From xserverlinux at gmail.com Sat Jun 1 22:16:52 2024 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Sat, 1 Jun 2024 16:16:52 -0600 Subject: [SEMI-OFFTOPIC] two antivirus Message-ID: Hi list, I have a question and I want to share it with you, I currently have a mailscanner with clamav on rocky linux working, but I want to add a second antivirus, and I saw that someone uses F-Secure, on the f-secure page they say that there is no support for Linux https://community.f-secure.com/en/discussion/126344/f-secure-on-linux. how did they install it? Or what other paid antivirus could be used with mailscanner, experiences - stability? , I avoid avast :) -- rickygm http://gnuforever.homelinux.com From ricky.boone at gmail.com Fri Jun 7 14:22:01 2024 From: ricky.boone at gmail.com (Ricky Boone) Date: Fri, 7 Jun 2024 10:22:01 -0400 Subject: [SEMI-OFFTOPIC] two antivirus In-Reply-To: References: Message-ID: I don't have experience with F-Secure, but have used Sophos and McAfee way back in the past (when it was supported by a previous version of MailScanner). Looking at the source code and Github project, it looks like F-Secure (or now known as WithSecure) on Linux is supported via wrapper, where it runs the command line fsanalyze command. This corresponds to their documentation as well. https://github.com/MailScanner/v5/blob/master/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper https://github.com/MailScanner/v5/pull/553 https://www.withsecure.com/userguides/product.html?business/linux-protection/latest/en/task_6FF3CD0A72924F32A5B43E2600529C51-latest-en I would expect that you need a licensed copy of WithSecure Linux Protection, download the package respective to your platform, etc. https://www.withsecure.com/userguides/product.html#business/linux-protection/latest/en/task_fqp_l43_b1c-latest-en On Sat, Jun 1, 2024 at 6:17?PM Rick Gutierrez wrote: > Hi list, I have a question and I want to share it with you, I > currently have a mailscanner with clamav on rocky linux working, but > I want to add a second antivirus, and I saw that someone uses > F-Secure, on the f-secure page they say that there is no support for > Linux > https://community.f-secure.com/en/discussion/126344/f-secure-on-linux. > > how did they install it? > > Or what other paid antivirus could be used with mailscanner, > experiences - stability? , I avoid avast :) > > > > -- > rickygm > > http://gnuforever.homelinux.com > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xserverlinux at gmail.com Fri Jun 7 19:23:36 2024 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Fri, 7 Jun 2024 13:23:36 -0600 Subject: [SEMI-OFFTOPIC] two antivirus In-Reply-To: References: Message-ID: El vie, 7 jun 2024 a las 8:21, Ricky Boone () escribi?: > > I don't have experience with F-Secure, but have used Sophos and McAfee way back in the past (when it was supported by a previous version of MailScanner). Looking at the source code and Github project, it looks like F-Secure (or now known as WithSecure) on Linux is supported via wrapper, where it runs the command line fsanalyze command. This corresponds to their documentation as well. > Hi ricky thnk for the interest in this email, on the other hand, I'm not really looking for F-secure as the only option, rather I was wondering what antivirus outside of Avast or Clamav they used in conjunction with mailscanner to add more protection to emails. > https://github.com/MailScanner/v5/blob/master/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper > > https://github.com/MailScanner/v5/pull/553 > > https://www.withsecure.com/userguides/product.html?business/linux-protection/latest/en/task_6FF3CD0A72924F32A5B43E2600529C51-latest-en > > I would expect that you need a licensed copy of WithSecure Linux Protection, download the package respective to your platform, etc. > > https://www.withsecure.com/userguides/product.html#business/linux-protection/latest/en/task_fqp_l43_b1c-latest-en I'm going to take a look, I'm not sure if this would work on Rocky Linux 8/9. best regards. -- rickygm