RE: ClamAV, Mytob

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

RE: ClamAV, Mytob

sbranam
Hello,
I was looking at this reply and tried this myself.
The output for sigtool -u is 4 different main and daily files.
Do all of them need to be added to the signature list? Or one of them?

Thanks!

Sean

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Doug Lytle
Sent: Thursday, October 13, 2005 11:34 AM
To: [hidden email]
Subject: Re: [Assp-user] ClamAV, Mytob


Adam Pavelec wrote:

> My freshclam.bat is as follows:
>
> wget --timestamping http://assp.sourceforge.net/main.db
> wget --timestamping http://assp.sourceforge.net/daily.db
>
> As of this posting, main.db was updated at 7PM EST and daily.db was
> updated at 5PM.  Are the two above locations still the best sources
for
> these updates?

I use the following under linux:

cd /assp
wget --timestamping http://database.clamav.net/main.cvd
wget --timestamping http://database.clamav.net/daily.cvd
sigtool -u /assp/main.cvd
sigtool -u /assp/daily.cvd
rm *.cvd -f

--
 
Ben Franklin quote:

"Those who give up essential liberties for temporary safety deserve
neither liberty nor safety."




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ClamAV, Mytob

Micheal Espinola Jr
Only the .db files.

On 1/30/06, [hidden email] <[hidden email]> wrote:

> Hello,
> I was looking at this reply and tried this myself.
> The output for sigtool -u is 4 different main and daily files.
> Do all of them need to be added to the signature list? Or one of them?
>
> Thanks!
>
> Sean
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Doug Lytle
> Sent: Thursday, October 13, 2005 11:34 AM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
>
> Adam Pavelec wrote:
>
> > My freshclam.bat is as follows:
> >
> > wget --timestamping http://assp.sourceforge.net/main.db
> > wget --timestamping http://assp.sourceforge.net/daily.db
> >
> > As of this posting, main.db was updated at 7PM EST and daily.db was
> > updated at 5PM.  Are the two above locations still the best sources
> for
> > these updates?
>
> I use the following under linux:
>
> cd /assp
> wget --timestamping http://database.clamav.net/main.cvd
> wget --timestamping http://database.clamav.net/daily.cvd
> sigtool -u /assp/main.cvd
> sigtool -u /assp/daily.cvd
> rm *.cvd -f
>
> --
>
> Ben Franklin quote:
>
> "Those who give up essential liberties for temporary safety deserve
> neither liberty nor safety."
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

RE: ClamAV, Mytob

sbranam
In reply to this post by sbranam
Ok that's what I thought, but...when I do a sigtool -u there isn't a db
file.
I get daily.fp and .hdb and .ndb
Also main.fp and .hdb and .ndb and .zmd
Am I missing something? Do I need to create a db file? Rename one of
those to be .db ?

Thanks!

Sean


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Micheal
Espinola Jr
Sent: Monday, January 30, 2006 12:18 PM
To: [hidden email]
Subject: Re: [Assp-user] ClamAV, Mytob

Only the .db files.

On 1/30/06, [hidden email] <[hidden email]>
wrote:

> Hello,
> I was looking at this reply and tried this myself.
> The output for sigtool -u is 4 different main and daily files.
> Do all of them need to be added to the signature list? Or one of them?
>
> Thanks!
>
> Sean
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Doug Lytle
> Sent: Thursday, October 13, 2005 11:34 AM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
>
> Adam Pavelec wrote:
>
> > My freshclam.bat is as follows:
> >
> > wget --timestamping http://assp.sourceforge.net/main.db
> > wget --timestamping http://assp.sourceforge.net/daily.db
> >
> > As of this posting, main.db was updated at 7PM EST and daily.db was
> > updated at 5PM.  Are the two above locations still the best sources
> for
> > these updates?
>
> I use the following under linux:
>
> cd /assp
> wget --timestamping http://database.clamav.net/main.cvd
> wget --timestamping http://database.clamav.net/daily.cvd
> sigtool -u /assp/main.cvd
> sigtool -u /assp/daily.cvd
> rm *.cvd -f
>
> --
>
> Ben Franklin quote:
>
> "Those who give up essential liberties for temporary safety deserve
> neither liberty nor safety."
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ClamAV, Mytob

Micheal Espinola Jr
Where are you getting your .cvd files from?

