You can subscribe to this list here.
2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
(2) |
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
|
Oct
|
Nov
(4) |
Dec
(4) |
2003 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2004 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(5) |
2007 |
Jan
(2) |
Feb
(1) |
Mar
(1) |
Apr
(2) |
May
|
Jun
(1) |
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(6) |
Aug
(3) |
Sep
(11) |
Oct
(9) |
Nov
(24) |
Dec
(35) |
2009 |
Jan
(10) |
Feb
(15) |
Mar
(13) |
Apr
(22) |
May
(35) |
Jun
(14) |
Jul
(33) |
Aug
(10) |
Sep
(3) |
Oct
|
Nov
|
Dec
(8) |
2010 |
Jan
(7) |
Feb
(8) |
Mar
(1) |
Apr
|
May
(5) |
Jun
(4) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: <ni...@co...> - 2000-08-04 03:59:40
|
--snip-- > There is always a way to contribute - if you don't feel confident enough > to code you can contribute ideas, test new versions, tell us (well, > currently me!) when we stuffed up. If you don't mind doco I could add > you > as the projects documentation manager - there are tools on Sourceforge > to help with this. YUP, I have now uploaded some docs.. the formatting has been lost, I will have to redo it in html, but at least it's there.. I will fix it later, busy cleaning out my desk atm :) > Got it. BTW - sourceforge now has a non-ssl login option. I prefer it > as > the site is a lot faster with cacheing. ok.. I managed to get in now.. |
From: <ja...@ce...> - 2000-08-04 02:43:07
|
> > Kewl, this all sounds like fun. Unfortunately I am only a small time coder > (read self taught plus comp101 etc :) I don't actually code as part of my > job, so I'm happy to help where I can, but thats probably not alot. Maybe I > can do documentation/install scripts etc.. > There is always a way to contribute - if you don't feel confident enough to code you can contribute ideas, test new versions, tell us (well, currently me!) when we stuffed up. If you don't mind doco I could add you as the projects documentation manager - there are tools on Sourceforge to help with this. > Thanks, all my posts after today will be from ni...@co... or > pe...@it... > Got it. BTW - sourceforge now has a non-ssl login option. I prefer it as the site is a lot faster with cacheing. Cheers Jason. --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jas...@ce... |
From: Peter N. <Pe...@ji...> - 2000-08-04 02:33:28
|
> -----Original Message----- > From: ja...@ce... [mailto:ja...@ce...] > Sent: Friday, 4 August 2000 12:24 > To: Peter Nixon > Cc: mfi...@li... > Subject: Re: [Mfilter-devel] IT INFO : How our Internet Gateway Virus > Checks our Email > > > > Thanks Peter. > > I have been a little too flooded to work on the scripts up until this > week, however as I have just had the week off sick I have had > a change to > do a lot of design work on features I'd like to see us > introduce into the > scanner. > > What was your sourceforge login again ? I'll add you for CVS > access at the > site. BTW - inour case the scanner is handling in excess of > 10,000 emails > per day, 60% of which have attachements, and rejects in the > order of 200 > emails per day for viri and blocked file types. Sourceforge login is "peternixon" however I can't actually login as ssl doesn't seem to work or something... > I am curious about these buffer overflows. I have found some > areas where > we need to clean the environment and clean file names for > possible shell > escapes (actually - avoid using shell altogether, it isn't needed). I am gonna forward this question to Nik, one of the guys who was looking through the code.. > Some of the things I have been looking at from my own requirements: > > 1. Web-based config. This is so I don't have to manage the > thing. (Ok - > I'm lasy !). > > 2. Pre-forking server. Main process keeps the think running and the > children do the work. > > 3. Modified to run as a real daemon. forks, setsid's, > setuid, setguid, > chroot and syslog. This is basically finished. > > 4. Modified to allow for 'plugin' extensions. An extension could be a > different type of scanner, filter process ect. So we can add > support for new modules via the config rather than hand-coding. > > 5. We should probably discuss the pro's and con's of recoding in 'C'. > > > Are there enough people here to start some discussions ? Kewl, this all sounds like fun. Unfortunately I am only a small time coder (read self taught plus comp101 etc :) I don't actually code as part of my job, so I'm happy to help where I can, but thats probably not alot. Maybe I can do documentation/install scripts etc.. > BTW - congrats on your new job. Thanks, all my posts after today will be from ni...