Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - New attachment filter in 2.0.0.282
  FAQ FAQ  Forum Search   Register Register  Login Login

New attachment filter in 2.0.0.282
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
AJ View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote AJ Quote  Post ReplyReply Direct Link To This Post Topic: New attachment filter in 2.0.0.282
    Posted: 03 February 2004 at 11:09am

The new attachment filter quarantines 100% of non infected zip files but for some reason some of the mydoom infected zip files go thru.  This is what I put in to block: *.zip  I'm running the beta 2.0.0.282 on a win 2k server.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 03 February 2004 at 2:05pm

AJ,

SpamFilter won't recursively check attachments in messages within messages. That could be one reasons some emails make it thru. If you send us an email to support@logsat.com with the infected email you received as an attachment we may be able to take a second look.

Roberto F.
LogSat Software
Back to Top
Lee View Drop Down
Groupie
Groupie


Joined: 04 February 2005
Location: United States
Status: Offline
Points: 50 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Posted: 03 February 2004 at 11:39pm

AJ,

Are you sure the zip came through Spamfilter and not direct to our email server ?  I have found that everyonce and I will another email server will send mail directly to my mail server
Even though there is NO MX record for that mail server.

Check the message header and make sure it didn't bypass SF and come in directly to your mail server.

Lee
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 04 February 2004 at 1:56am

Lee & AJ,

If you put a block in your router, allowing SMTP ONLY from your valid clients (the ones allowed to mail through you) then the only way a virus hit that server directly, bypassing the spam filter, is if your client has the virus.  For us, as it turns out, the server that our clients actually use as an SMTP server in their mail client settings is, in fact, our Anti Virus server.  That way, our clients can not add to the mess that Virusus like MyDoom is causing.

Below is a small part of our porder routers access list.  If you have a firewall, you can do the same thing.

 remark *** Next entries for allowing SMTP
 remark *** Let MDR Relay thru us
 permit ip host 67.86.67.59 any
 remark *** Let CommMng Relay thru us
 permit ip host 216.236.128.43 any
 remark *** Let Khunes relay thru us
 permit ip host 209.54.72.68 any
 remark *** Deny ALL outside connections from hitting SendMail Server
 deny   tcp any host 66.181.192.64 eq smtp
 remark *** Deny ALL outside connections from hitting WebShield Server
 permit tcp any host 66.181.192.32 eq smtp
 remark *** Allow ALL Outside hosts to connect to all other SMTP Servers
 permit tcp any any eq smtp

Regards,

Dan S.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.305 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us