If you:

wget --timestamping http://db.local.clamav.net/main.cvd
wget --timestamping http://db.local.clamav.net/daily.cvd

...then:

sigtool.exe -u main.cvd
sigtool.exe -u daily.cvd

...will provide you with 15 unique files (7 main files and 7 daily
files, both including the same COPYING file), of which there will be a
.db file per .cvd file - a main.db and a daily.db.

I just ran it to verify, and all files were present.


On 1/30/06, [hidden email] <[hidden email]> wrote:

> Ok that's what I thought, but...when I do a sigtool -u there isn't a db
> file.
> I get daily.fp and .hdb and .ndb
> Also main.fp and .hdb and .ndb and .zmd
> Am I missing something? Do I need to create a db file? Rename one of
> those to be .db ?
>
> Thanks!
>
> Sean
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Micheal
> Espinola Jr
> Sent: Monday, January 30, 2006 12:18 PM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
> Only the .db files.
>
> On 1/30/06, [hidden email] <[hidden email]>
> wrote:
> > Hello,
> > I was looking at this reply and tried this myself.
> > The output for sigtool -u is 4 different main and daily files.
> > Do all of them need to be added to the signature list? Or one of them?
> >
> > Thanks!
> >
> > Sean
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Doug Lytle
> > Sent: Thursday, October 13, 2005 11:34 AM
> > To: [hidden email]
> > Subject: Re: [Assp-user] ClamAV, Mytob
> >
> >
> > Adam Pavelec wrote:
> >
> > > My freshclam.bat is as follows:
> > >
> > > wget --timestamping http://assp.sourceforge.net/main.db
> > > wget --timestamping http://assp.sourceforge.net/daily.db
> > >
> > > As of this posting, main.db was updated at 7PM EST and daily.db was
> > > updated at 5PM.  Are the two above locations still the best sources
> > for
> > > these updates?
> >
> > I use the following under linux:
> >
> > cd /assp
> > wget --timestamping http://database.clamav.net/main.cvd
> > wget --timestamping http://database.clamav.net/daily.cvd
> > sigtool -u /assp/main.cvd
> > sigtool -u /assp/daily.cvd
> > rm *.cvd -f
> >
> > --
> >
> > Ben Franklin quote:
> >
> > "Those who give up essential liberties for temporary safety deserve
> > neither liberty nor safety."
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by:
> > Power Architecture Resource Center: Free content, downloads,
> > discussions,
> > and more. http://solutions.newsforge.com/ibmarch.tmpl
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
> --
> ME2
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

RE: ClamAV, Mytob

sbranam
In reply to this post by sbranam
Hmm..
I was getting them from http://database.clamav.net/*.cvd

I'll try those urls
Thanks!

Sean

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Micheal
Espinola Jr
Sent: Monday, January 30, 2006 12:37 PM
To: [hidden email]
Subject: Re: [Assp-user] ClamAV, Mytob

Where are you getting your .cvd files from?

If you:

wget --timestamping http://db.local.clamav.net/main.cvd
wget --timestamping http://db.local.clamav.net/daily.cvd

...then:

sigtool.exe -u main.cvd
sigtool.exe -u daily.cvd

...will provide you with 15 unique files (7 main files and 7 daily
files, both including the same COPYING file), of which there will be a
.db file per .cvd file - a main.db and a daily.db.

I just ran it to verify, and all files were present.


On 1/30/06, [hidden email] <[hidden email]>
wrote:
> Ok that's what I thought, but...when I do a sigtool -u there isn't a
db

> file.
> I get daily.fp and .hdb and .ndb
> Also main.fp and .hdb and .ndb and .zmd
> Am I missing something? Do I need to create a db file? Rename one of
> those to be .db ?
>
> Thanks!
>
> Sean
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Micheal
> Espinola Jr
> Sent: Monday, January 30, 2006 12:18 PM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
> Only the .db files.
>
> On 1/30/06, [hidden email] <[hidden email]>
> wrote:
> > Hello,
> > I was looking at this reply and tried this myself.
> > The output for sigtool -u is 4 different main and daily files.
> > Do all of them need to be added to the signature list? Or one of
them?
> >
> > Thanks!
> >
> > Sean
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Doug
Lytle

