for your domain name and they are not in your
> authorized list, then those emails should be rejected.
>
> However, if you open up your SPF record to more widely accept other
> possible senders, then the bad guys have an opportunity to impersonate
> you more easily and you also risk getting a great deal more
> backscatter.
>
> If you have strong rules and you know exactly what you are doing, you
> can do tests to help make sure you got it right, then beyond the tests
> or testing period you are best to provide a hard fail response so that
> if any non-authorized sender tries to send email for your domain name,
> they /should/ be stopped.
>
> Well setup mail servers should check all incoming email against your
> published SPF records (published in DNS) and if your rules allow them
> to reject emails due to a non-authorized sender being deteected, then
> they really should reject the emails; if they do not honour your
> rules, then it can lead to unnecessary backscatter and potential for
> emails /from/ your domain name being sent fraudulently (ie not sent
> from an authorized server).
>
> Having weak rules that don't fully enforce the exact list of
> authorized senders can greatly lessen the value of SPF and make your
> rules next to useless -- especially if they do not do a hard fail.
>
> Now, relying on the settings (or rules) of other service providers
> gives an opportunity for someone else to ruin your rule set if they
> make a mistake -- the way this is done is to "include" someone else's
> rules without you being able to adjust them as required; you are
> therefore relying on them to get it right.  As I've said before, I run
> scripts to determine if an "upstream" or otherwise would be included
> entry has changed in any way, then I vet the changed rules to make
> sure they are valid (as best I can determine) and build my own rules
> based on the data from upstream and I do not allow the include to be
> active, which would allow someone else to break my rules beyond my
> control.
>
> There is another consideration with SPF that is very important, it is
> that there is a limited number of DNS lookups, if you do an include
> and they in turn do an include (and this could really expand out),
> then you will possibly hit the 10 maximum DNS lookups available before
> the SPF check will fail.  This is bad.  The less DNS lookups you need
> to do, the better -- you can avoid DNS lookups by using known fixed IP
> addresses in your rules in place of a DNS name.
>
> The other major problem with many people using SPF is that they have
> more than one rule returned when their SPF record is queried.  This is
> also invalid -- SPF *must* return a single entry (which may have
> includes), if there are two or more SPF results returned, then you
> have a problem and the tester of your rules should fail to provide you
> a positive result.
>
> If the possible sending servers are very dynamic, then it can be more
> difficult to get a suitable static SPF rule set.  But more often than
> not, the rule set can be very stable -- so, if you construct it
> carefully and purposely, then there is every chance you can provide a
> long standing answer that is very definitive and if it is obeyed, then
> it should be very hard for someone else to successfully send
> fraudulent emails for your domain name (provided all receiving mail
> servers check and make sure the rules are followed correctly).
>
> If your ISP or some other service provider is sending emails on your
> behalf, they /may/ also be responsible for the appropriate DNS records
> for your SPF.
>
> My own take is this, I run my own DNS servers, my own mail and web
> servers; I also run my own "cloud" servers (Nextcloud).  I do not
> believe in delegating these responsibilities to third parties and
> paying them for the privilege.  Many service providers themselves may
> not know what they are doing, so they too often err on the side of
> caution and often leave your SPF records open to abuse by having test
> or soft fail settings.  Of course having either test or soft fail
> settings will lessen the risk that your emails won't be delivered
> correctly, at the very real risk that it opens up your domain name for
> abuse.
>
> So, take responsibility if you have a domain name that your are
> responsible for with email facility and make sure that your SPF
> records are as exact and precise as possible

Re: [clamav-users] DWFx files tagged as Xml.Exploit.CVE_2018_4975-6545149-0

2018-06-21 Thread Brian Gawith 
That may have been us as well. We sent in a report earlier this week but hadn't 
heard anything and were still having the issue so I figure I would reach out 
and see if there was anything else I could do.

-Brian Gawith, I.T. Services Manager 

From: clamav-users  On Behalf Of Alain 
Zidouemba
Sent: Thursday, June 21, 2018 12:12 PM
To: ClamAV users ML 
Subject: Re: [clamav-users] DWFx files tagged as 
Xml.Exploit.CVE_2018_4975-6545149-0

We actually got another FP report for the signature 
Xml.Exploit.CVE_2018_4975-6545149-0 triggering on AutoCAD DWFx files. We 
dropped Xml.Exploit.CVE_2018_4975-6545149-0 from the signature set earlier 
today pending further investigation on how the signature could be re-written to 
avoid FPs on these DWFx files.

