Print Page | Close Window

New attachment filter in 2.0.0.282

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=2832
Printed Date: 09 May 2025 at 8:31am


Topic: New attachment filter in 2.0.0.282
Posted By: Guests
Subject: New attachment filter in 2.0.0.282
Date Posted: 03 February 2004 at 11:09am

The new attachment filter quarantines 100% of non infected zip files but for some reason some of the mydoom infected zip files go thru.  This is what I put in to block: *.zip  I'm running the beta 2.0.0.282 on a win 2k server.


Replies:
Posted By: LogSat
Date Posted: 03 February 2004 at 2:05pm

AJ,

SpamFilter won't recursively check attachments in messages within messages. That could be one reasons some emails make it thru. If you send us an email to mailto:support@logsat.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - support@logsat.com with the infected email you received as an attachment we may be able to take a second look.

Roberto F.
LogSat Software

Posted By: Lee
Date Posted: 03 February 2004 at 11:39pm

AJ,

Are you sure the zip came through Spamfilter and not direct to our email server ?  I have found that everyonce and I will another email server will send mail directly to my mail server
Even though there is NO MX record for that mail server.

Check the message header and make sure it didn't bypass SF and come in directly to your mail server.

Lee

Posted By: Desperado
Date Posted: 04 February 2004 at 1:56am

Lee & AJ,

If you put a block in your router, allowing SMTP ONLY from your valid clients (the ones allowed to mail through you) then the only way a virus hit that server directly, bypassing the spam filter, is if your client has the virus.  For us, as it turns out, the server that our clients actually use as an SMTP server in their mail client settings is, in fact, our Anti Virus server.  That way, our clients can not add to the mess that Virusus like MyDoom is causing.

Below is a small part of our porder routers access list.  If you have a firewall, you can do the same thing.

 remark *** Next entries for allowing SMTP
 remark *** Let MDR Relay thru us
 permit ip host 67.86.67.59 any
 remark *** Let CommMng Relay thru us
 permit ip host 216.236.128.43 any
 remark *** Let Khunes relay thru us
 permit ip host 209.54.72.68 any
 remark *** Deny ALL outside connections from hitting SendMail Server
 deny   tcp any host 66.181.192.64 eq smtp
 remark *** Deny ALL outside connections from hitting WebShield Server
 permit tcp any host 66.181.192.32 eq smtp
 remark *** Allow ALL Outside hosts to connect to all other SMTP Servers
 permit tcp any any eq smtp

Regards,

Dan S.


Print Page | Close Window