Thank you all for your comments, very much appreciated
Tony
Date: Wed, 18 Feb 2015 12:28:11 -0700
From: ml-node+s1065346n114635...@n5.nabble.com
To: tiar...@hotmail.com
Subject: Re: Recent spate of Malicious VB attachments II
On Wed, 18 Feb 2015 14:16:02 -0500
Joe Quinn [hidden
Hi,
I've seen quite a few what I believe are phishing attack emails today
that I haven't seen before:
http://pastebin.com/tKEBH16e
It uses a bit.ly address to point the user to what looks like an
alternative way to login to Google Drive or any other cloud service in
one spot. Seriously
Lately we've been getting slammed by spam. The bulk of it (no pun intended) is
coming from new domains (many just a day or two old) which originate from
key-systems gmbh, and all use RRPPROXY.NET as their name servers such as this
snippet from whois:
Domain Name: WATTSMINDANDBODYLAB.COM
I use amavis-new and block based on file type. My users should never get legit
executables via email, so they are sent to a quarantine.
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe-ms|dll)$', # banned file(1) types,
Am 19.02.2015 um 14:46 schrieb Chad M Stewart:
I use amavis-new and block based on file type. My users should never get legit
executables via email, so they are sent to a quarantine.
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
Hi
i want backup the bayes database of my spamassassin server but impossible.
On all server, that's finish at :
locker: safe_unlock: lock on /var/spool/spamassassin/bayes.lock was lost
due to expiry at
/usr/lib/perl5/vendor_perl/5.10.0/Mail/SpamAssassin/Locker/UnixNFSSafe.pm
line 200.
and the
On Thu, 19 Feb 2015 09:27:12 +0100
Olivier CALVANO wrote:
Hi
i want backup the bayes database of my spamassassin server but
impossible.
On all server, that's finish at :
locker: safe_unlock: lock on /var/spool/spamassassin/bayes.lock was
lost due to expiry at
Hello.
I am just curious, since I am using SaneSecurity
signatures too.
According to: http://sanesecurity.com/usage/signatures/
some of the lists you mentioned have been classified
with 'medium' to 'high' risk of false positives:
foxhole_*
spear / spearl
Did you not get into trouble with
Am 19.02.2015 um 16:13 schrieb Matteo Dessalvi:
I am just curious, since I am using SaneSecurity
signatures too.
According to: http://sanesecurity.com/usage/signatures/
some of the lists you mentioned have been classified
with 'medium' to 'high' risk of false positives:
foxhole_*
spear /
On Thu, 19 Feb 2015, Reindl Harald wrote:
well, that can you achieve directly on the MTA but that won't help in case of
emails containing MS office attachments with a Malicious VB script
cat /etc/postfix/mime_header_checks.cf
/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* =
Am 19.02.2015 um 15:43 schrieb David F. Skoll:
On Thu, 19 Feb 2015 09:34:28 -0500
Alex Regan mysqlstud...@gmail.com wrote:
[David Skoll]
spreadsheet with a macro virus in it. ClamAV is essentially
useless at detecting viruses, so it's a real problem... any ideas?
Useless? Are you using
On Thu, 19 Feb 2015, David F. Skoll wrote:
On Thu, 19 Feb 2015 07:46:16 -0600
Chad M Stewart c...@balius.com wrote:
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those
Hi,
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro
On Thu, 19 Feb 2015 07:46:16 -0600
Chad M Stewart c...@balius.com wrote:
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :(
On 02/19/2015 03:24 PM, David F. Skoll wrote:
On Thu, 19 Feb 2015 07:46:16 -0600
Chad M Stewart c...@balius.com wrote:
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those
On Thu, 19 Feb 2015 09:34:28 -0500
Alex Regan mysqlstud...@gmail.com wrote:
[David Skoll]
spreadsheet with a macro virus in it. ClamAV is essentially
useless at detecting viruses, so it's a real problem... any ideas?
Useless? Are you using the third-party patterns?
No, because when I
Hi,
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro
Am 19.02.2015 um 15:47 schrieb Dave Funk:
On Thu, 19 Feb 2015, Reindl Harald wrote:
well, that can you achieve directly on the MTA but that won't help in
case of emails containing MS office attachments with a Malicious VB
script
cat /etc/postfix/mime_header_checks.cf
On February 19, 2015 3:26:00 PM David F. Skoll d...@roaringpenguin.com
wrote:
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro virus in it. ClamAV is essentially useless at detecting
viruses,
19 matches
Mail list logo