>But still they get through!
I've found it (a supid mistake) - but I have to work this weekend - this
will be fixed until monday!
Thomas
James Brown
06.06.2009 07:33
Bitte antworten an
ASSP development mailing list
An
ASSP development mailing list
Kopie
Thema
Re: [Assp-test] Antwort:
On 06/06/2009, at 2:16 PM, Thomas Eckardt/eck wrote:
> James your regex is wrong and does not work (score 45 -> should be
> score
> 45 * 2.6 = 117)
>
> ~Phishing\.~=>4.6~Email.Spam\d{1,4}-SecuriteInfo~=>4.1~(Email|HTML|
> Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)
> \.~=>4.6~Sanesecur
>I just noticed there is only one asterisk on this. Does this mean it
longer accepts weights?
>The default is weighted however.
(**) belongs to weighted regular expressions. 'RBL Service Providers' is
not a regular expression - it is a simple list with a '|' separator!
Thomas
"Steve Tho
James your regex is wrong and does not work (score 45 -> should be score
45 * 2.6 = 117)
~Phishing\.~=>4.6~Email.Spam\d{1,4}-SecuriteInfo~=>4.1~(Email|HTML|
Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)
\.~=>4.6~Sanesecurity\.(Hdr|Img|ImgO|Junk|Doc|Casino)
\.~=>6.1~Sanesecurity\.(Lott|F
>Does the '~' need to be used with all of the weighted fields that are
noted with **?
Only for weighted regexes. For example:
\borgasm\b
\berections\b
~\bViagra\b~=>100
\bbig dick\b
~\bsperma\b~=>101
~\bSexual\b~=>80
Thomas
"Steve Thompson"
06.06.2009 05:33
Bitte antworten an
ASSP develop
>It's quite hard to read all in one string. Perhaps use a file
>interface like other sections where you can have lots of items in a
>list.
It is possible to usefile:files/yourfilename like in any other regex
base config like bombRe
Thomas
James Brown
06.06.2009 04:31
Bitte antworten
> > . The character '~' has to be never used inside a weighted regular
> > expression. The multiplication result of the weight and the
> penaltybox
> > valence value will be used for scoring, if the absolute value of
> > weight is less or equal 6. Otherwise the value of weight is
> used for
>
On 06/06/2009, at 1:59 AM, Thomas Eckardt/eck wrote:
> The name of the virus is
>
> 'Sanesecurity.Jurlbl.Auto.16581.UNOFFICIAL'
>
> but there is no matching regex
>
> Sanesecurity\.Jurlbl\.Auto\.x=>1.6
> Sanesecurity\.Jurlbl\.x=>2.6
>
> the trailing 'x' will the regex prevent from matching
> (a t
ASSP development mailing list
schreibt:
>It's quite hard to read all in one string. Perhaps use a file
>interface like other sections where you can have lots of items in a
>list.
You can use a file with all "**" marked fields.
---
On 06/06/2009, at 1:59 AM, Thomas Eckardt/eck wrote:
> The name of the virus is
>
> 'Sanesecurity.Jurlbl.Auto.16581.UNOFFICIAL'
>
> but there is no matching regex
>
> Sanesecurity\.Jurlbl\.Auto\.x=>1.6
> Sanesecurity\.Jurlbl\.x=>2.6
>
> the trailing 'x' will the regex prevent from matching
> (a t
I just noticed there is only one asterisk on this. Does this mean it longer
accepts weights?
The default is weighted however.
--
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to depl
>
> Having looked through th ASSP logs, I tend to agree, I had
> been running 1.5.1.3(0.1.12) for 2 days with no problems.Ran
> (0.2.02)for a day no problems changed to (0.2.05) this
> morning "ClamAV Down - ClamAVup" started within a hour.
>
> Peter
I hope I am not speaking too soon, but
>
> At 6:28 PM +0200 6/5/09, GrayHat wrote:
> > >> Just happened again
> >
> >> I have disabled ClamAV for now in ASSP and all is well.
> >
> >> In addition to becoming unresponsive, any attachment that would happen
> >to
> >> get through while ClamAV is running within ASSP, the file is damage
1.5.1.3(0.2.07) when run gives version no. 1.5.1.3(0.1.03)
Peter Ingham
>
> Starting with
> ASSP 2.0.1 (subversion 2.0.1_RC 0.2.08) and ASSP 1.5.1.3 (subversion
> 0.2.07)
>
> Fields marked with an additional asterisk (**) accept a second weight
> value. Every weighted regex has to begin and end
At 6:28 PM +0200 6/5/09, GrayHat wrote:
> >> Just happened again
>
>> I have disabled ClamAV for now in ASSP and all is well.