http://gnuforever.homelinux.com From ricky.boone at gmail.com Fri Jun 7 21:29:49 2024 From: ricky.boone at gmail.com (Ricky Boone) Date: Fri, 7 Jun 2024 17:29:49 -0400 Subject: [SEMI-OFFTOPIC] two antivirus In-Reply-To: References: Message-ID: On Fri, Jun 7, 2024 at 3:23?PM Rick Gutierrez wrote: > > Hi ricky thnk for the interest in this email, on the other hand, I'm > not really looking for F-secure as the only option, rather I was > wondering what antivirus outside of Avast or Clamav they used in > conjunction with mailscanner to add more protection to emails. Okay. From that, it looks like the supported list of virus scanners could be found here, but I would need to defer to the community for any additional experience with them. https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/virus.scanners.conf I will say, however, that while adding multiple virus engines is good to help layer your security, it will add additional complexity and scanning times for your email, which can be an issue for some users that expect email to be realtime. Something to think about. You may also want to consider additional signatures for ClamAV, not relying only on the official ones. It can increase your chance of false-positives, which you will need to either maintain a whitelist for or similar maintenance, but I have found many malicious emails with these. Fangfrisch (https://rseichter.github.io/fangfrisch/) is a good tool to help select and organize many of these. One source in particular that I find helpful is twinclams (https://github.com/splunk/twinclams), which is fairly active and accurate. > I'm going to take a look, I'm not sure if this would work on Rocky Linux 8/9. Based on their supported operating systems list, it looks like both should be supported. From maxsec at gmail.com Tue Jun 11 13:20:51 2024 From: maxsec at gmail.com (Martin Hepworth) Date: Tue, 11 Jun 2024 14:20:51 +0100 Subject: bye bye SORBS Message-ID: A long time useful RBL has just been shutdown. Spam blocklist SORBS closed by its owner, Proofpoint ? The Register Worthwhile taking this out of your MailScanner and Spamassassin setting in case someone abuses it in the future. -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at digitalessence.net Tue Jun 11 13:21:20 2024 From: info at digitalessence.net (info at digitalessence.net) Date: Tue, 11 Jun 2024 14:21:20 +0100 Subject: : bye bye SORBS In-Reply-To: References: Message-ID: An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Jun 11 15:09:23 2024 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 11 Jun 2024 15:09:23 +0000 Subject: bye bye SORBS In-Reply-To: <70501a3d09e22f5eeec2c697a0a6f590@mail.gmail.com> References: <70501a3d09e22f5eeec2c697a0a6f590@mail.gmail.com> Message-ID: I?d be willing to take it over, but I doubt they would be willing to hand it over. - Jerry Benton mailborder.com ________________________________ From: MailScanner on behalf of Martin Hepworth Sent: Tuesday, June 11, 2024 9:20:51 AM To: MailScanner discussion Subject: bye bye SORBS A long time useful RBL has just been shutdown. Spam blocklist SORBS closed by its owner, Proofpoint ? The Register Worthwhile taking this out of your MailScanner and Spamassassin setting in case someone abuses it in the future. -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxsec at gmail.com Wed Jun 12 08:36:37 2024 From: maxsec at gmail.com (Martin Hepworth) Date: Wed, 12 Jun 2024 09:36:37 +0100 Subject: bye bye SORBS In-Reply-To: References: <70501a3d09e22f5eeec2c697a0a6f590@mail.gmail.com> Message-ID: As a trusted individual that would be good, but if it gets into the hands of someone more nefarious, or you suffer a spanner attack and are forced to hand over..... https://xkcd.com/538/ -- Martin Hepworth, CISSP Oxford, UK On Tue, 11 Jun 2024 at 16:09, Jerry Benton wrote: > I?d be willing to take it over, but I doubt they would be willing to hand > it over. > > > - > Jerry Benton > mailborder.com > ------------------------------ > *From:* MailScanner mailborder.com at lists.mailscanner.info> on