Quoted Printable

Roger Jochem roger at RUDNICK.COM.BR
Mon Feb 21 18:32:43 GMT 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

There are new parameters about clamav module in the instalation...

----- Original Message -----
From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, February 21, 2005 3:28 PM
Subject: Re: Quoted Printable


> So what was the change you perceived between the prior version and the
> current version?
> Just want to double-check that you think it has changed.
>
> Roger Jochem wrote:
>
> >But in the prior version, I was with HTML Content on, and just disabling
the
> >phishing net solved my problem...
> >
> >This version is making the same, with the phishing net enabled the files
are
> >changing sizes... Disabling it solves the problem...
> >
> >----- Original Message -----
> >From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Monday, February 21, 2005 3:18 PM
> >Subject: Re: Quoted Printable
> >
> >
> >
> >
> >>Yes. But to be sure you will have to switch off all the HTML content
> >>
> >>
> >checks.
> >
> >
> >>Roger Jochem wrote:
> >>
> >>
> >>
> >>>In 4.39.2-1? I downloaded it about an hour ago...
> >>>
> >>>
> >>>----- Original Message -----
> >>>From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
> >>>To: <MAILSCANNER at JISCMAIL.AC.UK>
> >>>Sent: Monday, February 21, 2005 11:42 AM
> >>>Subject: Re: Quoted Printable
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>It should already be doing that. It watches to see if it actually
> >>>>applies the phishing messages to the email, and only then does it mark
> >>>>the message for rebuild.
> >>>>
> >>>>Roger Jochem wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>This could work too...
> >>>>>
> >>>>>These messages didn't have any phishing attack on it. If they weren't
> >>>>>rebuild, this would solve the problem...
> >>>>>
> >>>>>----- Original Message -----
> >>>>>From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
> >>>>>To: <MAILSCANNER at JISCMAIL.AC.UK>
> >>>>>Sent: Monday, February 21, 2005 9:15 AM
> >>>>>Subject: Re: Quoted Printable
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>I specifically didn't make the phishing net do more than alter the
> >>>>>>message if it needs to. If it doesn't detect a phishing attack, does
> >>>>>>
> >>>>>>
> >it
> >
> >
> >>>>>>still rebuild the message? I may well be able to stop it doing that
if
> >>>>>>it is.
> >>>>>>
> >>>>>>Roger Jochem wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>Too bad...
> >>>>>>>
> >>>>>>>In this case I would have to disable the Phising Detection...
> >>>>>>>
> >>>>>>>Could you consider doing an option of blocking, forwarding,
deleting
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>the
> >>>
> >>>
> >>>
> >>>
> >>>>>>>phishing mails instead of changing the content of it (like spam)?
The
> >>>>>>>phishing mails found by clamav are already treated as virus, not
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>forwarded,
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>so I don't see any problem in blocking MailScanner's too... And
this
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>would
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>be and option, some users would send the message with the changed
> >>>>>>>
> >>>>>>>
> >body,
> >
> >
> >>>>>>>another ones would block them. They could be sended to an single
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>account
> >>>
> >>>
> >>>
> >>>
> >>>>>>>with a modified subject like it's already done with spam, maybe
> >>>>>>>"{Phishing?}".
> >>>>>>>
> >>>>>>>Another option would be to MailScanner modify only the header of
the
> >>>>>>>message, instead of the body, putting the "{Phishing?}" before the
> >>>>>>>
> >>>>>>>
> >mail
> >
> >
> >>>>>>>subject...
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>Yes. It's the message being rebuilt by MailScanner. Outlook
Express
> >>>>>>>>shouldn't be sending these things out as Quoted Printable, but use
> >>>>>>>>base64 instead. This one is *very* hard for me to solve. We have
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>already
> >>>
> >>>
> >>>
> >>>
> >>>>>>>>put in an exception for most PDF files, these look like more
> >>>>>>>>
> >>>>>>>>
> >problems.
> >
> >
> >>>>>>>>Roger Jochem wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>Hello, Julian!
> >>>>>>>>>
> >>>>>>>>>I made some tests with MailScanner to find out the problem with
my
> >>>>>>>>>Outlook Express Quoted Printable attachments that change size and
> >>>>>>>>>format (between DOS and UNIX). I find out that if I disable the
> >>>>>>>>>Phishing Detection the e-mails passes without any change to the
> >>>>>>>>>attachment, and if I enable the Phishing Detection again, the
file
> >>>>>>>>>comes with the wrokg size and converted to Unix. Makes sense?
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>--
> >>>>>>Julian Field
> >>>>>>www.MailScanner.info
> >>>>>>Buy the MailScanner book at www.MailScanner.info/store
> >>>>>>
> >>>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>>>>>
> >>>>>>------------------------ MailScanner list ------------------------
> >>>>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>>>>>'leave mailscanner' in the body of the email.
> >>>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>>>>
> >>>>>>Support MailScanner development - buy the book off the website!
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>------------------------ MailScanner list ------------------------
> >>>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>>>>'leave mailscanner' in the body of the email.
> >>>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>>>
> >>>>>Support MailScanner development - buy the book off the website!
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>--
> >>>>Julian Field
> >>>>www.MailScanner.info
> >>>>Buy the MailScanner book at www.MailScanner.info/store
> >>>>
> >>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>>>
> >>>>------------------------ MailScanner list ------------------------
> >>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>>>'leave mailscanner' in the body of the email.
> >>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>>
> >>>>Support MailScanner development - buy the book off the website!
> >>>>
> >>>>
> >>>>
> >>>>
> >>>------------------------ MailScanner list ------------------------
> >>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>>'leave mailscanner' in the body of the email.
> >>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>
> >>>Support MailScanner development - buy the book off the website!
> >>>
> >>>
> >>>
> >>>
> >>>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>Buy the MailScanner book at www.MailScanner.info/store
> >>Professional Support Services at www.MailScanner.biz
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >>
> >>
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> >
> >
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list