@co... or pe...@it... > Now wouldn't you prefer a job with Australias leading e-comm > company and > the highest monetary mission critical linux site world wide ? hehe.. nah the job I'm starting is pretty cool!! (i hope) I'm gonna be Project Manager/Security Consultant for ITAC (see http://www.itaudit.com.au if you don't know who they are :) cheers |
From: <ja...@ce...> - 2000-08-04 02:24:04
|
Thanks Peter. I have been a little too flooded to work on the scripts up until this week, however as I have just had the week off sick I have had a change to do a lot of design work on features I'd like to see us introduce into the scanner. What was your sourceforge login again ? I'll add you for CVS access at the site. BTW - inour case the scanner is handling in excess of 10,000 emails per day, 60% of which have attachements, and rejects in the order of 200 emails per day for viri and blocked file types. I am curious about these buffer overflows. I have found some areas where we need to clean the environment and clean file names for possible shell escapes (actually - avoid using shell altogether, it isn't needed). Some of the things I have been looking at from my own requirements: 1. Web-based config. This is so I don't have to manage the thing. (Ok - I'm lasy !). 2. Pre-forking server. Main process keeps the think running and the children do the work. 3. Modified to run as a real daemon. forks, setsid's, setuid, setguid, chroot and syslog. This is basically finished. 4. Modified to allow for 'plugin' extensions. An extension could be a different type of scanner, filter process ect. So we can add support for new modules via the config rather than hand-coding. 5. We should probably discuss the pro's and con's of recoding in 'C'. Are there enough people here to start some discussions ? BTW - congrats on your new job. Now wouldn't you prefer a job with Australias leading e-comm company and the highest monetary mission critical linux site world wide ? Cheers Jason. --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jas...@ce... |
From: Peter N. <Pe...@ji...> - 2000-08-04 01:52:06
|
OK guys, it's been over a month since I was asked to submit info about this script, but I have been a little busy, anyways, better late than never! There is now a homepage (sorta..) up at http://sourceforge.net/project/?group_id=5609 and a mailing list at mfi...@li... Note: This program is stable and running in production at several sites, however there are several "possible" buffer overflows in the source atm. I have not had a chance to fix them since they were pointed out to me a few days ago by the programmer at the desk behind me :) Here is a bit of a description on how it works: The gateway has a deamon program running called SMTPD that accepts all incoming email, whether its from inside our network (Exchange Server) or from outside sources. The STMPD program dumps this email into a folder on the linux server called INCOMING (/usr/spool/smtpd/incoming). A different program background job SMTP-VIRUS (usr/sbin/smtp-virus) periodically checks the INCOMING folder and runs anything it finds in there through the Linux AVP Virus checker. AVP on Linux is installed in the /usr/local/avp folder. If the message is virus free, it is then moved to the SCANNED folder (/usr/spool/smtpd/scanned) The main SENDMAIL program periodically checks the SCANNED folder, works out who the messages are destined for, and sends them on to their destination. This whole process looks to take only 30 seconds or so (depending on the size of the emails). If a message in the INCOMING folder is found to be virus infected, it is instead moved to the BAD folder (/usr/spool/smtpd/bad). Anything in the BAD folder is scanned again by the program SMTP-BADMAIL (/usr/sbin/smtp-badmail) to find out exactly what it is infected with. The same program generates a warning email which goes to the original sender of the email and also gets copied to the admin account on our exchange box. The original recipient of the