Re: [Mimedefang] [Bug 5225] New: non-standard base64 encoding evades some scanners (fwd)

Kenneth Porter wrote: > I just saw this on the SA-devel list. Note that ClamAV 0.88.6 is listed > as vulnerable. However, it is *not* vulnerable if you use the standard MIMEDefang ClamAV integration functions. MIMEDefang passes virus scanners both the raw MIME message and all the parts as decode

[Mimedefang] [Bug 5225] New: non-standard base64 encoding evades some scanners (fwd)

I just saw this on the SA-devel list. Note that ClamAV 0.88.6 is listed as vulnerable. Forwarded Message Date: Thursday, December 07, 2006 7:01 AM -0800 From: [EMAIL PROTECTED] To: dev@spamassassin.apache.org S

Re: [Mimedefang] sa-update

John Rudd wrote: Does the base sa-update contain any of the RDJ rules? I seem to recall that there was noise about making the less-controversial RDJ rules available via an sa-update channel... I was thinking about incorporating that, as well. No, you have to configure it to retrieve the SARE

[Mimedefang] Botnet 0.6 plugin for Spam Assassin availabile

(I had a bout of insomnia last night, and got more done than I had pre-announced yesterday...) The next version of the Botnet plugin for Spam Assassin is ready. The install instructions are in the Botnet.txt file, and in the INSTALL file. For those who don't know what Botnet is, it's a plugin

Re: [Mimedefang] Repost & Update: ufs filesystem problems again!?

Hi, Any ideas? Any advice? Did I mention I'm desperate? Anyone need someone to hang out with when they come to Vegas?:) Is it possible that you're calling something external in your mimedefang-filter config ? I had the same/similar results calling an external c binary when trying to st

[Mimedefang] Repost & Update: ufs filesystem problems again!?

I've been rifling through my logfiles like a madman and my filter trying to figure out what's going on with this and I've exhausted everything I can think of. So far: 1. I verified perms on /var/spool/MIMEDefang. Owner and group are defined as defang with 700 permissions on the directory. 2. I

RE: [Mimedefang] Re: spamassassin config files - I'm confused

Thanks Scott, that explains it. Mark I should RTFRN. > > If you are running the latest spamassassin (3.1.7) it no longer does > network > tests during a lint. > ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is

Re: [Mimedefang] $RelayHostname not matchingsendmail's Receivedheader?

On Thu, Dec 07, 2006 at 03:16:53AM -0800, John Rudd wrote: > >If either the HELO or > >the envelope sender domain points back at the sending IP, it is > >also allowed. Unless, of course, either of those are generic rDNS > >or [] bracketed IP constructs. > > If you can make the second part work (se

Re: [Mimedefang] sa-update

> Does the base sa-update contain any of the RDJ rules? I seem to recall > that there was noise about making the less-controversial RDJ rules > available via an sa-update channel... I was thinking about incorporating > that, as well. There is certainly some cross-over, such as the anti-drug s

Re: [Mimedefang] sa-update

On Thu, Dec 07, 2006 at 10:11:41AM +, Paul Murphy wrote: > >I'm about to start down the path of learning sa-update and using it with > >MIMEDefang. Does anyone have any special tips, warnings, or even > >how-to's, for how to use it with MIMEDefang? [...] > > The new rules will be in /var/li

Re: [Mimedefang] sa-update

Paul Murphy wrote: John, I'm about to start down the path of learning sa-update and using it with MIMEDefang. Does anyone have any special tips, warnings, or even how-to's, for how to use it with MIMEDefang? Ensure that either you are using a version of SpamAssassin greater than 3.1.4, or

Re: [Mimedefang] sa-update

John Rudd <[EMAIL PROTECTED]> writes: > I'm about to start down the path of learning sa-update and using it > with MIMEDefang. Does anyone have any special tips, warnings, or even > how-to's, for how to use it with MIMEDefang? run /etc/init.d/defang reload (or the equivalent on your system) afte

Re: [Mimedefang] $RelayHostname not matchingsendmail's Receivedheader?

Jan-Pieter Cornet wrote: On Wed, Dec 06, 2006 at 11:32:57AM -0800, John Rudd wrote: If either the HELO or the envelope sender domain points back at the sending IP, it is also allowed. Unless, of course, either of those are generic rDNS or [] bracketed IP constructs. If you can make the sec

Re: [Mimedefang] sa-update

John, >I'm about to start down the path of learning sa-update and using it with >MIMEDefang. Does anyone have any special tips, warnings, or even >how-to's, for how to use it with MIMEDefang? Ensure that either you are using a version of SpamAssassin greater than 3.1.4, or you have applied th

Re: [Mimedefang] $RelayHostname not matchingsendmail's Receivedheader?

On Wed, Dec 06, 2006 at 11:32:57AM -0800, John Rudd wrote: > Botnet looks to verify that: > > a) the relay has a PTR record at all > b) optional: the hostname in the PTR record resolves, and resolves back > to the IP address that you're talking to > c) the hostname doesn't contain 2 or more octet

[Mimedefang] sa-update

I'm about to start down the path of learning sa-update and using it with MIMEDefang. Does anyone have any special tips, warnings, or even how-to's, for how to use it with MIMEDefang? ___ NOTE: If there is a disclaimer or other legal boilerplate in