|
List Info
Thread: Do not Ban encrypted leaf members, but do ban encrypted .ZIP
|
|
| Do not Ban encrypted leaf members, but
do ban encrypted .ZIP |
|
2006-07-20 11:05:12 |
Dear Gary,
You wrote me the following:
> -----Original Message-----
> From: amavis-user-bounces lists.sourceforge.net
> [mailto:amavis-user-bounceslists.sourceforge.net] On
Behalf Of Gary V
> Sent: woensdag 19 juli 2006 16:53
> To: amavis-userlists.sourceforge.net
> Subject: Re: [AMaViS-user] Do not Ban encrypted leaf
> members,but do ban encrypted .ZIP
>
> H. wrote:
[ snip ]
> > I have got this section:
>
> > -----8<-----
>
> > # # within certain archives allow leaf members at
any depth
> if crypted
> > [ qr'(?# ALLOW ENCRYPTED )
> > ^ (.*\t)? T=(zip|rar|arj) (.*\n)+
(.*\t)? A=C
> (\t.*)? \z'xmi => 0
> > ],
>
> > But it does not work.
>
> > Encrypted .ZIP is passed with ***UNCHECKED*** in
the Subject: field.
> > (Should be blocked)
> > Encrypted .ZIP in a nonencrypted .ZIP is passed
with
> ***UNCHECKED*** in
> > the Subject: field. (This is a correct action.)
>
> > Did I misunderstood the comments or do I have
another error?
>
> I could be wrong, but it appears to me this rule allows
encrypted
> zip|rar|arj files or will also allow the file to pass
if
> there is a file inside a zip|rar|arj that cannot be
deciphered
> (is encrypted). So to me your result would be expected.
> I'm not sure how you would accomplish your goal. Mark
may have an
> idea, but won't be back for a week or so.
I was already afraid for misunderstanding the comment...
What I want is: to block encrypted .ZIP, but to pass
encrypted .ZIP in
an archive like .ZIP with an ***UNCHECKED*** mark in the
subject. The
reason is, I want to block malware send by contaminated
zombies. Such as
e-mail with encrypted .ZIP and the password in text or
.GIF-image. But I
also want to give my users a tool to be able to send/receive
encrypted
.ZIP files with confidential information without help of the
ICT-department.
I'll wait for Mark to comment on this.
> > Another problem is that 'kill -HUP' of the
amavisd master
> > dies silently instead of doing a reload. No errors
in the log,
> > not even in debug mode... I have (re)checked the
ownership of
> > the amavisd files, but did not find an error. Have
you got an
> > idea where to look?
>
> >From RELEASE_NOTES:
>
> - sending signal HUP in order to restart amavisd no
longer
> works (previously
> it only worked in non-chrooted environment and relied
on
> guessing amavisd
> absolute path); please use 'amavisd reload', or
'amavisd
> stop' and restart;
Oh sh*t. I missed the Release notes... My Linux guru and a
big help, got
the amavisd RPM and installed it for me. So, I haven't seen
it.
B.t.w. in /etc/init.d there is the startup procedure
amavisd. Normally,
with a reload, you should execute 'service amavisd
reload'. Guess what
the command is to reload amavisd? Indeed 'killproc $prog
-HUP'...
> If the HUP method is really still needed, please
replace the line
> commandline => [], # disable
> by:
> commandline =>
['/usr/local/sbin/amavisd','-c',$config_file],
> in file amavisd, adjusting the path if necessary.
Thank you very much for this hint. I'll check it out.
Cheers,
Harrie
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
|
| Do not Ban encrypted leaf members, but
do ban encrypted .ZIP |
|
2006-07-20 11:05:12 |
Dear Gary,
You wrote me the following:
> -----Original Message-----
> From: amavis-user-bounceslists.sourceforge.net
> [mailto:amavis-user-bounceslists.sourceforge.net] On
Behalf Of Gary V
> Sent: woensdag 19 juli 2006 16:53
> To: amavis-userlists.sourceforge.net
> Subject: Re: [AMaViS-user] Do not Ban encrypted leaf
> members,but do ban encrypted .ZIP
>
> H. wrote:
[ snip ]
> > I have got this section:
>
> > -----8<-----
>
> > # # within certain archives allow leaf members at
any depth
> if crypted
> > [ qr'(?# ALLOW ENCRYPTED )
> > ^ (.*\t)? T=(zip|rar|arj) (.*\n)+
(.*\t)? A=C
> (\t.*)? \z'xmi => 0
> > ],
>
> > But it does not work.
>
> > Encrypted .ZIP is passed with ***UNCHECKED*** in
the Subject: field.