- Alain

On Thu, Jun 21, 2018 at 12:27 PM, Brian Gawith  wrote:
We use a replication platform that has ClamAV baked in so can't really use the 
standard whitelist procedures, or at least not that I am aware of. Anyway we 
are getting a bunch of our AutoCAD DWFx files that are being tagged for the 
virus Xml.Exploit.CVE_2018_4975-6545149-0. I can't figure out exactly what the 
exploit is and what it does. If I can point to what exactly the exploit is I 
can go to Autodesk and see if they have a hotfix for the problem. Otherwise we 
are stuck. The real problem seems to be that once the file is tagged it strips 
out the redlines our team does and then when it syncs down to the remote 
servers they can't figure out what they are supposed to change.

Any help with what that exploit is so that I can communicate it to the software 
manufacturer and find a solution would be greatly appreciated.

Brian Gawith 



___
clamav-users mailing list
mailto:clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] DWFx files tagged as Xml.Exploit.CVE_2018_4975-6545149-0

2018-06-21 Thread Alain Zidouemba 
We actually got another FP report for the signature
Xml.Exploit.CVE_2018_4975-6545149-0 triggering on AutoCAD DWFx files. We
dropped Xml.Exploit.CVE_2018_4975-6545149-0 from the signature set earlier
today pending further investigation on how the signature could be
re-written to avoid FPs on these DWFx files.

- Alain

On Thu, Jun 21, 2018 at 12:27 PM, Brian Gawith  wrote:

> We use a replication platform that has ClamAV baked in so can't really use
> the standard whitelist procedures, or at least not that I am aware of.
> Anyway we are getting a bunch of our AutoCAD DWFx files that are being
> tagged for the virus Xml.Exploit.CVE_2018_4975-6545149-0. I can't figure
> out exactly what the exploit is and what it does. If I can point to what
> exactly the exploit is I can go to Autodesk and see if they have a hotfix
> for the problem. Otherwise we are stuck. The real problem seems to be that
> once the file is tagged it strips out the redlines our team does and then
> when it syncs down to the remote servers they can't figure out what they
> are supposed to change.
>
> Any help with what that exploit is so that I can communicate it to the
> software manufacturer and find a solution would be greatly appreciated.
>
> Brian Gawith
>
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] I thought this was fixed...

2018-06-21 Thread Eric Tykwinski 
> Looks like Eric is running a build from the development branch (dev/0.101) 
> from GitHub (not a beta, but ... a work in progress towards the next 
> version).  

Micah, that's correct.  I was just testing things out on Bash for Windows, and 
it's working good so far.

> Freshclam doesn't actually parse the version string to see if your version 
> number less than the current version, it just checks if it's different.  For 
> both old versions and unreleased versions, you'll get that warning. 

Remember this occurring during testing for the jump to 0.100 and I thought they 
changed the logic, but like I said it's not really important...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] I thought this was fixed...

2018-06-21 Thread Micah Snyder (micasnyd) 
Looks like Eric is running a build from the development branch (dev/0.101) from 
GitHub (not a beta, but ... a work in progress towards the next version).

Freshclam doesn't actually parse the version string to see if your version 
number less than the current version, it just checks if it's different.  For 
both old versions and unreleased versions, you'll get that warning.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jun 21, 2018, at 10:29 AM, Thomas McCourt (tmccourt) 
mailto:tmcco...@cisco.com>> wrote:

Hello,

Yes, it is going to. Because it’s beta and not an “official version”
Once you upgrade to the official version, that should disappear.


Thank you,




Tom McCourt | Talos: Open Source Team| 
tmcco...@cisco.com




From: clamav-users 
mailto:clamav-users-boun...@lists.clamav.net>>
 on behalf of Eric Tykwinski 
mailto:eric-l...@truenet.com>>
Reply-To: ClamAV users ML 
mailto:clamav-users@lists.clamav.net>>
Date: Thursday, June 21, 2018 at 10:02 AM
To: 'ClamAV users ML' 
mailto:clamav-users@lists.clamav.net>>
Subject: [clamav-users] I thought this was fixed...