file is not notified. At this point, the infected email is moved to the BAD_ARCHIVE folder (/usr/spool/smtpd/bad_archive) where it stays until we delete it. The basic diagram below gives a good idea of the flow of the process. ALL EMAILS -> SMTPD -> INCOMING FOLDER -> SMTP-VIRUS (VIRUS CHECKER) -> VIRUS FREE -> SCANNED FOLDER -> DELIVERED TO RECIPIENT VIA SENDMAIL | --> INFECTED -> BAD FOLDER -> SMTP-BADMAIL sends warning emails -> BAD_ARCHIVE The SMTP-VIRUS and SMTP-BADMAIL programs are perl scripts (equivalent to a dos batch file), and these can be edited with PICO to make adjustments. If you wish to change the warning message, it can be found in the smtp-badmail file (pico /usr/sbin/smtp-badmail). AVP is set to automatically update itself every 4 hours via the CRON job /usr/local/avp/update.sh. This file connects to a local AVP FTP site and grabs any files newer than its own, so we are essentially only a few hours away from the latest update all the time. The update.sh file gets its settings from the /usr/local/avp/avp.pkg text file, which tells it what site to connect to etc. Have alot of Fun!!!!! _______________________________________________________________ Peter Nixon Systems Engineer Jigsaw Technology Pty Ltd URL: http://www.jigsaw.com.au Address: 21 Boomerang Place Seven Hills NSW 2147 Australia Phone: 02 9672 4222 Fax: 02 9672 4211 Email: pe...@ji... _______________________________________________________________ > -----Original Message----- > From: Rainer Link [mailto:li...@fo...] > Sent: Friday, 7 July 2000 9:48 > To: Peter Nixon > Subject: Re: [suse-security] weird seccheck-0.9-35 behaviour > > > Peter Nixon wrote: > > Hi! > > Sorry, no answer to your question :-) > > > I am using seccheck-0.9-35 on SuSE 6.4 with all available > security options > > and updates. > > This machine also runs squid,sendmail,smtpd,AVP and BIND > > > 178 ? S 0:00 /bin/su - mail -c /usr/sbin/smtp-virus > > 191 ? S 0:48 \_ perl /usr/sbin/smtp-virus > > 5689 ? S 0:00 \_ sh -c /usr/local/avp/AvpLinux > > /var/spool/smtpd/incoming/smtpdvI0vSs >> > /var/tmp/smtpdvI0vSs.191/scanlog > > 5690 ? R 0:00 \_ /usr/local/avp/AvpLinux > > /var/spool/smtpd/incoming/smtpdvI0vSs > > 183 ? S 0:02 /usr/sbin/smtpfwdd -u mail -g daemon -d > > /var/spool/smtpd/scanned > > What's smtp-virus? Is it your own solutions (maybe GPL'ed)? Thanks for > your information. > (P.S. If it's GPL I would like to add it to lavp.sourceforge.net) > > best regards, > Rainer Link > -- > Rainer Link | Student of Computer Networking > > ra...@w3... | University of Applied Sciences, Furtwangen, > Germany > rainer.w3.to | http://www.computer-networking.de/ > |
From: Peter N. <Pe...@ji...> - 2000-08-04 01:51:59
|
Hi guys, Just to break the silence I thought I'd send some info that may want to be included in the docs for mfilter. I will get around to submitting my SuSE 6.4 init scripts sometime next week. (I have been very busy the last month as I finish at Jigsaw tomorrow) I will therefore be using pe...@it... as my new email address. I will change my sourceforge config as soon as I can get the ssl login to work... bah! Anyway, here is the description I have given one of my clients who I installed mfilter for. (Running on SuSE 6.4 of course :-) This gateway is handling 400 odd email messages (and 2-3 viruses) per day and they are very happy with it. --start doco-- The gateway has a deamon program running called SMTPD that accepts all incoming email, whether its from inside our network (Exchange Server) or from outside sources. The STMPD program dumps this email into a folder on the linux server called INCOMING (/usr/spool/smtpd/incoming). A different program background job SMTP-VIRUS (usr/sbin/smtp-virus) periodically checks the INCOMING folder and runs anything it finds in there through the Linux AVP Virus checker. AVP on Linux is installed in the /usr/local/avp folder. If the message is virus free, it is then moved to the SCANNED folder (/usr/spool/smtpd/scanned) The main SENDMAIL program periodically checks the SCANNED folder, works out who the messages are destined for, and sends them on to their destination. This whole process looks to take only 30 seconds or so (depending on the size of the emails). If a message in the INCOMING folder is found to be virus infected, it is instead moved to the BAD folder (/usr/spool/smtpd/bad). Anything in the BAD folder is scanned again by the program SMTP-BADMAIL (/usr/sbin/smtp-badmail) to find out exactly what it is infected with. The same program generates a warning email which goes to the original sender of the email and also gets copied to the admin account on our exchange box. The original recipient of the file is not notified. At this point, the infected email is moved to the BAD_ARCHIVE folder (/usr/spool/smtpd/bad_archive) where it stays until we delete it. The basic diagram below gives a good idea of the flow of the process. ALL EMAILS -> SMTPD -> INCOMING FOLDER -> SMTP-VIRUS (VIRUS CHECKER) -> VIRUS FREE -> SCANNED FOLDER -> DELIVERED TO RECIPIENT VIA SENDMAIL | --> INFECTED -> BAD FOLDER -> SMTP-BADMAIL sends warning emails -> BAD_ARCHIVE The SMTP-VIRUS and SMTP-BADMAIL programs are perl scripts (equivalent to a dos batch file), and these can be edited with PICO to make adjustments. If you wish to change the warning message, it can be found in the smtp-badmail file (pico /usr/sbin/smtp-badmail). AVP is set to automatically update itself every 4 hours via the CRON job /usr/local/avp/update.sh. This file connects to a local AVP FTP site and grabs any files newer than its own, so we are essentially only a few hours away from the latest update all the time. The update.sh file gets its settings from the /usr/local/avp/avp.pkg text file, which tells it what site to connect to etc. _______________________________________________________________ Peter Nixon Systems Engineer Jigsaw Technology Pty Ltd URL: http://www.jigsaw.com.au Address: 21 Boomerang Place Seven Hills NSW 2147 Australia Phone: 02 9672 4222 Fax: 02 9672 4211 Email: pe...@ji... _______________________________________________________________ |
From: <ja...@ce...> - 2000-07-19 01:23:42
|
Hi Peter, Due to the previous lack of interest I hadn't even setup the CVS on sourceforge. Send me the patch and I'll do it for now, and I'll look at setting up CVS ect. Do you have a login to Sourceforge ? If so please let me know and I will add you to the project. This will then alow you access to the patch manager, CVS ect. Cheers Jason. On Wed, 19 Jul 2000, Peter Nixon wrote: > Jason, > > What is the protocol for uploading patches etc for addition to the project? > I have a startup script for SuSE 6.4 that I would like to see added. > In fact, I will happily maintain a SuSE RPM.... > > Cheers > > _______________________________________________________________ > Peter Nixon > Systems Engineer > Jigsaw Technology Pty Ltd > URL: http://www.jigsaw.com.au > Address: 21 Boomerang Place > Seven Hills NSW 2147 > Australia > Phone: 02 9672 4222 > Fax: 02 9672 4211 > Email: pe...@ji... > _______________________________________________________________ > > _______________________________________________ > Mfilter-devel mailing list > Mfi...@li... > http://lists.sourceforge.net/mailman/listinfo/mfilter-devel > --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jas...@ce... |
From: Peter N. <Pe...@ji...> - 2000-07-19 00:00:00
|
Jason, What is the protocol for uploading patches etc for addition to the project? I have a startup script for SuSE 6.4 that I would like to see added. In fact, I will happily maintain a SuSE RPM.... Cheers _______________________________________________________________ Peter Nixon Systems Engineer Jigsaw Technology Pty Ltd URL: http://www.jigsaw.com.au Address: 21 Boomerang Place Seven Hills NSW 2147 Australia Phone: 02 9672 4222 Fax: 02 9672 4211 Email: pe...@ji... _______________________________________________________________ |
From: Gareth B. <gbr...@in...> - 2000-05-23 19:09:19
|
As subject: Read the overview, not looked at the code yet. How can I help? Maybe we could use work from projects like FWTK (smap/smapd), procmail etc.. and then modify them to build in content security features/functionality? --Gareth |
From: <ja...@ce...> - 2000-05-17 03:56:13
|
Hi all (one!) I uploaded the initial version of the MFilter code today and it is available for download from the MFilter site. I am hoping a few more people who are really interested in developing this toolkit will subscribe shortly so we can get some discussions going. In the meantime - any ideas on what we should do ? Cheers Jason. --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jas...@ce... |