> > Sent: Thursday, October 13, 2005 11:34 AM
> > To: [hidden email]
> > Subject: Re: [Assp-user] ClamAV, Mytob
> >
> >
> > Adam Pavelec wrote:
> >
> > > My freshclam.bat is as follows:
> > >
> > > wget --timestamping http://assp.sourceforge.net/main.db
> > > wget --timestamping http://assp.sourceforge.net/daily.db
> > >
> > > As of this posting, main.db was updated at 7PM EST and daily.db
was
> > > updated at 5PM.  Are the two above locations still the best
sources

> > for
> > > these updates?
> >
> > I use the following under linux:
> >
> > cd /assp
> > wget --timestamping http://database.clamav.net/main.cvd
> > wget --timestamping http://database.clamav.net/daily.cvd
> > sigtool -u /assp/main.cvd
> > sigtool -u /assp/daily.cvd
> > rm *.cvd -f
> >
> > --
> >
> > Ben Franklin quote:
> >
> > "Those who give up essential liberties for temporary safety deserve
> > neither liberty nor safety."
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by:
> > Power Architecture Resource Center: Free content, downloads,
> > discussions,
> > and more. http://solutions.newsforge.com/ibmarch.tmpl
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through
log

> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
> --
> ME2
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!

> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

RE: ClamAV, Mytob

sbranam
In reply to this post by sbranam
Hmmmm I'm a bit confused here.
I downloaded the files from the location you listed.
Did sigtool and only get 5 from main and 4 from daily, not including the
.cvd file.
Where do you get 7?
Also when restarting asp with the .db files that came in the 2 .cvd
files, ASSP only reports 30657 viruses
When running sigtool -i on main.cvd it reports 41649

Is this correct?

Sean


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Sean Branam
Sent: Monday, January 30, 2006 12:41 PM
To: [hidden email]
Subject: RE: [Assp-user] ClamAV, Mytob

Hmm..
I was getting them from http://database.clamav.net/*.cvd

I'll try those urls
Thanks!

Sean

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Micheal
Espinola Jr
Sent: Monday, January 30, 2006 12:37 PM
To: [hidden email]
Subject: Re: [Assp-user] ClamAV, Mytob

Where are you getting your .cvd files from?

If you:

wget --timestamping http://db.local.clamav.net/main.cvd
wget --timestamping http://db.local.clamav.net/daily.cvd

...then:

sigtool.exe -u main.cvd
sigtool.exe -u daily.cvd

...will provide you with 15 unique files (7 main files and 7 daily
files, both including the same COPYING file), of which there will be a
.db file per .cvd file - a main.db and a daily.db.

I just ran it to verify, and all files were present.


On 1/30/06, [hidden email] <[hidden email]>
wrote:
> Ok that's what I thought, but...when I do a sigtool -u there isn't a
db

> file.
> I get daily.fp and .hdb and .ndb
> Also main.fp and .hdb and .ndb and .zmd
> Am I missing something? Do I need to create a db file? Rename one of
> those to be .db ?
>
> Thanks!
>
> Sean
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Micheal
> Espinola Jr
> Sent: Monday, January 30, 2006 12:18 PM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
> Only the .db files.
>
> On 1/30/06, [hidden email] <[hidden email]>
> wrote:
> > Hello,
> > I was looking at this reply and tried this myself.
> > The output for sigtool -u is 4 different main and daily files.
> > Do all of them need to be added to the signature list? Or one of
them?
> >
> > Thanks!
> >
> > Sean
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Doug
Lytle

> > Sent: Thursday, October 13, 2005 11:34 AM
> > To: [hidden email]
> > Subject: Re: [Assp-user] ClamAV, Mytob
> >
> >
> > Adam Pavelec wrote:
> >
> > > My freshclam.bat is as follows:
> > >
> > > wget --timestamping http://assp.sourceforge.net/main.db
> > > wget --timestamping http://assp.sourceforge.net/daily.db
> > >
> > > As of this posting, main.db was updated at 7PM EST and daily.db
was
> > > updated at 5PM.  Are the two above locations still the best
sources

> > for
> > > these updates?
> >
> > I use the following under linux:
> >
> > cd /assp
> > wget --timestamping http://database.clamav.net/main.cvd
> > wget --timestamping http://database.clamav.net/daily.cvd
> > sigtool -u /assp/main.cvd
> > sigtool -u /assp/daily.cvd
> > rm *.cvd -f
> >
> > --
> >
> > Ben Franklin quote:
> >
> > "Those who give up essential liberties for temporary safety deserve
> > neither liberty nor safety."
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by:
> > Power Architecture Resource Center: Free content, downloads,
> > discussions,
> > and more. http://solutions.newsforge.com/ibmarch.tmpl
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through
log

> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
> --
> ME2
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!

> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ClamAV, Mytob

Micheal Espinola Jr
Sorry, I typed what I did a bit hastily without fully confirming each
file's origin.  I did have 5 and 4 as well.  I had some other log
files in that extraction directory that I forgot to exclude from my
initial file counts.

I get the same signature counts that you do. I cannot recall the
reason for the discrepancy, but that issue was discussed in a previous
thread I believe.

On 1/30/06, [hidden email] <[hidden email]> wrote:

> Hmmmm I'm a bit confused here.
> I downloaded the files from the location you listed.
> Did sigtool and only get 5 from main and 4 from daily, not including the
> .cvd file.
> Where do you get 7?
> Also when restarting asp with the .db files that came in the 2 .cvd
> files, ASSP only reports 30657 viruses
> When running sigtool -i on main.cvd it reports 41649
>
> Is this correct?
>
> Sean
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Sean Branam
> Sent: Monday, January 30, 2006 12:41 PM
> To: [hidden email]
> Subject: RE: [Assp-user] ClamAV, Mytob
>
> Hmm..
> I was getting them from http://database.clamav.net/*.cvd
>
> I'll try those urls
> Thanks!
>
> Sean
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Micheal
> Espinola Jr
> Sent: Monday, January 30, 2006 12:37 PM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
> Where are you getting your .cvd files from?
>
> If you:
>
> wget --timestamping http://db.local.clamav.net/main.cvd
> wget --timestamping http://db.local.clamav.net/daily.cvd
>
> ...then:
>
> sigtool.exe -u main.cvd
> sigtool.exe -u daily.cvd
>
> ...will provide you with 15 unique files (7 main files and 7 daily
> files, both including the same COPYING file), of which there will be a
> .db file per .cvd file - a main.db and a daily.db.
>
> I just ran it to verify, and all files were present.
>
>
> On 1/30/06, [hidden email] <[hidden email]>
> wrote:
> > Ok that's what I thought, but...when I do a sigtool -u there isn't a
> db
> > file.
> > I get daily.fp and .hdb and .ndb
> > Also main.fp and .hdb and .ndb and .zmd
> > Am I missing something? Do I need to create a db file? Rename one of
> > those to be .db ?
> >
> > Thanks!
> >
> > Sean
> >
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Micheal
> > Espinola Jr
> > Sent: Monday, January 30, 2006 12:18 PM
> > To: [hidden email]
> > Subject: Re: [Assp-user] ClamAV, Mytob
> >
> > Only the .db files.
> >
> > On 1/30/06, [hidden email] <[hidden email]>
> > wrote:
> > > Hello,
> > > I was looking at this reply and tried this myself.
> > > The output for sigtool -u is 4 different main and daily files.
> > > Do all of them need to be added to the signature list? Or one of
> them?
> > >
> > > Thanks!
> > >
> > > Sean
> > >
> > > -----Original Message-----
> > > From: [hidden email]
> > > [mailto:[hidden email]] On Behalf Of Doug
> Lytle
> > > Sent: Thursday, October 13, 2005 11:34 AM
> > > To: [hidden email]
> > > Subject: Re: [Assp-user] ClamAV, Mytob
> > >
> > >
> > > Adam Pavelec wrote:
> > >
> > > > My freshclam.bat is as follows:
> > > >
> > > > wget --timestamping http://assp.sourceforge.net/main.db
> > > > wget --timestamping http://assp.sourceforge.net/daily.db
> > > >
> > > > As of this posting, main.db was updated at 7PM EST and daily.db
> was
> > > > updated at 5PM.  Are the two above locations still the best
> sources
> > > for
> > > > these updates?
> > >
> > > I use the following under linux:
> > >
> > > cd /assp
> > > wget --timestamping http://database.clamav.net/main.cvd
> > > wget --timestamping http://database.clamav.net/daily.cvd
> > > sigtool -u /assp/main.cvd
> > > sigtool -u /assp/daily.cvd
> > > rm *.cvd -f
> > >
> > > --
> > >
> > > Ben Franklin quote:
> > >
> > > "Those who give up essential liberties for temporary safety deserve
> > > neither liberty nor safety."
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by:
> > > Power Architecture Resource Center: Free content, downloads,
> > > discussions,
> > > and more. http://solutions.newsforge.com/ibmarch.tmpl
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc. Do you grep through
> log
> > files
> > > for problems?  Stop!  Download the new AJAX search engine that makes
> > > searching your log files as easy as surfing the  web.  DOWNLOAD
> > SPLUNK!
> > > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> >
> >
> > --
> > ME2
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
> --
> ME2
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