Not a big deal, but the version check is still throwing version errors on beta:
Thu Jun 21 09:59:51 2018 -> ClamAV update process started at Thu Jun 21 
09:59:51 2018
Thu Jun 21 09:59:51 2018 -> ^Your ClamAV installation is OUTDATED!
Thu Jun 21 09:59:51 2018 -> ^Local version: 0.101.0 Recommended version: 0.100.0
Thu Jun 21 09:59:51 2018 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] DWFx files tagged as Xml.Exploit.CVE_2018_4975-6545149-0

2018-06-21 Thread Brian Gawith 
We use a replication platform that has ClamAV baked in so can't really use the 
standard whitelist procedures, or at least not that I am aware of. Anyway we 
are getting a bunch of our AutoCAD DWFx files that are being tagged for the 
virus Xml.Exploit.CVE_2018_4975-6545149-0. I can't figure out exactly what the 
exploit is and what it does. If I can point to what exactly the exploit is I 
can go to Autodesk and see if they have a hotfix for the problem. Otherwise we 
are stuck. The real problem seems to be that once the file is tagged it strips 
out the redlines our team does and then when it syncs down to the remote 
servers they can't figure out what they are supposed to change.

Any help with what that exploit is so that I can communicate it to the software 
manufacturer and find a solution would be greatly appreciated.

Brian Gawith 



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Andrew McGlashan 


On 21/06/18 23:29, Gene Heskett wrote:
> What I'd like to see is a good description of SPF.  All these acronyms 
> get thrown around, usually with no references as to why its even needed 
> or how to implement it. Does it help control the neighborhood feral cat 
> problem or what?

If email is setup for a domain name (that you are responsible for), you
can and should specify which servers are allowed to send email for that
domain name.  If any servers (or any other Internet connected device)
sends emails for your domain name and they are not in your authorized
list, then those emails should be rejected.

However, if you open up your SPF record to more widely accept other
possible senders, then the bad guys have an opportunity to impersonate
you more easily and you also risk getting a great deal more backscatter.

If you have strong rules and you know exactly what you are doing, you
can do tests to help make sure you got it right, then beyond the tests
or testing period you are best to provide a hard fail response so that
if any non-authorized sender tries to send email for your domain name,
they /should/ be stopped.

Well setup mail servers should check all incoming email against your
published SPF records (published in DNS) and if your rules allow them to
reject emails due to a non-authorized sender being deteected, then they
really should reject the emails; if they do not honour your rules, then
it can lead to unnecessary backscatter and potential for emails /from/
your domain name being sent fraudulently (ie not sent from an authorized
server).

Having weak rules that don't fully enforce the exact list of authorized
senders can greatly lessen the value of SPF and make your rules next to
useless -- especially if they do not do a hard fail.

Now, relying on the settings (or rules) of other service providers gives
an opportunity for someone else to ruin your rule set if they make a
mistake -- the way this is done is to "include" someone else's rules
without you being able to adjust them as required; you are therefore
relying on them to get it right.  As I've said before, I run scripts to
determine if an "upstream" or otherwise would be included entry has
changed in any way, then I vet the changed rules to make sure they are
valid (as best I can determine) and build my own rules based on the data
from upstream and I do not allow the include to be active, which would
allow someone else to break my rules beyond my control.

There is another consideration with SPF that is very important, it is
that there is a limited number of DNS lookups, if you do an include and
they in turn do an include (and this could really expand out), then you
will possibly hit the 10 maximum DNS lookups available before the SPF
check will fail.  This is bad.  The less DNS lookups you need to do, the
better -- you can avoid DNS lookups by using known fixed IP addresses in
your rules in place of a DNS name.

The other major problem with many people using SPF is that they have
more than one rule returned when their SPF record is queried.  This is
also invalid -- SPF *must* return a single entry (which may have
includes), if there are two or more SPF results returned, then you have
a problem and the tester of your rules should fail to provide you a
positive result.

If the possible sending servers are very dynamic, then it can be more
difficult to get a suitable static SPF rule set.  But more often than
not, the rule set can be very stable -- so, if you construct it
carefully and purposely, then there is every chance you can provide a
long standing answer that is very definitive and if it is obeyed, then
it should be very hard for someone else to successfully send fraudulent
emails for your domain name (provided all receiving mail servers check
and make sure the rules are followed correctly).

If your ISP or some other service provider is sending emails on your
behalf, they /may/ also be responsible for the appropriate DNS records
for your SPF.

My own take is this, I run my own DNS servers, my own mail and web
servers; I also run my own "cloud" servers (Nextcloud).  I do not
believe in delegating these responsibilities to third parties and paying
them for the privilege.  Many service providers themselves may not know
what they are doing, so they too often err on the side of caution and
often leave your SPF records open to abuse by having test or soft fail
settings.  Of course having either test or soft fail settings will
lessen the risk that your emails won't be delivered correctly, at the
very real risk that it opens up your domain name for abuse.

So, take responsibility if you have a domain name that your are
responsible for with email facility and make sure that your SPF records
are as exact and precise as possible to lessen the opportunity for
someone else to abuse your domain name which can lead to damage to your
domain name's reputation and consequently yourself as being the person
responsible for the domain name's usage.

