Detecting empty office doc containing virus macro

2015-10-28 Thread Gary Stainburn
We are receiving LOTS of emails that contain empty XLS or DOC documents with embedded virus macros. These are getting past SPAMASSASSIN, Clamav and Kaspersky. I'm trying to write a filter for EXIM to block these emails but I need to know a good, quick, command-line to detect an empty doc with

Re: Detecting empty office doc containing virus macro

2015-10-28 Thread Ian Malone
On 28 October 2015 at 11:56, Gary Stainburn wrote: > We are receiving LOTS of emails that contain empty XLS or DOC documents with > embedded virus macros. These are getting past SPAMASSASSIN, Clamav and > Kaspersky. > > I'm trying to write a filter for EXIM to

Re: Realtek r8169 always flapping

2015-10-28 Thread Kseniya Blashchuk
Thank you, Rick. 1) Of course the first thing i did was replacing the cabling, plugging into another port and even into another switch. 2) I put a script changing autoneg in /etc/NetworkManager/dispatcher.d/. But I'll try what you adviced and have a look. вт, 27 окт. 2015 г. в 20:08, Rick Stevens

Re: Realtek r8169 always flapping

2015-10-28 Thread Kseniya Blashchuk
No, adding DEVICE line didnt help, still using a script in disptcher.d ср, 28 окт. 2015 г. в 11:05, Kseniya Blashchuk : > Thank you, Rick. > 1) Of course the first thing i did was replacing the cabling, plugging > into another port and even into another switch. > 2) I put a

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Rick Stevens
On 10/28/2015 03:52 AM, antonio montagnani wrote: I am using a desktop where I have connected a printer: if I enable the firewall I can connect by IP numbers and print if printer is nameofprinter@IPof desktop (the same with vinagre, i can connect by IP numbers and not by names): the only way to

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Gordon Messmer
On 10/28/2015 09:24 AM, Rick Stevens wrote: You have a DNS resolution issue. It's probably an mDNS issue, and replies should normally be allowed by the default "accept RELATED,ESTABLISHED" rule. It might be helpful to see the output of "iptables -L -n -v". With the firewall enabled, as

Re: Detecting empty office doc containing virus macro

2015-10-28 Thread Gary Stainburn
On Wednesday 28 October 2015 13:45:17 Ian Malone wrote: > Don't know how to answer your question, but if you know how to detect > empty documents then why not just assume they're malicious? Don't > think there's any common reason to send empty documents around. > I think that I'm going to go down

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Antonio M
tbx to all... iptables -L -n -v see attached file 2015-10-28 18:00 GMT+01:00 Gordon Messmer : > On 10/28/2015 09:24 AM, Rick Stevens wrote: > >> You have a DNS resolution issue. >> > > It's probably an mDNS issue, and replies should normally be allowed by the > default

Re: Bluetooth woes (again)

2015-10-28 Thread Tim
Allegedly, on or about 26 October 2015, Patrick O'Callaghan sent: > The headphones don't even have a physical port. I hate that kind of thing. Headphones are just such a basic technology, but to encumber that with networking protocols, and require batteries... I had a wireless keyboard for a

Re: Bluetooth woes (again)

2015-10-28 Thread Tim
Patrick O'Callaghan sent: >> As I said, the mouse works on another system. I should also mention >> that the mouse light is on, i.e. it does have power. If it wasn't too late to bother, I would have asked whether it stayed lit continually, or you only saw a light some of the time. >> I'm leaning

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Antonio M
on the desktop iptables --table filter --list | grep mdns ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW on the laptop: [root@Fujiantonio antonio]# iptables --table

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Antonio M
[antonio@pcdesktop1 ~]$ avahi-browse -a + virbr0 IPv4 antonio's remote desktop on pcdesktop1 _rfb._tcplocal + p19p1 IPv4 antonio's remote desktop on Fujiantonio _rfb._tcplocal + p19p1 IPv4 antonio's remote desktop on pcdesktop1 _rfb._tcplocal + virbr0 IPv4

selinux question

2015-10-28 Thread Paolo Galtieri
I have 2 systems running f22. On these 2 systems I have setup snort. On both these systems snort logs to directory /var/log/snort. On both these systems /var/log/snort is owned by user snort and group snort. However, on one of the systems I cannot write to /var/log/snort as user snort.

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Antonio M
[root@pcdesktop1 antonio]# iptables --table filter --list -v | grep mdns 112 40040 ACCEPT udp -- anyany anywhere 224.0.0.251 udp dpt:mdns ctstate NEW 72 18392 ACCEPT udp -- anyany anywhere 224.0.0.251 udp dpt:mdns ctstate NEW still I have not

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Gordon Messmer
On 10/28/2015 03:17 PM, Antonio M wrote: still I have not done a single step to improve situation The problem isn't obvious. Your firewall rules are set up properly to both browse other mDNS devices and advertise services on your system using mDNS. Maybe install the avahi-tools package

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Antonio M
and using Vinagre I get a avahi resolver timeout. I have filed a bug but no answer from the assignee 2015-10-28 23:52 GMT+01:00 Antonio M : > [antonio@pcdesktop1 ~]$ avahi-browse -a > + virbr0 IPv4 antonio's remote desktop on pcdesktop1 > _rfb._tcplocal

Re: Firewall behaviour is strange on one of my systems

2015-10-28 Thread Gordon Messmer
On 10/28/2015 01:55 PM, Antonio M wrote: why do I have two lines instead of one??? Probably for different interfaces. Use "iptables -v". -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users

Re: selinux question

2015-10-28 Thread Ed Greshko
On 10/29/2015 06:56 AM, Paolo Galtieri wrote: > On the system that fails > > /bin/ls -ldZ /var/log/snort > lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 44 Oct 24 > 17:29 /var/log/snort -> /run/media/pgaltieri/NEWDATA2/NSM/logs/snort > > /bin/ls -ldZ

Re: Realtek r8169 always flapping

2015-10-28 Thread Kseniya Blashchuk
But no luck. For some reason after a wile autoneg turns on, I do not understand why. Then it turns off thanx to the script, but the link flaps. :( ср, 28 окт. 2015 г. в 11:30, Kseniya Blashchuk : > No, adding DEVICE line didnt help, still using a script in disptcher.d > > ср,

Firewall behaviour is strange on one of my systems

2015-10-28 Thread antonio montagnani
I am using a desktop where I have connected a printer: if I enable the firewall I can connect by IP numbers and print if printer is nameofprinter@IPof desktop (the same with vinagre, i can connect by IP numbers and not by names): the only way to print (and connect by names in vinagre, and

Re: selinux question

2015-10-28 Thread Gordon Messmer
On 10/28/2015 03:56 PM, Paolo Galtieri wrote: Note that on the failing system the selinux context shows the directory has unlabeled_t context while on the working system it's colord_var_lib_t. I set this at some point (I think), but I forget how I did it Possibly check the root user's