On Sat, Sep 20, 2003 at 09:30:27AM -0400, Steven W. Orr wrote:
Ok. Maybe there's another explanation. See, SA can be used by lots of
different people. Trolls included. Not everyone uses SA by piping it
through procmail. I know; the better people do it that way, but I prefer
to reject all
On Tue, 2003-09-23 at 22:56, Rob Chanter wrote:
On Sat, Sep 20, 2003 at 09:30:27AM -0400, Steven W. Orr wrote:
[snip]
You can block mail at (basically) four points during mail reception:
* During the HELO/EHLO
* During or after you receive envelope information
* At the *end* of data but
--On Saturday, September 20, 2003 11:37 AM -0400 Steven W. Orr
[EMAIL PROTECTED] wrote:
By using spamass-milter you have the option of rejecting the
message before reception completes. This way, the spammer knows that you
have rejected his message and that you have not received it.
Nope, he
On Sat, Sep 20, 2003 at 09:30:27AM -0400, Steven W. Orr wrote:
So what I was asking for was a rule to add to my local.cf which would
recognize the fact that the remaining elements of the virus that're
getting through contain a MIME attachment of type Application/X-MSDOWNLOAD
and the
Jim wrote:
On Sat, Sep 20, 2003 at 09:30:27AM -0400, Steven W. Orr wrote:
So what I was asking for was a rule to add to my local.cf which would
recognize the fact that the remaining elements of the virus that're
getting through contain a MIME attachment of type Application/X-MSDOWNLOAD
and the
Steven W. Orr wrote:
On Saturday, Sep 20th 2003 at 03:47 -, quoth Jim:
=On Fri, Sep 19, 2003 at 10:56:19PM -0400, Steven W. Orr wrote:
= No. I'm running sendmail with spamass-milter. I don not want to do it in
= procmail or postfix. I want to do it in SA.
=
=Then you either don't yet
On Sat, Sep 20, 2003 at 10:03:09AM -0400, Bruce Pennypacker wrote:
also block obvious spam if the SA score is extremely high. It's a
feature of the spamass-milter for sendmail.
That's fine, but that wasn't what he asked about explicitly; and he can't
expect everyone to run and look up how
At 01:35 PM 9.20.2003 +, Jim wrote:
On Sat, Sep 20, 2003 at 09:30:27AM -0400, Steven W. Orr wrote:
So what I was asking for was a rule to add to my local.cf which would
recognize the fact that the remaining elements of the virus that're
getting through contain a MIME attachment of type
On Sat, Sep 20, 2003 at 10:05:42AM -0500, Jack L. Stone wrote:
At the risk of being snapped at, I use apamass-milter to block at a certain
spam threshhold. So, doesn't it get that score weight from SA.??? I'm
blocking a huge amount of spams with spamass-milter this way. That stops
them
-Original Message-
From: Steven W. Orr
Also, if anyone else would like to take a stab at a recipe
for what I'm describing I'd still be grateful. I'm getting about
10/hour of these things. I keep on running them all through sa-
learn but that doesn't help because they don't pass
Along this thread . . .
Not everyone uses an anti-virus package. I run a Postfix relay in front of
Exchange servers. I use Sybari AV on the Exchange side which allows me to
use up to 4 separate scan engines and apply in multiple locations of
transport. Each scan location allows for custom
On Saturday, Sep 20th 2003 at 15:12 -, quoth Jim:
=On Sat, Sep 20, 2003 at 10:05:42AM -0500, Jack L. Stone wrote:
= At the risk of being snapped at, I use apamass-milter to block at a certain
= spam threshhold. So, doesn't it get that score weight from SA.??? I'm
= blocking a huge amount
On Sat, Sep 20, 2003 at 11:23:32AM -0400, Larry Gilson wrote:
However, not everyone
uses Procmail. So for those who do not use an AV product and do not use
Procmail, it is certainly reasonable to try to accomplish this with SA
regardless of your configuration. Posting a request to see if
On Sat, Sep 20, 2003 at 11:37:09AM -0400, Steven W. Orr wrote:
SA does not block mail. It tags mail. Then you can do whatever you want
with that tagging.
Precisely.
By using spamass-milter you have the option of rejecting the
message before reception completes. This way, the spammer knows
On Sat, Sep 20, 2003 at 10:05:30AM -0400, Bruce Pennypacker wrote:
But the spamass-milter for sendmail DOES let you block e-mail if the SA
score is high enough. Steven may not have been entirely clear about
that,
Right. And the problem is that it sounded exactly like all the other times
it
This new virus appears to generate many (random?) subjects, so it's getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's been a huge problem all day.
I believe that the emails will all claim to be from a microsoft support
address which might be a part of the solution. Other things which might also
bump up the score would be cumulative patch, eliminates all known security
vulnerabilities (insert sarcasm here), and This update.
Steve
Forrest
This new virus appears to generate many (random?) subjects, so it's
getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's been a huge problem all day.
This new virus appears to generate many (random?) subjects, so it's getting
difficult to narrow down.
Has anyone filters for Spamassassin that will correctly identify this
virus? I'd like to score this one high so they are rejected (via
spamass-milter)... it's been a huge problem all day.
I have not seen one specific From/To/Subject pattern to catch a rule on.
The only thing this virus has in common is a '.exe'. Interestingly enough,
it seems that all the really bad worms have attachments that are .bat, .pif,
.scr, .exe, or .com. Most of the fairly tame ones hide in other
Just block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
Just block
name=*.scr and name=*.exe
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Cheers,
On Friday, Sep 19th 2003 at 16:09 -0500, quoth Jon Gabrielson:
=Just block
=
=name=*.scr and name=*.exe
=
=you should probably be blocking these anyways.
=
=Anyone who needs to send an exe can easily just zip it.
=
=Here is my procmail rule:
=
=:0B
=* Content-Type: application|Content-Type: audio
Hallo Steven W. Orr,
am Samstag, 20. September 2003, 04:07:16, schriebst Du:
On Friday, Sep 19th 2003 at 16:09 -0500, quoth Jon Gabrielson:
=Just block
=
=name=*.scr and name=*.exe
=
=you should probably be blocking these anyways.
=
=Anyone who needs to send an exe can easily just zip it.
=
On Saturday, Sep 20th 2003 at 04:44 +0200, quoth Jim Knuth:
=Hallo Steven W. Orr,
=
= But I don't want to block with a procmail rule. I want to block it with an
= SA rule. In fact, I don't even use procmail. I use spamass-milter. I want
= all my spam to be rejected before it gets in.
=
=
=if you
Jon Gabrielson wrote:
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=.*.pif|name=.*.scr|name=.*.exe|name=.*.com
/tmp/viruses
Thanks for sharing that. But also a nit. '.' matches any character.
So '.*.' is the same as '.*'. You probably wanted to
On Friday, Sep 19th 2003 at 10:54 -0400, quoth Forrest Aldrich:
=This new virus appears to generate many (random?) subjects, so it's getting
=difficult to narrow down.
=
=Has anyone filters for Spamassassin that will correctly identify this
=virus? I'd like to score this one high so they are
On Fri, Sep 19, 2003 at 10:56:19PM -0400, Steven W. Orr wrote:
No. I'm running sendmail with spamass-milter. I don not want to do it in
procmail or postfix. I want to do it in SA.
Then you either don't yet understand what SA is for, or you are a troll.
28 matches
Mail list logo
