Menu
▾
▴
lavp-mailgateway
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(8) |
Jul
(2) |
Aug
(2) |
Sep
|
Oct
(8) |
Nov
|
Dec
|
|---|
|
From: Rainer L. <li...@fo...> - 2000-10-28 16:52:37
|
Rainer Link wrote: > -------- Original Message -------- > Subject: The OpenAntiVirus Project > Date: Sat, 21 Oct 2000 14:43:38 +0200 > From: Rainer Link <li...@fo...> > Organization: http://rainer.w3.to/ > To: > lav...@li...,lav...@li... > > Hi folks! > > Just as a reminder, the LAVP project will be replaced by The > OpenAntiVirus Project, see www.openantivirus.org. To be more specific I would advise everyone subscribed here to subscribe to openantivirus-discuss :-) cheers, Rainer -- Rainer Link | Student of Computer Networking li...@su... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: Rainer L. <li...@fo...> - 2000-10-28 16:26:51
|
Hi! Seems this mail didn't get through ... cheers, Rainer -------- Original Message -------- Subject: The OpenAntiVirus Project Date: Sat, 21 Oct 2000 14:43:38 +0200 From: Rainer Link <li...@fo...> Organization: http://rainer.w3.to/ To: lav...@li...,lav...@li... Hi folks! Just as a reminder, the LAVP project will be replaced by The OpenAntiVirus Project, see www.openantivirus.org. best regards, Rainer Link -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) li...@su... | Member of AMaViS Development Team (amavis.org) rainer.w3.to | OpenAntiVirus Project (www.openantivirus.org) |
|
From: Lars H. <lhe...@nm...> - 2000-10-18 13:39:32
|
> > Technically, the minimum acceptable value of _POSIX_NAME_MAX is 14 > > (according POSIX.1). > > I'd suggest to use pathconf(2) or fpathconf(2). > > Oh, well :( Rule Number 1: First look into Stevens' book before posting Hey, I did that ;-) |
|
From: Rainer L. <li...@fo...> - 2000-10-18 13:23:25
|
Lars Hecking wrote: > > Well, please excuse my stupidity, but why should I limit the length of a > > filename one Unix/Linux maschine to 32? This makes no sense to me. Or do > > I miss the point? > Technically, the minimum acceptable value of _POSIX_NAME_MAX is 14 > (according POSIX.1). > I'd suggest to use pathconf(2) or fpathconf(2). Oh, well :( Rule Number 1: First look into Stevens' book before posting ... cheers, Rainer -- Rainer Link | Student of Computer Networking li...@su... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: Lars H. <lhe...@nm...> - 2000-10-18 10:26:57
|
> Well, please excuse my stupidity, but why should I limit the length of a > filename one Unix/Linux maschine to 32? This makes no sense to me. Or do > I miss the point? Technically, the minimum acceptable value of _POSIX_NAME_MAX is 14 (according POSIX.1). I'd suggest to use pathconf(2) or fpathconf(2). |
|
From: Rainer L. <li...@fo...> - 2000-10-18 10:14:28
|
Jason Haar wrote: > > If I send a this-is-a-very-very-long-or-even-longer.vbs attachment, I > > can not block it per file extension, because the filename is cut off after > > 32 chars. Yes, filtering per file type is better, but IIRC ther's no file > > magic for .vbs because it's simple text. > The reason he's put that fix in there is because before reformime used to > fail to save a file attachment if the proposed filename was > the underlying > filesystem filename limit (no surprise there ;-). So the fix for that was to > limit the filesize. Well, please excuse my stupidity, but why should I limit the length of a filename one Unix/Linux maschine to 32? This makes no sense to me. Or do I miss the point? > Sam, could you cut the filename down to the LAST 32 chars instead of the > first 32 instead? This could be a solution/workaroung, yes. cheers, Rainer -- Rainer Link | Student of Computer Networking li...@su... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: Jason H. <Jas...@tr...> - 2000-10-17 22:31:20
|
On Tue, Oct 17, 2000 at 12:34:50PM +0200, Rainer Link wrote:
>
> Hi!
>
> reformime now cuts of file names langer than 32 chars. This has
> a drawback:
>
> If I send a this-is-a-very-very-long-or-even-longer.vbs attachment, I
> can not block it per file extension, because the filename is cut off after
> 32 chars. Yes, filtering per file type is better, but IIRC ther's no file
> magic for .vbs because it's simple text.
>
Sigh - Sam can't win :-)
The reason he's put that fix in there is because before reformime used to
fail to save a file attachment if the proposed filename was > the underlying
filesystem filename limit (no surprise there ;-). So the fix for that was to
limit the filesize.
