Michael Sofka wrote:
On Friday 13 February 2004 04:44, Andrzej Marecki wrote:
I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
Do you think that what has been written in:
http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDD&i
d=74
...means my system is vulnerable to attacks
On 13 Feb 2004 at 10:18, Alain DESEINE wrote:
> I got a problem using CLAMAV and MIMEDefang when scanning zip files
> containing viruses ...
Are you using *_contains_virus_clamd() or *_contains_virus_clamav()
functions?
The daemonized scanner requires a local socket accessible to the
defang
I noticed in some situations you need to pause mimedefang on a restart, to
give the socket time to get cleared out.
Is their a way to test and see if the socket is correctly formed before
starting mimedefang?
Eg you have another switch on the restart switch that does not wait an
arbitrary amount o
Rob said:
> /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-4.txt: OK
> /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-5.zip: OK
>
> The ZIP file in question contains 3 files (a .ini, .dll and .txt). No
> sign
> of them being extracted.
>
Perhaps I really am not understan
Thanks for the succint answer.
and I apologize for implying you had a bug and not a feature in your code.
:)
I will go beat on the downstream maintainers about this.
David F. Skoll said:
>
> That was not a bug. It was an attempt to guard against malformed
> MIME like this:
> However, the old be
Hi,
I'm still having a problem with mimedefang's delete_recipient
not working with a mixed case recipient.
sendmail 8.12.10
mimedefang 2.38
Here's my sample spam delivered via telneting to my host:
helo myserver
mail from: [EMAIL PROTECTED]
rcpt to: <[EMAIL PROTECTED]>
data
Date: February 13,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of David F. Skoll
>
> Ah, I misunderstood.
>
> MIMEDefang does not extract zip files. Nor do I ever plan on
> adding that
> functionality. I have two reasons for taking this position:
That's a sha
On Fri, 13 Feb 2004, Rob wrote:
> /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-4.txt: OK
> /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-5.zip: OK
> The ZIP file in question contains 3 files (a .ini, .dll and .txt). No sign
> of them being extracted.
Ah, I misunders
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of David F. Skoll
>
> On Fri, 13 Feb 2004, Rob wrote:
>
> > However it would be nice if MD didn't make
> > any assumptions about the capability of any virus scanner
> and did the same
> > as AMAVIS d
On Friday 13 February 2004 04:44, Andrzej Marecki wrote:
> I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
> Do you think that what has been written in:
>
> http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDD&i
>d=74
>
> ...means my system is vulnerable to attacks via that h
Got it working.My bustI had the -r in mimedefang-multiplexor, not
mimedefang :)
> What you are trying to accomplish is rather opaque to me. Can you please
> specify?
I have a Secondary MX that will spool up mail in the event the primary goes
down. As you know, spammers will often try th
Geeze, and I once thought I was being "overly agressive" when I reduced my
vendor's sendmail default retry value from 1 hour to 5 minutes. LOL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
F. Skoll
Sent: Friday, February 13, 2004 12:14 PM
To: [EMAIL
Check your virus scanner wrt to this advisory located on :
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
Trend users :
Trend Interscan Viruswall (vscan) is said to be vulnerable.
Trend has developed a new build but it is not available on their
webserver - they're a
On Fri, 13 Feb 2004, Jon R. Kibler wrote:
> Yesterday a mailer went amok when trying to get a mail through to
> our server. It was tempfailed by the greylist as it should, but
> instead of waiting for awhile before trying again it retried 886 times
> in 10 minutes (after witch it was let though by
On Fri, 13 Feb 2004 [EMAIL PROTECTED] wrote:
> We had similar problems with an IBM x345 server -- we tried many things
> eventually updating to 2.4.23-pre7 and up fixed it.
>
> I updated the tg3 driver and stability improved a bit, I updated the ibm
> ServeRaid driver (ips module) level to 610
Jonas Eckerman wrote:
>
> Hello!
