Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: brianr on February 03, 2015, 05:05:59 PM
-
Can someone point me to something I can read so that will tell me how the patterns in the Email Settings/Email Filters Server Manager page work and can be produced?
We recently had a "zip" file come through that turned out to be a scr file masquerading as a pdf file. It left us with a small visitor on the PC!
Cheers Brian
-
http://wiki.contribs.org/Virus:Email_Attachment_Blocking
HTH :-)
-
http://wiki.contribs.org/Virus:Email_Attachment_Blocking
HTH :-)
yes, just what I needed - many thanks.
-
brianr
Some new zip signatures were added to the underlying code recently, perhaps you need to enable those in server manager Email panel.
If you find new signatures, please raise a bug report so they can be added to the mail patterns database.
-
an idea could be to share (we should study a way) signatures.. like AV ones
-
Stefano
an idea could be to share (we should study a way) signatures.. like AV ones
Well lodging a new feature request in bugzilla & submitting a new signature would get those signatures into the mail patterns database.
File types do not change often, so it is not a situation like AV where daily signature updates are needed.
Those recent zip file signatures were the first ones I was aware of in many years.
-
I had a cryptolocker email last week.. attach was a .cab file
-
Stefano
I am not sure of the point you are making.
If you do not want to receive .cab files, then block them by creating a mail pattern & add it to your servers database.
I had a cryptolocker email last week.. attach was a .cab file
-
brianr
Some new zip signatures were added to the underlying code recently, perhaps you need to enable those in server manager Email panel.
If you find new signatures, please raise a bug report so they can be added to the mail patterns database.
I do have all the patterns enabled already on this system. I'll certainly do as you say if something useful emerges.
-
Added bug as follows with new mail pattern.
http://bugs.contribs.org/show_bug.cgi?id=8833
-
brianr
Added bug as follows with new mail pattern.
http://bugs.contribs.org/show_bug.cgi?id=8833
Well I just checked bug 8717 & bug 8718 and that signature (or a shorter version of it)
UEsDBBQDA
was already added to the mailpatterns database
Bug 8718 was verified & fixed in
e-smith-email-5_4_0-9_el6_sme sme9
It looks like that rpm is still sitting in smeupdates-testing repo
http://distro.ibiblio.org/smeserver/releases/9/smeupdates-testing/i386/RPMS/
Bug 8717 was verified & fixed in
e-smith-email-5_2_0-26_el5_sme sme8
It looks like that rpm is still sitting in smetest repo
http://distro.ibiblio.org/smeserver/releases/8/smetest/i386/RPMS/
Looks like the next step(s) to move these to the smeupdates repo never happened.
You could install the e-smith-email rpm from the repo mentioned above & see how you go, you will get an extra signature as well
UEsDBBQAC
For sme9 do
yum update e-smith-email --enablerepo=smeupdates-testing
signal-event email-update
-
For sme9 do
yum update e-smith-email --enablerepo=smeupdates-testing
signal-event email-update
and for SME8:
yum update --enablerepo=smetest e-smith-email