Sam, could you cut the filename down to the LAST 32 chars instead of the
first 32 instead?
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
|
|
From: Rainer L. <li...@su...> - 2000-10-17 10:34:53
|
Hi! reformime now cuts of file names langer than 32 chars. This has a drawback: If I send a this-is-a-very-very-long-or-even-longer.vbs attachment, I can not block it per file extension, because the filename is cut off after 32 chars. Yes, filtering per file type is better, but IIRC ther's no file magic for .vbs because it's simple text. Comments? best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts li...@su... | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org) |
|
From: Lars H. <lhe...@nm...> - 2000-08-02 23:12:36
|
> This is a mail message filter for use on mail servers that run > Sendmail version 8.10.1 or later. The filter examines > messages being processed by Sendmail, and accepts or rejects > them on the basis of their header contents. In addition to > the main message headers, the filter examines the MIME part > headers within a multipart message. It can therefore be > used to reject messages containing attachments with > particular filenames or filename extensions. Without taking a closer look, this seems quite similar to Bennett Todd's mailfilt for postfix. |
|
From: Rainer L. <li...@fo...> - 2000-08-02 21:08:39
|
Hi! Just FYI ... I did not have a closer look at it ... cheers, Rainer -------- Original Message -------- Subject: Configurable e-mail filter for sendmail. Free to download! Date: Wed, 02 Aug 2000 15:21:05 +0100 From: Ray Butler <but...@sb...> Organization: Posted via ULCC Internet Services Newsgroups: comp.mail.sendmail Ray's Mail Filter is now available for download from http://www.sendmail-filter.sbu.ac.uk This is a mail message filter for use on mail servers that run Sendmail version 8.10.1 or later. The filter examines messages being processed by Sendmail, and accepts or rejects them on the basis of their header contents. In addition to the main message headers, the filter examines the MIME part headers within a multipart message. It can therefore be used to reject messages containing attachments with particular filenames or filename extensions. Rejection criteria are controlled by configuration files, and can be changed without having to re-start the filter. Using the configuration files as supplied, the filter will reject any message that has an attachment of a type that is listed as "unsafe" in the Microsoft Outlook E-mail Security Update (Microsoft Article ID: Q262617). As a partial defence against malicious exploitation of the buffer overrun problem in certain versions of Microsoft Outlook, the filter will also reject messages whose Date header is more than 60 characters in length. Rejected messages are saved in message files, annotated to show the reason for rejection. A log is kept of all messages processed by the filter. The software is distributed under the terms of the GNU General Public Licence, without any warranty whatsoever; USE IT AT YOUR OWN RISK. (See http://www.fsf.org/copyleft/gpl.html). The software was developed on a DEC Alpha box running Digital Unix V4.0F. It has also been tested on an i686 machine running Linux (Red Hat 6.1). The author would be pleased to hear of successful implementations on other platforms. Ray Butler Systems Programmer Computer Services Department South Bank University London, UK. |
|
From: Rainer L. <li...@fo...> - 2000-07-21 16:41:01
|
Hi ppl! Just FYI. cheers, Rainer -------- Original Message -------- Subject: VBS filtering for 8.11 Date: Fri, 21 Jul 2000 11:48:24 +0200 From: Al Smith <Al.Smith@REMOVE.aeschi.CAPITALS.ch.TO.eu.REPLY.org> Organization: GeneData AG Newsgroups: comp.mail.sendmail There is a new version of vbsfilter.c available from http://aeschi.ch.eu.org/milter/. This is an update for 8.11 - no new features have been added. Unfortunately, the milter protocol has changed between 8.10 and 8.11 - a V1 (8.10) filter will not be able to talk to a V2 (8.11) MTA, and vice versa. However, the V2 protocol now incorporates a capability negotiator, so future features should not require protocol changes. Regards, Al. |
|
From: Rainer L. <li...@fo...> - 2000-07-14 17:38:54
|
Hi! FYI cheers, Rainer -------- Original Message -------- Subject: Announcement: Sendmail::Milter Perl module Date: Thu, 13 Jul 2000 21:23:42 -0700 From: Charles Ying <cy...@se...