Search found 494 matches

by JDunphy
Fri Feb 14, 2020 2:25 pm
Forum: Administrators
Topic: bypass ClamAV check for a specific sender
Replies: 6
Views: 984

Re: bypass ClamAV check for a specific sender

Without seeing these 2 headers... From and Return-Path, this is a guess. Also you don't say if the encrypted pdf was still virus scanned or didn't show up nor if you restarted amavis. I do see one obvious problem when desk checking your rules. You are scoring -7 points to your trusted sender (provid...
by JDunphy
Tue Feb 11, 2020 3:37 pm
Forum: Administrators
Topic: bypass ClamAV check for a specific sender
Replies: 6
Views: 984

Re: bypass ClamAV check for a specific sender

https://forums.zimbra.org/viewtopic.php?f=15&t=64117#p295675 Create a meta rule with SA and negatively score a hit on that rule when it also matches your users and encrypted pdf hit. It seams to me like your solution allows all encrypted PDF's. Is there a way to completely bypass the filters fo...
by JDunphy
Mon Feb 10, 2020 3:15 pm
Forum: Administrators
Topic: bypass ClamAV check for a specific sender
Replies: 6
Views: 984

Re: bypass ClamAV check for a specific sender

viewtopic.php?f=15&t=64117#p295675

Create a meta rule with SA and negatively score a hit on that rule when it also matches your users and encrypted pdf hit.

HTH,

Jim
by JDunphy
Thu Feb 06, 2020 9:07 pm
Forum: Administrators
Topic: Uptick in base64 encoded SPAM
Replies: 3
Views: 608

Re: Uptick in base64 encoded SPAM

What I am seeing is the email subject and body are base64 encoded. It seems that no checking is being performed on them as they fly straight through two different anti-spam systems I have in play. Interesting, base64 sounds to be a reasonable spam hit as it would be obfuscating the subject line IMO...
by JDunphy
Wed Feb 05, 2020 1:13 am
Forum: Community News
Topic: February 2020 Zeta Alliance Weekly Call Summaries
Replies: 9
Views: 3072

Re: February 2020 Zeta Alliance Weekly Call Summaries

Thanks Randy. These call summaries are very much appreciated.

PS. That is fantastic news with regard to Synacor giving Barry the Channel Evangelist role. I look forward to seeing some of his how-to articles.
by JDunphy
Tue Feb 04, 2020 6:35 pm
Forum: Administrators
Topic: Uptick in base64 encoded SPAM
Replies: 3
Views: 608

Re: Uptick in base64 encoded SPAM

SA doesn't have any issue with base64 and their rules do run against it. They won't run against if it's an attachment of course but for html or text, they have no problem. Perhaps you could begin to look for patterns when its base64. Here is one we do. full __J_BASE64_HACK /=D[01]=[A-F0-9][A-F0-9][A...
by JDunphy
Sat Feb 01, 2020 10:53 pm
Forum: Administrators
Topic: SA rule updates with sha1 checksums to stop on March 1, 2020
Replies: 3
Views: 1444

Re: SA rule updates with sha1 checksums to stop on March 1, 2020

Hi Jim, Thanks very much for this. 8.8.15 Patch 4 ships with SpamAssassin 3.4.1. Are you running Network Edition and if so can you open a support case with Zimbra? Hi Mark, Yes I am. Ticket has been opened with them. Given this seems to be a problem across all platforms, upgrading SA can be done vi...
by JDunphy
Sat Feb 01, 2020 7:28 pm
Forum: Administrators
Topic: SA rule updates with sha1 checksums to stop on March 1, 2020
Replies: 3
Views: 1444

SA rule updates with sha1 checksums to stop on March 1, 2020

If you are running spamassassin 3.4.1 or older, new rule updates will fail on March 1, 2020 when the rule checksums will no longer be hashed as sha1. You will require a /opt/zimbra/common/bin/sa-update with sha256/sha512 support to pull updated and new rules. What does this mean? No further rule upg...
by JDunphy
Wed Jan 29, 2020 6:20 pm
Forum: Administrators
Topic: Encrypted PDFs
Replies: 4
Views: 1440

Re: Encrypted PDFs

I thought I would share my solution since I have a new mobile app that likes to encrypt pdf's and I wasn't going to keep releasing it from quarantine. While the newer clamav updated with 8.7.11.p14 has the concept of encrypted docs vs encrypted archives, that isn't enough granularity when you just w...
by JDunphy
Wed Jan 29, 2020 2:03 pm
Forum: Administrators
Topic: Spam quarantine?
Replies: 2
Views: 351

Re: Spam quarantine?

Most likely they were dropped if they scored over 15 and you didn't see them delivered to the junk folder of the user. You can verify by doing something like this: % grep -i blocked /var/log/zimbra.log | awk '{print $22,$12}' | sort 48.131, <4383-238-65151-1330-anna=example.com@mail.dancklion.us> 48...

Go to advanced search