behalf of Martin Hepworth < > maxsec at gmail.com> > *Sent:* Tuesday, June 11, 2024 9:20:51 AM > *To:* MailScanner discussion > *Subject:* bye bye SORBS > > A long time useful RBL has just been shutdown. > > Spam blocklist SORBS closed by its owner, Proofpoint ? The Register > > > Worthwhile taking this out of your MailScanner and Spamassassin setting in > case someone abuses it in the future. > > -- > Martin Hepworth, CISSP > Oxford, UK > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xserverlinux at gmail.com Wed Jun 12 18:21:13 2024 From: xserverlinux at gmail.com (Rick Gutierrez) Date: Wed, 12 Jun 2024 12:21:13 -0600 Subject: [SEMI-OFFTOPIC] two antivirus In-Reply-To: References: Message-ID: El vie, 7 jun 2024 a las 15:29, Ricky Boone () escribi?: > > > Okay. From that, it looks like the supported list of virus scanners > could be found here, but I would need to defer to the community for > any additional experience with them. > > https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/virus.scanners.conf > > I will say, however, that while adding multiple virus engines is good > to help layer your security, it will add additional complexity and > scanning times for your email, which can be an issue for some users > that expect email to be realtime. Something to think about. > > You may also want to consider additional signatures for ClamAV, not > relying only on the official ones. It can increase your chance of > false-positives, which you will need to either maintain a whitelist > for or similar maintenance, but I have found many malicious emails > with these. Fangfrisch (https://rseichter.github.io/fangfrisch/) is a > good tool to help select and organize many of these. One source in > particular that I find helpful is twinclams > (https://github.com/splunk/twinclams), which is fairly active and > accurate. > > > I'm going to take a look, I'm not sure if this would work on Rocky Linux 8/9. > > Based on their supported operating systems list, it looks like both > should be supported. > Hi Ricky , This information is useful to me, thanks for sharing. -- rickygm http://gnuforever.homelinux.com From info at digitalessence.net Wed Jun 12 18:29:23 2024 From: info at digitalessence.net (info at digitalessence.net) Date: Wed, 12 Jun 2024 19:29:23 +0100 Subject: : Re: [SEMI-OFFTOPIC] two antivirus In-Reply-To: References: Message-ID: An HTML attachment was scrubbed... URL: From ravgrg at gmail.com Wed Jun 12 21:32:41 2024 From: ravgrg at gmail.com (Raviv Golov) Date: Thu, 13 Jun 2024 00:32:41 +0300 Subject: Seeking Developer to Customize MailWatch/MailScanner Message-ID: Hello everyone, I am looking for an experienced developer to customize MailWatch/MailScanner with custom filters and additional features. This is a paid opportunity, and I am open to discussing the specifics and your rates. If you are interested, please get in touch with me directly at [your email address]. Thank you! Best regards, Raviv G -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailscanner at barendse.to Thu Jun 27 08:15:19 2024 From: mailscanner at barendse.to (mailscanner at barendse.to) Date: Thu, 27 Jun 2024 10:15:19 +0200 (CEST) Subject: bye bye SORBS In-Reply-To: References: Message-ID: <368de040-8d38-bbd3-e222-ec727be4a234@barendse.to> Thanks for the heads-up, would have totally missed that one! On Tue, 11 Jun 2024, Martin Hepworth wrote: > A long time useful RBL has just been shutdown. > > Spam blocklist SORBS closed by its owner, Proofpoint ? The Register > > Worthwhile taking this out of your MailScanner and Spamassassin setting in case someone abuses it in the future. > > -- > Martin Hepworth, CISSP > Oxford, UK > > From info at digitalessence.net Thu Jun 27 08:15:45 2024 From: info at digitalessence.net (info at digitalessence.net) Date: Thu, 27 Jun 2024 09:15:45 +0100 Subject: : Re: bye bye SORBS In-Reply-To: <368de040-8d38-bbd3-e222-ec727be4a234@barendse.to> References: <368de040-8d38-bbd3-e222-ec727be4a234@barendse.to> Message-ID: An HTML attachment was scrubbed... URL: