We're getting a lot of trojan executables in 7Z archives lately. Like
this one:
https://www.virustotal.com/pl/file/8f766ccb4821488c8b34abda0d472e627dba6f1d261073852e079c66313a9f11/analysis/
I've added a code to my mimedefang-filter based on
suggested-minimum-filter-for-windows-clients in filter
On 2015-04-28 16:10, Dianne Skoll wrote:
However, you're right... MIMEDefang is not picking up the attachment
name. I will look into it.
Actually, I'm wrong... in CanIt, we do pick up the attachment name
by using $entity->head->recommended_filename. I have no idea
why it's not working for yo
On 2015-04-28 16:06, Kevin A. McGrail wrote:
Anyway, I made a SpamAssassin rule to block these [SecureMessage.chm].
I think this resolution is unsustainable - this technique might get
popular fast if this proves to foul filters.
(...) MD is open-source and the enemy is the bastard spammers/m
On 2015-04-28 15:13, Dianne Skoll wrote:
I've just received a trojan/exploit attachment with CHM extension,
which should be filtered by MIMEdefang but wasn't.
Well, it surely depends on your filter?
My filter is depending on "re_match" function provided by MIMEdefang.
Also suggested-minimum-
I've just received a trojan/exploit attachment with CHM extension, which
should be filtered by MIMEdefang but wasn't.
This attachment was send in a MIME part with broken header:
Content-Type: ;
name="SecureMessage.chm"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
name="Se
On 2014-09-10 16:29, David F. Skoll wrote:
Sep 10 10:28:04 vanadium sm-mta[2670]: s8AEQtDU002670:
d...@hydrogen.roaringpenguin.com [192.168.10.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
I've recently configured fail2ban on my CentOS5 server with blocking
based solely o
On 2011-06-20 19:35, David F. Skoll wrote:
I've released MIMEDefang 2.72-BETA-2
I've a configure.in bug to report, which was also present in older
versions. In pure 64 bit Linux environment libmilter.a is in /usr/lib64/
directory, but configure only searches for /usr/lib/, so it fails with
On Fri, 24 Nov 2006, Kees Theunissen wrote:
> >There is a small problem with this approach - Bayes database do not
> >learn phrases and words used in e-mail sent by your own users.
>
> Is that a problem if you don't scan these messages anyway?
You scan replies. And your friends / customers do us
On Wed, 22 Nov 2006, Philip Prindeville wrote:
> if (
> $Features{"SpamAssassin"}
> && $SendmailMacros{'daemon_name'} ne 'TLSMTA'
> )
I use:
if (
$Features{"SpamAssassin"}
&& (!defined($SendmailMacros{'auth_type'}))
&& ($RelayAddr ne "127.0.0.1")
)
This 'auth
On Sun, 05 Nov 2006, David F. Skoll wrote:
> SPF breaks forwarding, which is very annoying.
It does not if it is set to use forwarded address in envelope. I'm
doing forwarding in procmail. This is a fragment of my script:
#
VACATION_PRIMARY
RPM version of MIMEdefang
mimedefang-2.57-4.fc5.*.rpm
showed in Fedora Extras 5 repository. This means that it will be
automatically updated by nightly yum update if mimedefang was
installed from RPM.
This version does not have any antivirus functionality compiled in.
So this may make your
On Tue, 23 May 2006, Paul Murphy wrote:
> > May 22 15:46:24 statek sendmail[14281]: k4MDkN1J014281:
> > from=<>, size=3019, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> > relay=smtp11.wanadoo.fr [193.252.22.31]
> > May 22 15:46:24 statek sendmail[14281]: k4MDkN1J014281:
> > <[EMAIL PR
I've got two mimedefang 2.56 processes hanged in endless loop (in
running state). I'll have to kill this processes but I want to send
you information I'm able to gather about them in case it can be
useful for finding a bug.
A command "strace -p [PID]" of processes shows endless stream of
s
On Wed, 29 Mar 2006, Richard Laager wrote:
> On Wed, 2006-03-29 at 10:19 +0530, R.Linga Reddy wrote:
> > I am new to MIMEDEFANG, I am planing to install on FEDORA CORE 3 or
> > CORE 4, will it support, and is there any problem,
>
> It'll work fine. I run it on Fedora Core 4.
It will work but I
On Tue, 21 Mar 2006, Damrose, Mark wrote:
> > I think the From line needs a little bit more info. I ran
> > into problems with a Mailman archive when I fed it to
> > Dovecot, my IMAP server, because it didn't like the
> > abbreviated From line. It thought the whole file was one big
> > message
On Fri, 03 Mar 2006, Tomasz Ostrowski wrote:
> I'm going to send a feature request to
> <[EMAIL PROTECTED]>.
- Forwarded message -----
From: Tomasz Ostrowski <[EMAIL PROTECTED]>
Subject: RFE: Tempfail "data" when at least one "rcpt to" tempfai
On Wed, 01 Mar 2006, David F. Skoll wrote:
> Sendmail has every reason to assume that if an SMTP client has a
> broken implementation of the state machine on one message attempt,
> it probably will break on every attempt, so why tempfail?
This assumption would be wrong. This could be true if ther
On Wed, 01 Mar 2006, David F. Skoll wrote:
> > This could be avoided if sendmail would tempfail "data" requests if
> > any "rcpt to" request tempfailed and every "rcpt to" request tempfailed
> > or permfailed.
>
> But the RFC says that an SMTP client MUST NOT issue a DATA command unless
> at leas
On Sun, 26 Feb 2006, David F. Skoll wrote:
> Now, there *are* some marginal SMTP servers that fail in the
> following scenario:
>
> C: HELO myname.domain.com
> S: 250 whatever
> C: MAIL FROM:<[EMAIL PROTECTED]>
> S: 250 2.1.0 go ahead
> C: RCPT TO:<[EMAIL PROTECTED]>
> S: 451 4.7.1 greylisting; t
On Mon, 16 Jan 2006, [EMAIL PROTECTED] wrote:
> > > *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT,
> > >NOT ZERO. IF YOUR FILTER HAS A
> > >PROTOTYPE FOR filter_begin, YOU SHOULD
> > >
On Wed, 11 Jan 2006, David F. Skoll wrote:
> *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT,
>NOT ZERO. IF YOUR FILTER HAS A
>PROTOTYPE FOR filter_begin, YOU SHOULD
>
On Thu, 10 Nov 2005, David F. Skoll wrote:
> - There is no way to see a lone LF from milter.
Seems that it's no problem, because this should be a case also for
local mailer on unices. At least procmail saves files with bare
.
Does anybody use sendmail on MacOSX (unix to be or not unix to be) or
On Wed, 09 Nov 2005, Jan Pieter Cornet wrote:
> However, you're ALSO removing lone CRs in the process, CR characters
> that a MUA will see, and might react upon (it might even trigger
> a bug in the MUA... a bug which is scanned for in some virus scanner,
> but that fails to detect it because the
On Tue, 28 Dec 2004, Les Mikesell wrote:
> On Sat, 2004-12-25 at 18:47, Gary Funck wrote:
>
> > I'm about ready to install MIMEdefang, and was wondering if MIMEdefang is
> > available on CPAN, or available in RPM form?
>
> Dag Wieers has it packaged for redhat/fedora (along with about every
> ot
On Tue, 14 Dec 2004, Kenneth Porter wrote:
> I figured I'd take a crack at updating to the latest MD, and started by
> trying to update MIME-tools. I immediately run into the problem that it
> wants a new MIME::QuotedPrint but Red Hat, in their infinite wisdom (rolls
> eyes) have decided to bun
I've an old, Libc-5 based, Linux system with mimedefang. When I tried
to compile mimedefang-2.49 I got the following message:
mimedefang.c: In function `main':
mimedefang.c:1721: structure has no member named `sin_addr'
make: *** [mimedefang.o] Error 1
It looks like the cod
I have written a quick and dirty checking for corrupt jpeg files in
mimedefang-filter. It uses program "djpeg", which should be in most
Linux and Unices distributions, to convert the file to bitmap writing
in /dev/null. It lets the file in, if it manages to successfully convert
it, or rejects it ot
>From mimedefang-2.45 README:
| 4. MIME-BASE64 NOTE
| ---
|
| Version 5.113 or higher of MIME::Tools requires MIME::Base64 version
| 3.03 or higher. Many Linux distributions include an old version
| of MIME::Base64 in the core Perl distribution. In order to
| install a new versi
I've modified mimedefang-filter.example so it blocks RAR files with
executables. It uses freeware "unrar" program, which source and
binaries can be downloaded from RARLAB:
http://www.rarlab.com/rar_add.htm
Patch follows.
It blocks Beagle worm password protected RAR files.
Regards
Tometzky
--
..
On Wed, 24 Mar 2004, David F. Skoll wrote:
> On Wed, 24 Mar 2004, Tomasz Ostrowski wrote:
>
> > I'd advocate so action_notify_sender is removed as well - because
> > over 99% virus e-mail come with forged return address.
>
> There's an interlock that disabl
On Wed, 24 Mar 2004, Jobst Schmalenbach wrote:
> I want to notify the recipient (if the recipient is in OUR domain)
> that I killed a message for a reason.
$ grep 'Milter: data, reject' /var/log/maillog | wc -l
3457
$ head -1 /var/log/maillog | cut -d " " -f 1-3
Mar 21 00:09:26
Over 1000
I've modified mimedefang-filter so it blocks ZIP files with
executables. I't ugly as hell (I do not know perl - it's copy-paste
programming) but it works. It uses zipinfo command to extract
filenames. Have a look at the diff below.
It blocks all recent Mydoom mails.
Regards
Tometzky
--
...althou
32 matches
Mail list logo