> Organization: Sendmail, Inc. Newsgroups: comp.mail.sendmail Sendmail::Milter provides users with the ability to write mail filters in Perl that tightly integrate with sendmail's mail filter API. I wrote this module in an effort to make it easier for people to write mail filters for sendmail; there are a lot of cool things you can do. With this module, you would define and register Perl callbacks with the Milter engine. This module then call your perl callbacks using interpreters from a threaded persistent interpreter pool. (Similar to mod_perl 2.0) Milter contexts are presented to the user using an object-oriented style interface for performing operations on a Milter context. This module is in a beta state right now; it would be great if it got some testing (and general-use comments) from people outside of my hovel. There are some known memory use issues related to CV code references being cloned across interpreter contexts (Use string function names instead for safety). sendmail 8.11.0 itself is also in beta, thus this module will need to be retested/updated as sendmail is updated. You can find the Sendmail-Milter-0.12.tar.gz distribution and docs at: http://sourceforge.net/projects/sendmail-milter/ or you can access the tarball directly at: http://download.sourceforge.net/sendmail-milter/Sendmail-Milter-0.12.tar.gz This module should be available directly from CPAN in the near future. Note: I can't guarantee the stability, performance, or usability of this module; if you need such a thing, give the folks at ActiveState a call. They're developing such a module, and given that they're the Perl experts, are bound to know how to do this properly. Have fun! -- Charles |
|
From: Lars H. <lhe...@nm...> - 2000-06-24 15:44:33
|
> I think most of us read BugTraq? Anyway, I decided to post a small > "announcement" > of MIME Defanger here (http://www.roaringpenguin.com/mimedefang/) > > It's based on the libmilter stuff (his mimedefang.c comes with nice > documenation imho) and has the functionality to transfer Word files into > HTML (which was also Ragnar's idea for his mailchecker). This is not a good thing IMHO. The best program for this is wvHtml (from wvware), and it produces some, shall we say, interesting results at times. |
|
From: Rainer L. <li...@fo...> - 2000-06-24 09:28:08
|
'lo ppl! I think most of us read BugTraq? Anyway, I decided to post a small "announcement" of MIME Defanger here (http://www.roaringpenguin.com/mimedefang/) It's based on the libmilter stuff (his mimedefang.c comes with nice documenation imho) and has the functionality to transfer Word files into HTML (which was also Ragnar's idea for his mailchecker). cheers, Rainer -- Rainer Link | Student of Computer Networking ra...@w3... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: Rainer L. <li...@fo...> - 2000-06-21 07:52:44
|
Lars Hecking wrote: > > I hope your OSS tools work better and are not so flawless as some > [I guess you really mean "they are not as flawed as commercial tools" ...] Uh, shit happens. Yes, Lars, you're right. I shouldn't write eMails just after Germany has lost a soccer match > > Lars, uh, TNEF files should be handled correctly in AMaViS and > > AMaViS-Perl?! > > Dunno about amavis, but amavis-perl does now, and has been for a few days. Well, I'm using a new TNEF version (newer than the one, which comes with SuSE 6.2) and it *seems* to work quite well. But some more tests are needed, imho. > I gave Doug Wilson, author of Convert-TNEF, some feedback, with the result > that the module went from version 0.04 to 0.08 in just a few days :) > Minimum version required 0.06. Ok, so we'll need to the requirements in doc/ or, well, we'll have to rewrite it completly for 0.2.1 and the first release of AMaViS-Perl as 0.3.0 > > As an aside, I have updated perl around here to 5.6.0, and all the modules > to their resp. latest versions. MIME-tools is now at 5.x, and there were > changes necessary in amavis-perl to reflect this. Uhh ... I hope the Perl Module Mail::Internet has updated, too, so that it can handle batched SMTP and parse header and body correctly - it would make adding exim support easier ... but I don't have the time to update to Perl 5.6.x > [snippety snip - yes, I read bugtraq, too] I know - at least from your last posting :-) cheers, Rainer -- Rainer Link | Student of Computer Networking ra...@w3... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: Lars H. <lhe...@nm...> - 2000-06-21 00:29:05
|
> I hope your OSS tools work better and are not so flawless as some [I guess you really mean "they are not as flawed as commercial tools" ...] > commercial tools ;-)) > > Lars, uh, TNEF files should be handled correctly in AMaViS and > AMaViS-Perl?! Dunno about amavis, but amavis-perl does now, and has been for a few days. I gave Doug Wilson, author of Convert-TNEF, some feedback, with the result that the module went from version 0.04 to 0.08 in just a few days :) Minimum version required 0.06. I haven't committed the changes to cvs yet. As an aside, I have updated perl around here to 5.6.0, and all the modules to their resp. latest versions. MIME-tools is now at 5.x, and there were changes necessary in amavis-perl to reflect this. [snippety snip - yes, I read bugtraq, too] |
|
From: Rainer L. <li...@fo...> - 2000-06-20 21:22:30
|