>
> I've been thinking about getting my filter to blacklist (for a month or so) mailers
> that can't take no for an answer, but yesterday something happened that made me
> wanna check with others first.
For exactly the reason below, you don't want to do that!
All,
I have attached a modified version of our mimedefang-filter.
Modifications to filter:
1. Added Greylisting
2. Added stream by domain
3. Added clamd virus scanning, dropping specific worm viruses
4. Added filtering of specific filenames
5. Added SALocalTestsOnly for SA rbl checks
6.
Hello!
I've been thinking about getting my filter to blacklist (for a month or so) mailers
that can't take no for an answer, but yesterday something happened that made me wanna
check with others first.
Yesterday a mailer went amok when trying to get a mail through to our server. It was
tempfai
- Original Message -
From: "Mike Smith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 12, 2004 9:02 PM
Subject: RE: [Mimedefang] filter_relay not working?
> I'm running this on MD 2.39.
>
> sub filter_relay {
> my ($ip, $name, $helo) = @_;
> action_add_heade
On Thu, 12 Feb 2004, Kevin A. McGrail wrote:
>
> > Yesterday 50K. (grep 'stat=Sent' /var/log/syslog.01 | wc). More actually
> > come in, of course..
>
> I would need a total volume to comment.
>
> You have to limit your sendmail process. Figure that otherwise a DoS could
> take down your box
Hi,
I got a problem using CLAMAV and MIMEDefang when scanning zip files
containing viruses ...
When i send a virus file in an email MIMEDefang/CLAMAV intercept it well,
but when i send the same virus in an archive file (ZIP file)
MIMEDefang/CLAMAV don't intercept it ! I've tried to save the arc
On Fri, 13 Feb 2004, Rob wrote:
> However it would be nice if MD didn't make
> any assumptions about the capability of any virus scanner and did the same
> as AMAVIS does - extract and decode the email so that the virus scanner
> software has as little to do as possible.
MIMEDefang does exactly t
On Fri, 13 Feb 2004, Steffen Kaiser wrote:
> Would it be possible to parse and re-create MIME sub headers, in order to
> place, at least, double quotes around the name?
action_rebuild() does that. But because of limitations in Milter, it will
only change internal MIME headers, not the main heade
On Fri, 2004-02-13 at 07:03, Steven Rocha wrote:
> I have modified Jonas' code to work on my Redhat servers if anyone is
> interested. I had to make minor changes to the database locking
> mechanism.
>
> Let me know and I will post the code.
>
> Steven Rocha
Yes please.
--
Dream BIG dreams! O
On Fri, 2004-02-13 at 06:03, Steven Rocha wrote:
> I have modified Jonas' code to work on my Redhat servers if anyone is
> interested. I had to make minor changes to the database locking
> mechanism.
>
> Let me know and I will post the code.
Yes, please post the Redhat version.
---
Les Mikese
I have modified Jonas' code to work on my Redhat servers if anyone is
interested. I had to make minor changes to the database locking
mechanism.
Let me know and I will post the code.
Steven Rocha
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonas
Ec
I'm using MD+SA+Sophie+Sophos (SAVI libs + .ide).
Do you think that what has been written in:
http://www.securitynewsportal.com/cgi-bin/securitynews.cgi?database=JanDD&id=74
...means my system is vulnerable to attacks via that hole?
AM
--
---
Hi Ron
We had similar problems with an IBM x345 server -- we tried many things
eventually updating to 2.4.23-pre7 and up fixed it.
I updated the tg3 driver and stability improved a bit, I updated the ibm
ServeRaid driver (ips module) level to 610 and stability improved a bit,
disabled hyperthr
On Thu, 12 Feb 2004, David F. Skoll wrote:
> That was not a bug. It was an attempt to guard against malformed
> MIME like this:
>
> Content-Type: appliaction/octet-stream; name=foobar.exe .txt
>
> vs.
>
> Content-Type: appliaction/octet-stream; name=foobar.txt .exe
> However, the old behavior w
29 matches
Mail list logo