>
>> In addition to becoming unresponsive, any attachment that would happen
>to
>> get through while ClamAV is running within ASSP, the file is damaged
>and
>> cannot b
Starting with
ASSP 2.0.1 (subversion 2.0.1_RC 0.2.08) and ASSP 1.5.1.3 (subversion
0.2.07)
Fields marked with an additional asterisk (**) accept a second weight
value. Every weighted regex has to begin and end with a '~' followed
by '=>' and the weight value. For example:
~Phishing\.~=>1.45|~Heu
>
> The only argument I have against this, is that I use ClamSup to
> download the sigs and it does an integrity check of the files and
> if the check fails, it does not copy the files to the data
> directory. So, the only sigs that are in the directory are ones
> that have passed its integri
>
> clamd runs normally; at a given point the extra-sigs update
> script starts and download the signatures but, for a reason
> or another one of the signature files is corrupted... and the
> script doesn't notice that... and copies the new files to the
> clamav data folder
The only argument
>
> that's why I suggested to set up things "plain vanilla" and
> to also have a look at the clamd log; the latter may show
> which signature file (if any) caused the crash and could help
> fixing the issue (and it may also be useful to file a bug to
> the signature mantainer)
>
Had "plain
> If so, could you please try removing the additional signatures from the
> ClamAV folder (and temporarily disabling the additional signatures
> update script - if any) and then restarting ClamD and re-enabling the
> ClamAV scan in ASSP ?
Done
> Also, and since you're at it, it would be a good id
> Also, and since you're at it, it would be a good idea having a look at
> the clamd log file and especially looking at error/stop messages
just to be clear; here's what I suspect (and observed sometimes)
clamd runs normally; at a given point the extra-sigs update script
starts and download the s
> are you using additional signatures (e.g. sanesecurity and so on) ?
Also yes
Peter Ingham
Disclaimer: The information in this e-mail is confidential and may be legally
privileged. Its contents including any file attachments are intended for the
above named addressee(s) only. If you are
>
> are you using additional signatures (e.g. sanesecurity and so on) ?
Yes
>
> If so, could you please try removing the additional
> signatures from the ClamAV folder (and temporarily disabling
> the additional signatures update script - if any) and then
> restarting ClamD and re-enablin
>> Just happened again
> I have disabled ClamAV for now in ASSP and all is well.
> In addition to becoming unresponsive, any attachment that would happen
to
> get through while ClamAV is running within ASSP, the file is damaged
and
> cannot be opened. This was not an issue before yesterday. I h
> Just happened here as well
>
Phew! Thought I was the only one! Makes me feel better.
--
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that
Just happened here as well
c:/assp/notspam/8119.eml;
Jun-5-09 16:32:41 Admin connection from 192.168.0.200:2374; page:/infostats
Jun-5-09 16:32:46 ClamAv Down
Jun-5-09 16:32:46 ClamAv Up
Jun-5-09 16:32:50 ClamAv Down
Jun-5-09 16:32:50 ClamAv Up
Jun-5-09 16:32:50 ClamAv Down
Jun-5-
>
>
> >
> > ClamD is eating up all the processor and then ASSP becomes
> > unresponsive, my watchdog restarts ASSP because telnet to port 25
> > fails, and everything is fine until it happens again.
> >
> >
>
> Just happened again
I have disabled ClamAV for now in ASSP and all is well.
The name of the virus is
'Sanesecurity.Jurlbl.Auto.16581.UNOFFICIAL'
but there is no matching regex
Sanesecurity\.Jurlbl\.Auto\.x=>1.6
Sanesecurity\.Jurlbl\.x=>2.6
the trailing 'x' will the regex prevent from matching
(a trailing 'i' is in
(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam
>
> ClamD is eating up all the processor and then ASSP becomes
> unresponsive, my watchdog restarts ASSP because telnet to
> port 25 fails, and everything is fine until it happens again.
>
>
Just happened again
--
Just noticed this today, but I am sure it has been happening over the past
couple of days. I had noticed the server running slowly, but didn't pay too
much attention to it because I was swamped with other work. I will monitor it
a little more closely from now on.
Jun-5-09 10:02:52 Connecte
Thomas,
I tried:
Phishing\.=>4.6|Email.Spam\d{1,4}-SecuriteInfo=>4.1|(Email|HTML|
Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.i=>4.6|
Sanesecurity\.(Hdr|Img|ImgO|Junk|Doc|Casino)\.x=>6.1|Sanesecurity\.
(Lott|Fake|SpamImg|Job|Stk)\.x=>6.1|Sanesecurity\.(Loan|Porn|Bou|Dipl|
Cred)\.x=>
>Is anyone running 2.x w/ modules compiled for multiple cpu¹s and if so,
is
>it working ok?
Which modules you've compiled this way - for which OS?
I think compiling the XS-code of a module with the -j switch should work,
if your perl-core is compiled with the -j switch.
I've never compiled perl
I'm running 2.x on ActiveState 5.10 which says:
v5.10.0 built for MSWin32-x86-multi-thread
We're running on a dual-core CPU, and ASSP, when under load, loads
both CPUs pretty well equally. I don't know if that's what you're
looking for or not.
At 07:36 AM 6/5/2009, Paul K. Dickson wrote:
>Is
Is anyone running 2.x w/ modules compiled for multiple cpu¹s and if so, is
it working ok?
Paul K. Dickson
Systems Administrator
Frederick County Government, IIT
pdick...@fredco-md.net
301-600-2399/x12399
--
OpenSolaris
> Can somebody here point out how to set up an iMail server not to send
> to the internet but to ASSP.
Looking at this page (see the "Gateway Options" paragraph)
http://docs.ipswitch.com/_Messaging/IMailServer/v10.02/Help/Admin/services_imail_smtp_settings.htm
it sounds like one will need to con
35 matches
Mail list logo