Kind

Re: [clamav-users] I thought this was fixed...

2018-06-21 Thread Thomas McCourt (tmccourt) 
Hello,

Yes, it is going to. Because it’s beta and not an “official version”
Once you upgrade to the official version, that should disappear.


Thank you,




Tom McCourt | Talos: Open Source Team| 
tmcco...@cisco.com




From: clamav-users  on behalf of Eric 
Tykwinski 
Reply-To: ClamAV users ML 
Date: Thursday, June 21, 2018 at 10:02 AM
To: 'ClamAV users ML' 
Subject: [clamav-users] I thought this was fixed...

Not a big deal, but the version check is still throwing version errors on beta:
Thu Jun 21 09:59:51 2018 -> ClamAV update process started at Thu Jun 21 
09:59:51 2018
Thu Jun 21 09:59:51 2018 -> ^Your ClamAV installation is OUTDATED!
Thu Jun 21 09:59:51 2018 -> ^Local version: 0.101.0 Recommended version: 0.100.0
Thu Jun 21 09:59:51 2018 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Gene Heskett 
On Thursday 21 June 2018 09:33:31 Reindl Harald wrote:

> Am 21.06.2018 um 15:29 schrieb Gene Heskett:
> > On Thursday 21 June 2018 06:54:43 Andrew McGlashan wrote:
> >> On 21/06/18 17:54, Tilman Schmidt wrote:
> >>> Am 20.06.2018 um 19:14 schrieb Andrew McGlashan:
>  This is an opportunity to fix things, such an opportunity should
>  not lost, especially if it helps more people to understand the
>  problems with having too liberal SPF rules (defeating the purpose
>  of SPF).
> >>>
> >>> I disagree. The purpose of clamav-users is to discuss ClamAV
> >>> issues, not to educate people on SPF, so the primary objective of
> >>> fixing the SPF record should be reliable delivery, not educational
> >>> value.
> >>
> >> Normally, I would agree with you, but unfortunately, SPF has been a
> >> thing for far too long to have so many still outstanding issues;
> >> which can only mean that those whom need to know are not looking in
> >> the usual places, or they are just plain ignorant.  Or perhaps they
> >> aren't looking anyware useful and can't see any need to do so
> >> so, the community (including this one) has a role to help improve
> >> awareness of these problems for the good of the entire community
> >> and to lessen ongoing SPF abuses.
> >
> > What I'd like to see is a good description of SPF.  All these
> > acronyms get thrown around, usually with no references as to why its
> > even needed or how to implement it. Does it help control the
> > neighborhood feral cat problem or what?
>
> what more than https://en.wikipedia.org/wiki/Sender_Policy_Framework
> do you need?

That about covers it, and seems to indicate that there are some scoring 
rules in Spamassassin as I use it on all incoming mail from shentels 
pop3 port that could be turned up, way up. Fetchmail to procmail and 
procmail does ALL that checking.

But what about what I send?  Other than my password to access shentels 
mail server, I don't think they retain anything else so they could even 
properly set that stuff up, and my local domain is not known beyound my 
dd-wrt reflashed router. And from the wording of the rfc's, I doubt if I 
should try to set kmail 1.9.10 up to do it. I use TDE, r14.0.4 here. You 
could look at the headers of this message to see if its proper.

> it helps you to score messages or even whitelist them without
> whitelist a forged sender (SpamAssassin: whitelist_auth)

Thanks.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] I thought this was fixed...

2018-06-21 Thread Eric Tykwinski 
Not a big deal, but the version check is still throwing version errors on
beta:

Thu Jun 21 09:59:51 2018 -> ClamAV update process started at Thu Jun 21
09:59:51 2018

Thu Jun 21 09:59:51 2018 -> ^Your ClamAV installation is OUTDATED!

Thu Jun 21 09:59:51 2018 -> ^Local version: 0.101.0 Recommended version:
0.100.0

Thu Jun 21 09:59:51 2018 -> DON'T PANIC! Read
https://www.clamav.net/documents/upgrading-clamav

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Gene Heskett 
On Thursday 21 June 2018 06:54:43 Andrew McGlashan wrote:

