Search found 234 matches

by nicola.piazzi
07 Mar 2019 14:50
Forum: 3.x How-to
Topic: Installable antivirus
Replies: 0
Views: 42

Installable antivirus

Hi, At this moment there are only 2 free antivirus for Efa : clamd & sophos free for unix they have a big differences clam uses a daemon in memory to scan so it doesnt have to load libraries on each incoming mail sophos takes about 7 seconds to load for each email if you consider that other spamassa...
by nicola.piazzi
22 Jan 2019 08:40
Forum: 3.x Feature Requests
Topic: Supported Antivirus Consideration & Question
Replies: 6
Views: 828

Re: Supported Antivirus Consideration & Question

Hi, I tested these 3 supported antivirus whith these results : Cattura.PNG We can say that we can exclude Esets also because we need to pay it We can retain only Clam and Sophos that are free and have a good detection rate Clamd is good because we dont use cpu using daemon Unfortunately sophos uses ...
by nicola.piazzi
16 Jan 2019 07:58
Forum: 3.x How-to
Topic: Virus Scan Time
Replies: 1
Views: 80

Virus Scan Time

After a lot o work I find useful 3 antiviruses for linux : 1) Clamd that is included 2) Sophos that is free 3) Esets, that costs 100$ year Each of these AV is useful to find viruses and have a good detection rate Clamd uses the daemon to scan and libraies are not loaded for each scan so scanning of ...
by nicola.piazzi
16 Jan 2019 07:50
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 838

Re: Sophos AV does no more work !

This is NOT Avg fix but Sophos fix
And work well !
by nicola.piazzi
10 Jan 2019 09:18
Forum: 3.x Feature Requests
Topic: Supported Antivirus Consideration & Question
Replies: 6
Views: 828

Supported Antivirus Consideration & Question

I worked to find supported antivirus that can be used with EFA MailScanner and found that we have these 3 products 1 Clam that is included 2 Sophos 4 Linux that is free 3 Esets that have little fee about 100$ year Clam is invoked using daemon that already have patterns in memory, so it doesnt use re...
by nicola.piazzi
08 Jan 2019 07:27
Forum: 3.x How-to
Topic: Interesting email based blacklist
Replies: 11
Views: 1076

Re: Interesting email based blacklist

same dir where local.cf
by nicola.piazzi
03 Jan 2019 13:40
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 838

Re: Sophos AV does no more work !

Hi Henk,
I also use esets and it works well
by nicola.piazzi
03 Jan 2019 09:04
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 838

Also avg doesnt work

Hi henk Also AVG have (same) problem Install so : yum install glibc.i686 wget http://download.avgfree.com/filedir/inst/avg2013flx-r3118-a6926.i386.rpm rpm -i avg2013flx-r3118-a6926.i386.rpm vi /etc/MailScanner/virus.scanners.conf avg /usr/lib/MailScanner/wrapper/avg-wrapper /usr <<<<<<< this little ...
by nicola.piazzi
02 Jan 2019 14:28
Forum: Discussion
Topic: [SOLVED] Failing to get Spam Viruses to work in Mailscanner + SA
Replies: 3
Views: 1912

Re: [SOLVED] Failing to get Spam Viruses to work in Mailscanner + SA

Hi
As you can see in this page there is a complete description of extra signatures and how to use (virus or score 4 spam)

https://sanesecurity.com/usage/signatures/

But problem is to have description of output of each signature to use in "Virus Names Which Are Spam" directive

Have an idea ?
by nicola.piazzi
02 Jan 2019 12:01
Forum: Discussion
Topic: ESET integration
Replies: 4
Views: 1085

Re: ESET integration

vi /usr/lib/MailScanner/wrapper/esets-wrapper
change this :
exec ${PackageDir}/$Prog "$@"
with this :
exec sudo ${PackageDir}/$Prog "$@"

vi /etc/sudoers.d/Postfix (new file)
Insert this line and save :
postfix ALL=(ALL) NOPASSWD: /opt/eset/esets/sbin/esets_scan


now MailScanner --lint
by nicola.piazzi
02 Jan 2019 08:53
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 838

Re: Sophos AV does no more work !

Yes, but if you invoke a scan with new sophos output is correct (spool and not pool)
by nicola.piazzi
31 Dec 2018 16:16
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 838

Sophos AV does no more work !

Hi, I found that mailscanner doesn no more catch sophos virus, this in an existing installation and also in a fresh install Here maillog of a working message : 2018-12-03T01:13:17.634913+01:00 EFA42 MailScanner[4191]: >>> Virus 'Mal/DrodAce-A' found in file ./27176108233.AC1B9/201283765ref20181203_x...
by nicola.piazzi
29 Dec 2018 12:20
Forum: 3.x How-to
Topic: About user whitelisting
Replies: 1
Views: 111

About user whitelisting

I wrote a little piece of code that enable users to whitelist senders I put it into signature with a link to the message id, so, if user press it, sender can be whitelisted This is link example : http://efa42.gruppocomet.it/cgi-bin/comet.whitelist.cgi?id=A35681075ED.A1BAF comet.whitelist.cgi get id ...
by nicola.piazzi
27 Dec 2018 16:35
Forum: 3.x How-to
Topic: Avoid local messages to be virus scanned
Replies: 0
Views: 93

Avoid local messages to be virus scanned

My config takes for each message : 5 secs for spamassassin 18 secs scan by clam 7 secs to scan by sophos With this directives we can avoid to check messages that comes from internal network directed to outside vi /etc/MailScanner/MailScanner.conf Comment this line #Virus Scanning = yes And add this ...
by nicola.piazzi
27 Dec 2018 14:56
Forum: 3.x Feature Requests
Topic: clamscan cpu consumption
Replies: 0
Views: 176

clamscan cpu consumption

I found that clamscan use a large cpu for each message scan I think that is not related to size of file to scan but is related to load scan library each time that runs in this example we can see that scanning 2 messages take a little more than 1 message only scam but when invoked from mailscanner it...
by nicola.piazzi
27 Dec 2018 10:30
Forum: 3.x Bugs
Topic: barracuda removed From spamassassin ?
Replies: 0
Views: 108

barracuda removed From spamassassin ?

I found that barracuda rbl was no more on spamassassin I found because i redefined score in local.cf and it give me a warn Barracura is the most important rbl, i fuound that it work also without registration i added manualy my own -cf like this ifplugin Mail::SpamAssassin::Plugin::DNSEval header RCV...
by nicola.piazzi
11 Jul 2018 10:04
Forum: 3.x How-to
Topic: New virus difficoutl to catch
Replies: 3
Views: 1127

Re: New virus difficoutl to catch

attachment name changes each time, i think that there is no way
the only way can be to remove attachments in high score spam (and can be useful)
by nicola.piazzi
10 Jul 2018 09:50
Forum: 3.x How-to
Topic: New virus difficoutl to catch
Replies: 3
Views: 1127

New virus difficoutl to catch

There is a virus that make a reply to all inbox messages and send mail attaching itself It is very difficoult to catch because il is a reply to a valid mail Have someone some idea of a rule to catch it ? i found that it is positive to FORGED_MUA_OUTLOOK at now Someone know how to remove attachements...
by nicola.piazzi
15 Feb 2018 07:31
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3033

Re: ow Plugin Update

:-)
by nicola.piazzi
14 Feb 2018 16:09
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3033

Re: ow Plugin Update

ow_outgoing_recipient is a table that is filled with email addresses when someone internal send a mail to these when someone send a message from these email and have spfok from one of these is GOOD ow_outgoing_messageid if filled when someone internal send email and contain your Exchange generated m...
by nicola.piazzi
14 Feb 2018 13:36
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3033

Re: ow Plugin Update

yes i think you must work on it
by nicola.piazzi
14 Feb 2018 13:33
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3033

Re: ow Plugin Update

Plugin never changed
I am not able to support you in this, plugin is very self made
You need to see the format of mesaageid from your Exchange if changed
by nicola.piazzi
12 Jan 2018 08:22
Forum: 3.x How-to
Topic: Interesting email based blacklist
Replies: 11
Views: 1076

Re: Interesting email based blacklist

yes, they are based on real case so hit is 100%
by nicola.piazzi
08 Jan 2018 07:12
Forum: 3.x Feature Requests
Topic: A new Antivirus
Replies: 8
Views: 3169

Whi not virustotal public api ? 2 reasons :

1 ) it is limited to at most 4 requests of any nature in any given 1 minute time frame. 2 ) The public API is a free service, available for any website or application that is free to consumers. The API must not be used in commercial products or services, it can not be used as a substitute for antivi...