RE: ClamAV, Mytob

sbranam
In reply to this post by sbranam
Ahh thanks!
I'm just concerned, because I rarely see the amount change.

Thanks again!

Sean
 

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Micheal
Espinola Jr
Sent: Monday, January 30, 2006 2:44 PM
To: [hidden email]
Subject: Re: [Assp-user] ClamAV, Mytob

Sorry, I typed what I did a bit hastily without fully confirming each
file's origin.  I did have 5 and 4 as well.  I had some other log
files in that extraction directory that I forgot to exclude from my
initial file counts.

I get the same signature counts that you do. I cannot recall the
reason for the discrepancy, but that issue was discussed in a previous
thread I believe.

On 1/30/06, [hidden email] <[hidden email]>
wrote:
> Hmmmm I'm a bit confused here.
> I downloaded the files from the location you listed.
> Did sigtool and only get 5 from main and 4 from daily, not including
the

> .cvd file.
> Where do you get 7?
> Also when restarting asp with the .db files that came in the 2 .cvd
> files, ASSP only reports 30657 viruses
> When running sigtool -i on main.cvd it reports 41649
>
> Is this correct?
>
> Sean
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Sean
Branam

> Sent: Monday, January 30, 2006 12:41 PM
> To: [hidden email]
> Subject: RE: [Assp-user] ClamAV, Mytob
>
> Hmm..
> I was getting them from http://database.clamav.net/*.cvd
>
> I'll try those urls
> Thanks!
>
> Sean
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Micheal
> Espinola Jr
> Sent: Monday, January 30, 2006 12:37 PM
> To: [hidden email]
> Subject: Re: [Assp-user] ClamAV, Mytob
>
> Where are you getting your .cvd files from?
>
> If you:
>
> wget --timestamping http://db.local.clamav.net/main.cvd
> wget --timestamping http://db.local.clamav.net/daily.cvd
>
> ...then:
>
> sigtool.exe -u main.cvd
> sigtool.exe -u daily.cvd
>
> ...will provide you with 15 unique files (7 main files and 7 daily
> files, both including the same COPYING file), of which there will be a
> .db file per .cvd file - a main.db and a daily.db.
>
> I just ran it to verify, and all files were present.
>
>
> On 1/30/06, [hidden email] <[hidden email]>
> wrote:
> > Ok that's what I thought, but...when I do a sigtool -u there isn't a
> db
> > file.
> > I get daily.fp and .hdb and .ndb
> > Also main.fp and .hdb and .ndb and .zmd
> > Am I missing something? Do I need to create a db file? Rename one of
> > those to be .db ?
> >
> > Thanks!
> >
> > Sean
> >
> >
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Micheal
> > Espinola Jr
> > Sent: Monday, January 30, 2006 12:18 PM
> > To: [hidden email]
> > Subject: Re: [Assp-user] ClamAV, Mytob
> >
> > Only the .db files.
> >
> > On 1/30/06, [hidden email] <[hidden email]>
> > wrote:
> > > Hello,
> > > I was looking at this reply and tried this myself.
> > > The output for sigtool -u is 4 different main and daily files.
> > > Do all of them need to be added to the signature list? Or one of
> them?
> > >
> > > Thanks!
> > >
> > > Sean
> > >
> > > -----Original Message-----
> > > From: [hidden email]
> > > [mailto:[hidden email]] On Behalf Of Doug
> Lytle
> > > Sent: Thursday, October 13, 2005 11:34 AM
> > > To: [hidden email]
> > > Subject: Re: [Assp-user] ClamAV, Mytob
> > >
> > >
> > > Adam Pavelec wrote:
> > >
> > > > My freshclam.bat is as follows:
> > > >
> > > > wget --timestamping http://assp.sourceforge.net/main.db
> > > > wget --timestamping http://assp.sourceforge.net/daily.db
> > > >
> > > > As of this posting, main.db was updated at 7PM EST and daily.db
> was
> > > > updated at 5PM.  Are the two above locations still the best
> sources
> > > for
> > > > these updates?
> > >
> > > I use the following under linux:
> > >
> > > cd /assp
> > > wget --timestamping http://database.clamav.net/main.cvd
> > > wget --timestamping http://database.clamav.net/daily.cvd
> > > sigtool -u /assp/main.cvd
> > > sigtool -u /assp/daily.cvd
> > > rm *.cvd -f
> > >
> > > --
> > >
> > > Ben Franklin quote:
> > >
> > > "Those who give up essential liberties for temporary safety
deserve