> > (Should be blocked)
> > Encrypted .ZIP in a nonencrypted .ZIP is passed
with
> ***UNCHECKED*** in
> > the Subject: field. (This is a correct action.)
>
> > Did I misunderstood the comments or do I have
another error?
>
> I could be wrong, but it appears to me this rule allows
encrypted
> zip|rar|arj files or will also allow the file to pass
if
> there is a file inside a zip|rar|arj that cannot be
deciphered
> (is encrypted). So to me your result would be expected.
> I'm not sure how you would accomplish your goal. Mark
may have an
> idea, but won't be back for a week or so.
I was already afraid for misunderstanding the comment...
What I want is: to block encrypted .ZIP, but to pass
encrypted .ZIP in
an archive like .ZIP with an ***UNCHECKED*** mark in the
subject. The
reason is, I want to block malware send by contaminated
zombies. Such as
e-mail with encrypted .ZIP and the password in text or
.GIF-image. But I
also want to give my users a tool to be able to send/receive
encrypted
.ZIP files with confidential information without help of the
ICT-department.
I'll wait for Mark to comment on this.
> > Another problem is that 'kill -HUP' of the
amavisd master
> > dies silently instead of doing a reload. No errors
in the log,
> > not even in debug mode... I have (re)checked the
ownership of
> > the amavisd files, but did not find an error. Have
you got an
> > idea where to look?
>
> >From RELEASE_NOTES:
>
> - sending signal HUP in order to restart amavisd no
longer
> works (previously
> it only worked in non-chrooted environment and relied
on
> guessing amavisd
> absolute path); please use 'amavisd reload', or
'amavisd
> stop' and restart;
Oh sh*t. I missed the Release notes... My Linux guru and a
big help, got
the amavisd RPM and installed it for me. So, I haven't seen
it.
B.t.w. in /etc/init.d there is the startup procedure
amavisd. Normally,
with a reload, you should execute 'service amavisd
reload'. Guess what
the command is to reload amavisd? Indeed 'killproc $prog
-HUP'...
> If the HUP method is really still needed, please
replace the line
> commandline => [], # disable
> by:
> commandline =>
['/usr/local/sbin/amavisd','-c',$config_file],
> in file amavisd, adjusting the path if necessary.
Thank you very much for this hint. I'll check it out.
Cheers,
Harrie
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
|
| Do not Ban encrypted leaf members, but
do ban encrypted .ZIP |
|
2006-07-20 11:05:12 |
Dear Gary,
You wrote me the following:
> -----Original Message-----
> From: amavis-user-bounceslists.sourceforge.net
> [mailto:amavis-user-bounceslists.sourceforge.net] On
Behalf Of Gary V
> Sent: woensdag 19 juli 2006 16:53
> To: amavis-userlists.sourceforge.net
> Subject: Re: [AMaViS-user] Do not Ban encrypted leaf
> members,but do ban encrypted .ZIP
>
> H. wrote:
[ snip ]
> > I have got this section:
>
> > -----8<-----
>
> > # # within certain archives allow leaf members at
any depth
> if crypted
> > [ qr'(?# ALLOW ENCRYPTED )
> > ^ (.*\t)? T=(zip|rar|arj) (.*\n)+
(.*\t)? A=C
> (\t.*)? \z'xmi => 0
> > ],
>
> > But it does not work.
>
> > Encrypted .ZIP is passed with ***UNCHECKED*** in
the Subject: field.
> > (Should be blocked)
> > Encrypted .ZIP in a nonencrypted .ZIP is passed
with
> ***UNCHECKED*** in
> > the Subject: field. (This is a correct action.)
>
> > Did I misunderstood the comments or do I have
another error?
>
> I could be wrong, but it appears to me this rule allows
encrypted
> zip|rar|arj files or will also allow the file to pass
if
> there is a file inside a zip|rar|arj that cannot be
deciphered
> (is encrypted). So to me your result would be expected.
> I'm not sure how you would accomplish your goal. Mark
may have an
> idea, but won't be back for a week or so.
I was already afraid for misunderstanding the comment...
What I want is: to block encrypted .ZIP, but to pass
encrypted .ZIP in
an archive like .ZIP with an ***UNCHECKED*** mark in the
subject. The
reason is, I want to block malware send by contaminated
zombies. Such as
e-mail with encrypted .ZIP and the password in text or
.GIF-image. But I
also want to give my users a tool to be able to send/receive
encrypted
.ZIP files with confidential information without help of the
ICT-department.
I'll wait for Mark to comment on this.