Hi guys! Well, enjoy ... I hope your OSS tools work better and are not so flawless as some commercial tools ;-)) Lars, uh, TNEF files should be handled correctly in AMaViS and AMaViS-Perl?! Btw, I've invited also Jason Haar, the author of scan4virus - he's currently out of office, but I think he will join asap when he's back. cheers, Rainer -------- Original Message -------- Subject: Re: NAI WebShield SMTP does not scan base64 encoding Date: Tue, 20 Jun 2000 18:52:28 GMT From: chris.paget@ANALYSYS.COM Reply-To: chris.paget@ANALYSYS.COM To: BU...@se... References: <A77...@s0...> MS-TNEF is not used at any point in the process; neither is Outlook, nor Rich Text. The messages are plain text (a renamed copy of my autoexec.bat) being sent using Forte Agent - nothing Microsoft. The MIME types I have tried include application/octet-stream and text/plain - in neither case is the VBS / SHS file blocked. The only difference that I can see between this setup and another machine using Outlook (from which messages get blocked) is the encoding type - base64 instead of 8bit. If the attachment is indeed a known virus, it appears to be detected and cleaned; however, I am trying to block ALL potentially malicious attachments, and base64 encoding appears to circumvent those checks. Chris -- Chris Paget Software Engineer, Analysys LTD. chr...@an... mad...@mi... On Tue, 20 Jun 2000 14:37:46 -0400, you wrote: >Chris, >This problem is not caused by base64 encoding. It is caused by the message >being encoded in MS-TNEF (Microsoft Transport Neutral Encapsulation Format.) >and then getting base64 encoded. MS-TNEF is used when Outlook sends Rich >Text information over the Internet. > >NAI knows that this is a problem but they have been unable to fix it. Here's >my message to NAI and their response. >------------------------------- > -----Original Message----- > From: Jon > Sent: Tuesday, May 09, 2000 7:55 PM > To: Fronck, Destry > Subject: RE: Webshield smtp 4.03 virus gateway > > Destry, > > I talked to the Webshield guys and they said you are >completely correct. Not only that but NO company can scan those files >including ours. They did provide an article that may be of help to you. > > <<WebShield_MS-TNEF.doc>> > > Thanks > > > Jon > -------------------------------------- > Network Associates > Who's watching your network? > ------------------------------------- > > -----Original Message----- > From: Fronck, Destry >[mailto:DFronck@FDIC.gov] > Sent: Monday, May 08, 2000 7:38 AM > To: Jon > Cc: FDIC-CSIRT > Subject: Webshield smtp 4.03 virus >gateway > Importance: High > > Jon, I have discovered a problem with the >WebShield smtp 4.03 virus gateway for NT. We have had several instances of >the ILOVEYOU virus getting past the virus gateway. All of these were >detected by the VShield 4.03 desktop scanner. Both products are running the >same dat files; 4076 and the latest extra.dat. > > The problem is that the gateway does not >appear to scan MS-TNEF (Microsoft Transport Neutral Encapsulated Format) >content. This content is typically encapsulated in MIME like so > > ------_=_NextPart_000_01BFB8C1.7FC25C8A > Content-Type: application/ms-tnef > Content-Transfer-Encoding: base64 > > Can you verify this? > Does WebShield 4.5 fix this? Can you verify >this? > > Thanks, > Destry Fronck >----------------------------------------------- >Thanks, > Destry Fronck > >-----Original Message----- >From: chris.paget@ANALYSYS.COM [mailto:chris.paget@ANALYSYS.COM] >Sent: Tuesday, June 20, 2000 9:08 AM >To: BUGTRAQ@SECURITYFOCUS.COM >Subject: NAI WebShield SMTP does not scan base64 encoding > >While investigating todays virus outbreak (Stages.Worm), I noticed >that our email virus scanner (NAI WebShield SMTP 4.5, engine 4.0.50, >DAT 4.0.4082, 14/06/00) was not picking up all attachments. >The server is configured to block all SHS, VBS, etc attachments, and >notify the sender. However, when these are sent as Base64 encoding >(rather than 8-bit), they are passed by the server, and could >potentially infect the network. 8-bit attachments are successfully >scanned (and blocked if necessary). > >Chirs |
|
From: Rainer L. <li...@fo...> - 2000-06-15 11:28:27
|
Cha...@ao... wrote: Hi! > Hi there, just subscribed to this mailing list as suggested by Ragnar > Kjørstad. Ok, you're welcome :-) Lars, you may invite people also, of course. I did not had the time to write a public anouncement or whatever. > For your information, I'm currently developing a program called mhook, which > takes the pain out of developing software that utilises the libmilter APIs > built into Sendmail 8.10.1. I have thus far had many thoughts and ideas with > Ragnar's help. Great. Any URL, where I/we can download it? :-) > This in itself will speed up the development of anti-virus software for mail > gateways running Sendmail. Yes, that's what this project is for ;-) - well, not only limited to sendmail, of course. > If anyone on this list is interested in learning more about mhook, it is > still in development and I would warmly welcome your ideas. Well, I am. Unfortunately, I'm again "out-of-office" for some days. cheers, Rainer -- Rainer Link | Student of Computer Networking ra...@w3... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: Rainer L. <li...@fo...> - 2000-06-14 17:50:58
|
Hi!