> On 21/06/18 17:54, Tilman Schmidt wrote:
> > Am 20.06.2018 um 19:14 schrieb Andrew McGlashan:
> >> This is an opportunity to fix things, such an opportunity should
> >> not lost, especially if it helps more people to understand the
> >> problems with having too liberal SPF rules (defeating the purpose
> >> of SPF).
> >
> > I disagree. The purpose of clamav-users is to discuss ClamAV issues,
> > not to educate people on SPF, so the primary objective of fixing the
> > SPF record should be reliable delivery, not educational value.
>
> Normally, I would agree with you, but unfortunately, SPF has been a
> thing for far too long to have so many still outstanding issues; which
> can only mean that those whom need to know are not looking in the
> usual places, or they are just plain ignorant.  Or perhaps they aren't
> looking anyware useful and can't see any need to do so so, the
> community (including this one) has a role to help improve awareness of
> these problems for the good of the entire community and to lessen
> ongoing SPF abuses.
>
What I'd like to see is a good description of SPF.  All these acronyms 
get thrown around, usually with no references as to why its even needed 
or how to implement it. Does it help control the neighborhood feral cat 
problem or what?

> Kind Regards
> A.
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV website FP form

2018-06-21 Thread Paul Stead 
https://www.clamav.net/reports/fp - ignore me


From: Paul Stead 
Date: Thursday, 21 June 2018 at 14:09
To: ClamAV users 
Subject: ClamAV website FP form

Hi guys,

Is there a https version of the FP form that we can use?


Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk


Winner of 'Services Company of the Year' at the UK IT Industry Awards


This message is private and confidential. If you have received this message in 
error, please notify us and remove it from your system.


Zen Internet Limited may monitor email traffic data to manage billing, to 
handle customer enquiries and for the prevention and detection of fraud. We may 
also monitor the content of emails sent to and/or from Zen Internet Limited for 
the purposes of security, staff training and to monitor quality of service.

Zen Internet Limited is registered in England and Wales, Sandbrook Park, 
Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV website FP form

2018-06-21 Thread Paul Stead 
Hi guys,

Is there a https version of the FP form that we can use?


Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk


Winner of 'Services Company of the Year' at the UK IT Industry Awards


This message is private and confidential. If you have received this message in 
error, please notify us and remove it from your system.


Zen Internet Limited may monitor email traffic data to manage billing, to 
handle customer enquiries and for the prevention and detection of fraud. We may 
also monitor the content of emails sent to and/or from Zen Internet Limited for 
the purposes of security, staff training and to monitor quality of service.

Zen Internet Limited is registered in England and Wales, Sandbrook Park, 
Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Andrew McGlashan 



On 21/06/18 17:54, Tilman Schmidt wrote:
> Am 20.06.2018 um 19:14 schrieb Andrew McGlashan:
> 
>> This is an opportunity to fix things, such an opportunity should not
>> lost, especially if it helps more people to understand the problems with
>> having too liberal SPF rules (defeating the purpose of SPF).
> 
> I disagree. The purpose of clamav-users is to discuss ClamAV issues, not
> to educate people on SPF, so the primary objective of fixing the SPF
> record should be reliable delivery, not educational value.

Normally, I would agree with you, but unfortunately, SPF has been a
thing for far too long to have so many still outstanding issues; which
can only mean that those whom need to know are not looking in the usual
places, or they are just plain ignorant.  Or perhaps they aren't looking
anyware useful and can't see any need to do so so, the community
(including this one) has a role to help improve awareness of these
problems for the good of the entire community and to lessen ongoing SPF
abuses.

Kind Regards
A.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Joel Esler (jesler) 

> On Jun 21, 2018, at 3:54 AM, Tilman Schmidt  wrote:
> 
>> Am 20.06.2018 um 19:14 schrieb Andrew McGlashan:
>> 
>> This is an opportunity to fix things, such an opportunity should not
>> lost, especially if it helps more people to understand the problems with
>> having too liberal SPF rules (defeating the purpose of SPF).
> 
> I disagree. The purpose of clamav-users is to discuss ClamAV issues, not
> to educate people on SPF, so the primary objective of fixing the SPF
> record should be reliable delivery, not educational value.
> 

Generally I don’t mind if things get a little off topic, as long as its done in 
a civil manner and people aren’t yelling at each other.

But I do agree that it’s probably time to steer this back on course.  I am just 
returning from being out of the office for almost two weeks.  I’ll dig into 
this and see what’s up.

Sent from my iPad
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav list spf problem

2018-06-21 Thread Tilman Schmidt 
Am 20.06.2018 um 19:14 schrieb Andrew McGlashan:

> This is an opportunity to fix things, such an opportunity should not
> lost, especially if it helps more people to understand the problems with
> having too liberal SPF rules (defeating the purpose of SPF).

I disagree. The purpose of clamav-users is to discuss ClamAV issues, not
to educate people on SPF, so the primary objective of fixing the SPF
record should be reliable delivery, not educational value.

T.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml