Search found 280 matches

by nicola.piazzi
10 Jan 2019 09:18
Forum: 3.x Feature Requests
Topic: Supported Antivirus Consideration & Question
Replies: 6
Views: 1353

Supported Antivirus Consideration & Question

I worked to find supported antivirus that can be used with EFA MailScanner and found that we have these 3 products 1 Clam that is included 2 Sophos 4 Linux that is free 3 Esets that have little fee about 100$ year Clam is invoked using daemon that already have patterns in memory, so it doesnt use re...
by nicola.piazzi
08 Jan 2019 07:27
Forum: 3.x How-to
Topic: Interesting email based blacklist
Replies: 11
Views: 1466

Re: Interesting email based blacklist

same dir where local.cf
by nicola.piazzi
03 Jan 2019 13:40
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 1724

Re: Sophos AV does no more work !

Hi Henk,
I also use esets and it works well
by nicola.piazzi
03 Jan 2019 09:04
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 1724

Also avg doesnt work

Hi henk Also AVG have (same) problem Install so : yum install glibc.i686 wget http://download.avgfree.com/filedir/inst/avg2013flx-r3118-a6926.i386.rpm rpm -i avg2013flx-r3118-a6926.i386.rpm vi /etc/MailScanner/virus.scanners.conf avg /usr/lib/MailScanner/wrapper/avg-wrapper /usr <<<<<<< this little ...
by nicola.piazzi
02 Jan 2019 14:28
Forum: Discussion
Topic: [SOLVED] Failing to get Spam Viruses to work in Mailscanner + SA
Replies: 3
Views: 2238

Re: [SOLVED] Failing to get Spam Viruses to work in Mailscanner + SA

Hi
As you can see in this page there is a complete description of extra signatures and how to use (virus or score 4 spam)

https://sanesecurity.com/usage/signatures/

But problem is to have description of output of each signature to use in "Virus Names Which Are Spam" directive

Have an idea ?
by nicola.piazzi
02 Jan 2019 12:01
Forum: Discussion
Topic: ESET integration
Replies: 4
Views: 1396

Re: ESET integration

vi /usr/lib/MailScanner/wrapper/esets-wrapper
change this :
exec ${PackageDir}/$Prog "$@"
with this :
exec sudo ${PackageDir}/$Prog "$@"

vi /etc/sudoers.d/Postfix (new file)
Insert this line and save :
postfix ALL=(ALL) NOPASSWD: /opt/eset/esets/sbin/esets_scan


now MailScanner --lint
by nicola.piazzi
02 Jan 2019 08:53
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 1724

Re: Sophos AV does no more work !

Yes, but if you invoke a scan with new sophos output is correct (spool and not pool)
by nicola.piazzi
31 Dec 2018 16:16
Forum: 3.x Bugs
Topic: Sophos AV does no more work !
Replies: 22
Views: 1724

Sophos AV does no more work !

Hi, I found that mailscanner doesn no more catch sophos virus, this in an existing installation and also in a fresh install Here maillog of a working message : 2018-12-03T01:13:17.634913+01:00 EFA42 MailScanner[4191]: >>> Virus 'Mal/DrodAce-A' found in file ./27176108233.AC1B9/201283765ref20181203_x...
by nicola.piazzi
29 Dec 2018 12:20
Forum: 3.x How-to
Topic: About user whitelisting
Replies: 1
Views: 237

About user whitelisting

I wrote a little piece of code that enable users to whitelist senders I put it into signature with a link to the message id, so, if user press it, sender can be whitelisted This is link example : http://efa42.gruppocomet.it/cgi-bin/comet.whitelist.cgi?id=A35681075ED.A1BAF comet.whitelist.cgi get id ...
by nicola.piazzi
27 Dec 2018 16:35
Forum: 3.x How-to
Topic: Avoid local messages to be virus scanned
Replies: 0
Views: 293

Avoid local messages to be virus scanned

My config takes for each message : 5 secs for spamassassin 18 secs scan by clam 7 secs to scan by sophos With this directives we can avoid to check messages that comes from internal network directed to outside vi /etc/MailScanner/MailScanner.conf Comment this line #Virus Scanning = yes And add this ...
by nicola.piazzi
27 Dec 2018 14:56
Forum: 3.x Feature Requests
Topic: clamscan cpu consumption
Replies: 0
Views: 405

clamscan cpu consumption

I found that clamscan use a large cpu for each message scan I think that is not related to size of file to scan but is related to load scan library each time that runs in this example we can see that scanning 2 messages take a little more than 1 message only scam but when invoked from mailscanner it...
by nicola.piazzi
27 Dec 2018 10:30
Forum: 3.x Bugs
Topic: barracuda removed From spamassassin ?
Replies: 0
Views: 317

barracuda removed From spamassassin ?

I found that barracuda rbl was no more on spamassassin I found because i redefined score in local.cf and it give me a warn Barracura is the most important rbl, i fuound that it work also without registration i added manualy my own -cf like this ifplugin Mail::SpamAssassin::Plugin::DNSEval header RCV...
by nicola.piazzi
11 Jul 2018 10:04
Forum: 3.x How-to
Topic: New virus difficoutl to catch
Replies: 3
Views: 1266

Re: New virus difficoutl to catch

attachment name changes each time, i think that there is no way
the only way can be to remove attachments in high score spam (and can be useful)
by nicola.piazzi
10 Jul 2018 09:50
Forum: 3.x How-to
Topic: New virus difficoutl to catch
Replies: 3
Views: 1266

New virus difficoutl to catch

There is a virus that make a reply to all inbox messages and send mail attaching itself It is very difficoult to catch because il is a reply to a valid mail Have someone some idea of a rule to catch it ? i found that it is positive to FORGED_MUA_OUTLOOK at now Someone know how to remove attachements...
by nicola.piazzi
15 Feb 2018 07:31
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3653

Re: ow Plugin Update

:-)
by nicola.piazzi
14 Feb 2018 16:09
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3653

Re: ow Plugin Update

ow_outgoing_recipient is a table that is filled with email addresses when someone internal send a mail to these when someone send a message from these email and have spfok from one of these is GOOD ow_outgoing_messageid if filled when someone internal send email and contain your Exchange generated m...
by nicola.piazzi
14 Feb 2018 13:36
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3653

Re: ow Plugin Update

yes i think you must work on it
by nicola.piazzi
14 Feb 2018 13:33
Forum: 3.x How-to
Topic: ow Plugin Update
Replies: 16
Views: 3653

Re: ow Plugin Update

Plugin never changed
I am not able to support you in this, plugin is very self made
You need to see the format of mesaageid from your Exchange if changed
by nicola.piazzi
12 Jan 2018 08:22
Forum: 3.x How-to
Topic: Interesting email based blacklist
Replies: 11
Views: 1466

Re: Interesting email based blacklist

yes, they are based on real case so hit is 100%
by nicola.piazzi
08 Jan 2018 07:12
Forum: 3.x Feature Requests
Topic: A new Antivirus
Replies: 8
Views: 3674

Whi not virustotal public api ? 2 reasons :

1 ) it is limited to at most 4 requests of any nature in any given 1 minute time frame. 2 ) The public API is a free service, available for any website or application that is free to consumers. The API must not be used in commercial products or services, it can not be used as a substitute for antivi...
by nicola.piazzi
28 Nov 2017 11:28
Forum: Discussion
Topic: New Talos Reputation
Replies: 0
Views: 801

New Talos Reputation

Here is the site of this big project by Cisco
https://www.talosintelligence.com/

Someone know how to query it ?
by nicola.piazzi
27 Nov 2017 07:59
Forum: 3.x How-to
Topic: Interesting email based blacklist
Replies: 11
Views: 1466

Re: Interesting email based blacklist

yes,
there are not a lot of hits because this is non a rbl
this is email address based so it have few entries but these are sure that is spam
by nicola.piazzi
27 Nov 2017 07:43
Forum: 3.x How-to
Topic: Interesting email based blacklist
Replies: 11
Views: 1466

Re: Interesting email based blacklist

Only 11 hits in the weekend but absolutely no false positive, i ' ll increase score to 3.00
by nicola.piazzi
24 Nov 2017 15:18
Forum: 3.x Feature Requests
Topic: Mailscanner plugin for checking download URLs
Replies: 3
Views: 1583

Re: Mailscanner plugin for checking download URLs

Hi,
This is done automaticaly by antivirus that scans each message
EFA includes CLAM but if you want is very easy to add SOPHOS so you can have 2 engines