> > Another problem is that 'kill -HUP' of the
amavisd master
> > dies silently instead of doing a reload. No errors
in the log,
> > not even in debug mode... I have (re)checked the
ownership of
> > the amavisd files, but did not find an error. Have
you got an
> > idea where to look?
>
> >From RELEASE_NOTES:
>
> - sending signal HUP in order to restart amavisd no
longer
> works (previously
> it only worked in non-chrooted environment and relied
on
> guessing amavisd
> absolute path); please use 'amavisd reload', or
'amavisd
> stop' and restart;
Oh sh*t. I missed the Release notes... My Linux guru and a
big help, got
the amavisd RPM and installed it for me. So, I haven't seen
it.
B.t.w. in /etc/init.d there is the startup procedure
amavisd. Normally,
with a reload, you should execute 'service amavisd
reload'. Guess what
the command is to reload amavisd? Indeed 'killproc $prog
-HUP'...
> If the HUP method is really still needed, please
replace the line
> commandline => [], # disable
> by:
> commandline =>
['/usr/local/sbin/amavisd','-c',$config_file],
> in file amavisd, adjusting the path if necessary.
Thank you very much for this hint. I'll check it out.
Cheers,
Harrie
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
|
| Do not Ban encrypted leaf members, but
do ban encrypted .ZIP |
|
2006-07-20 11:05:12 |
Dear Gary,
You wrote me the following:
> -----Original Message-----
> From: amavis-user-bounceslists.sourceforge.net
> [mailto:amavis-user-bounceslists.sourceforge.net] On
Behalf Of Gary V
> Sent: woensdag 19 juli 2006 16:53
> To: amavis-userlists.sourceforge.net
> Subject: Re: [AMaViS-user] Do not Ban encrypted leaf
> members,but do ban encrypted .ZIP
>
> H. wrote:
[ snip ]
> > I have got this section:
>
> > -----8<-----
>
> > # # within certain archives allow leaf members at
any depth
> if crypted
> > [ qr'(?# ALLOW ENCRYPTED )
> > ^ (.*\t)? T=(zip|rar|arj) (.*\n)+
(.*\t)? A=C
> (\t.*)? \z'xmi => 0
> > ],
>
> > But it does not work.
>
> > Encrypted .ZIP is passed with ***UNCHECKED*** in
the Subject: field.
> > (Should be blocked)
> > Encrypted .ZIP in a nonencrypted .ZIP is passed
with
> ***UNCHECKED*** in
> > the Subject: field. (This is a correct action.)
>
> > Did I misunderstood the comments or do I have
another error?
>
> I could be wrong, but it appears to me this rule allows
encrypted
> zip|rar|arj files or will also allow the file to pass
if
> there is a file inside a zip|rar|arj that cannot be
deciphered
> (is encrypted). So to me your result would be expected.
> I'm not sure how you would accomplish your goal. Mark
may have an
> idea, but won't be back for a week or so.
I was already afraid for misunderstanding the comment...
What I want is: to block encrypted .ZIP, but to pass
encrypted .ZIP in
an archive like .ZIP with an ***UNCHECKED*** mark in the
subject. The
reason is, I want to block malware send by contaminated
zombies. Such as
e-mail with encrypted .ZIP and the password in text or
.GIF-image. But I
also want to give my users a tool to be able to send/receive
encrypted
.ZIP files with confidential information without help of the
ICT-department.
I'll wait for Mark to comment on this.
> > Another problem is that 'kill -HUP' of the
amavisd master
> > dies silently instead of doing a reload. No errors
in the log,
> > not even in debug mode... I have (re)checked the
ownership of
> > the amavisd files, but did not find an error. Have
you got an
> > idea where to look?
>
> >From RELEASE_NOTES:
>
> - sending signal HUP in order to restart amavisd no
longer
> works (previously
> it only worked in non-chrooted environment and relied
on
> guessing amavisd
> absolute path); please use 'amavisd reload', or
'amavisd
> stop' and restart;
Oh sh*t. I missed the Release notes... My Linux guru and a
big help, got
the amavisd RPM and installed it for me. So, I haven't seen
it.
B.t.w. in /etc/init.d there is the startup procedure
amavisd. Normally,
with a reload, you should execute 'service amavisd
reload'. Guess what
the command is to reload amavisd? Indeed 'killproc $prog
-HUP'...
> If the HUP method is really still needed, please
replace the line
> commandline => [], # disable
> by:
> commandline =>
['/usr/local/sbin/amavisd','-c',$config_file],
> in file amavisd, adjusting the path if necessary.
Thank you very much for this hint. I'll check it out.
Cheers,
Harrie
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
|
[1-4]
|
|