Just FYI ... as libmilter stuff isn't the only thing :-) Afaik some
improvements to Content Filtering have been done with the latest postfix
release (Lars?)?.
cheers, Rainer
-------- Original Message --------
Subject: [Exim] Viral hooks
Date: Wed, 14 Jun 2000 17:58:46 +0100
From: Nigel Metheringham <Nig...@vd...>
To: exi...@ex...
I've been giving a little thought to ways of adding hooks for
operations such as virus scanning with the following contraints:-
- not intending to change mail (ie edit headers/bodies)
- reasonably general
- reasonably easy to implement
- understandable :-)
I've been wondering about having a filter operation *similar* to piping
but subtly different, used something like this:-
cmdprocess /path/to/cmd [args...]
This runs /path/to/cmd at the time that the filter processing is done
(unlike filter pipes which setup piped deliveries for later), with the
message on stdin (I would like an option for not having the msg on
stdin because in some cases it will unproductive) and a standard set of
environment variables *including* the spool file names (or probably the
spool file name without -H or -D) for programs that play fast and
loose. [The files would be locked whilst this is running so thats OK]
The return status is put into a numeric variable (could use an
existing, in which case add the variable name prior to the cmd path -
I've assumed a fixed $cmdret), and any generated text appears in
another variable - say $cmdtext.
I could use this something like:-
if first_delivery then
cmdprocess /usr/sbin/vscanner
if $cmdret is above 1 then
fail "Virus infested - $cmdtext"
else if $cmdret is above 0 then
freeze "Filter suspicious - $cmdtext"
endif
endif
endif
This could even be used in user filter files, although with more
interesting effects :-)
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@VData.co.uk ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##
|
|
From: Rainer L. <li...@fo...> - 2000-06-13 15:53:05
|
Hi folks! a) the name is now officially Linux/Unix Anti Virus Project b) if put on the short public description c) I've updated my Mini-FAQ (http://www.cn.is.fh-furtwangen.de/~link/security/av-linux_e.txt), see section 2.3.11 with libmilter stuff and others. If I missed some, please send me a mail. Thanks. d) I was writing on a public announcement, but to much other work to do. And this won't change in the future, as I'll have several exams in a few weeks. I hope Chris, the author of protector will join soon :-) cheers, Rainer -- Rainer Link | Student of Computer Networking ra...@w3... | University of Applied Sciences, Furtwangen, Germany rainer.w3.to | http://www.computer-networking.de/ |
|
From: <Cha...@ao...> - 2000-05-28 11:49:41
|
Hi there, just subscribed to this mailing list as suggested by Ragnar Kjørstad. For your information, I'm currently developing a program called mhook, which takes the pain out of developing software that utilises the libmilter APIs built into Sendmail 8.10.1. I have thus far had many thoughts and ideas with Ragnar's help. The idea is to make the development of mail filters a much much easier task, they can be written in any language or script, and "plugged in" quickly by modifying a simple config file. This in itself will speed up the development of anti-virus software for mail gateways running Sendmail. On the back of this may come another interface application which implements a "quarantine directory". The idea is, all mail items are quarantined while anti-virus software etc. checks them. Mail can then be delivered as normal, and/or archived, or locked up in the "death" directory. A concept similar to MAILsweeper. The administrator can free up locked mail items simply by moving the mail item back into the queue. If anyone on this list is interested in learning more about mhook, it is still in development and I would warmly welcome your ideas. Best regards, Mark Bannister :-) |
|
From: Rainer L. <li...@fo...> - 2000-05-25 07:19:03
|
just a test -- Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de) ra...@w3... | Member of AMaViS Development Team (dev.amavis.org) rainer.w3.to | Maintainer FAQ "antivirus for Linux" (av-linux.w3.to) |