> > > neither liberty nor safety."
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by:
> > > Power Architecture Resource Center: Free content, downloads,
> > > discussions,
> > > and more. http://solutions.newsforge.com/ibmarch.tmpl
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc. Do you grep through
> log
> > files
> > > for problems?  Stop!  Download the new AJAX search engine that
makes

> > > searching your log files as easy as surfing the  web.  DOWNLOAD
> > SPLUNK!
> > > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> >
> >
> > --
> > ME2
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through
log

> > files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through
log

> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> > <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
> --
> ME2
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!

> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!

> <a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
> <a href="http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
ME2


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

maillogconv.pl

sbranam
In reply to this post by Micheal Espinola Jr
Hello everyone,

I am trying to get a hold of the maillogconv.p script.
I want to have AWstats process my mail logs.
The curent lin on the page doesn't seem to work.
Any idea where I can get it?

thank you,

Sean

winmail.dat (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

SRS not working on outgoing mail?

damonrand
Hi there,

I have just upgraded to ASSP 1.1.2b1 from 1.1.0. Its a great improvement!

However, I am having trouble with SRS. I want to block bounces from forged
domains. I enable SRS and assp starts adding:

X-Assp-Spam: YES
X-Assp-Spam-Reason: Bounce address not SRS signed

This is great. Unfortunately, my own mail sent through ASSP is not having
its "sender" header rewritten so my own bounces are being marked as spam.

Can anyone confirm ASSP 1.1.2b1 can SRS sign messages correctly?

Regards,
Damon.




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: SRS not working on outgoing mail?

damonrand
OK, I have it working now.. The trick was that I needed to feed mail back
through ASSP a second time to get the headers rewritten. The settings for
this are relayhost and relayport in the relaying section. Here is how I have
it set now.

1. SMTP client connects to ASSP on mail.mydomain.com:25
2. ASSP proxies connection to hmail on port 127.0.0.1:125.
3. Hmail connects back to ASSP on 127.0.0.1:225 (relayport) which SRS
rewrites the return-path.
4. ASSP connects to smtp.myisp.net:25 (relayhost) to actually relay the
mail.
5. The mail is received by the recipients host from smtp.myisp.net with the
SRS return-path.

A little bit convoluted and I will need to install a third smtp relay on
port 325 to actually do the whole thing on one machine (:-) but ASSP is now
accurately filtering out bounces from forged domains!

Regards,
Damon.


----- Original Message -----
From: "Damon Rand" <[hidden email]>
To: <[hidden email]>
Sent: Wednesday, February 01, 2006 1:57 PM
Subject: [Assp-user] SRS not working on outgoing mail?


> Hi there,
>
> I have just upgraded to ASSP 1.1.2b1 from 1.1.0. Its a great improvement!
>
> However, I am having trouble with SRS. I want to block bounces from forged
> domains. I enable SRS and assp starts adding:
>
> X-Assp-Spam: YES
> X-Assp-Spam-Reason: Bounce address not SRS signed
>
> This is great. Unfortunately, my own mail sent through ASSP is not having
> its "sender" header rewritten so my own bounces are being marked as spam.
>
> Can anyone confirm ASSP 1.1.2b1 can SRS sign messages correctly?
>
> Regards,
> Damon.
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user