From xserverlinux at gmail.com  Sat Jun  1 22:16:52 2024
From: xserverlinux at gmail.com (Rick Gutierrez)
Date: Sat, 1 Jun 2024 16:16:52 -0600
Subject: [SEMI-OFFTOPIC] two antivirus
Message-ID: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>

Hi list, I have a question and I want to share it with you, I
currently have a mailscanner with clamav on rocky linux  working, but
I want to add a second antivirus, and I saw that someone uses
F-Secure, on the f-secure page they say that there is no support for
Linux https://community.f-secure.com/en/discussion/126344/f-secure-on-linux.

how did they install it?

Or what other paid antivirus could be used with mailscanner,
experiences - stability? , I avoid avast :)



-- 
rickygm

http://gnuforever.homelinux.com

From ricky.boone at gmail.com  Fri Jun  7 14:22:01 2024
From: ricky.boone at gmail.com (Ricky Boone)
Date: Fri, 7 Jun 2024 10:22:01 -0400
Subject: [SEMI-OFFTOPIC] two antivirus
In-Reply-To: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>
References: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>
Message-ID: <CAHAhptVujPLc-y+dC9iYhTa_Njs4iE8upsPG_HjdNd18bugtEQ@mail.gmail.com>

I don't have experience with F-Secure, but have used Sophos and McAfee way
back in the past (when it was supported by a previous version of
MailScanner).  Looking at the source code and Github project, it looks like
F-Secure (or now known as WithSecure) on Linux is supported via wrapper,
where it runs the command line fsanalyze command.  This corresponds to
their documentation as well.

https://github.com/MailScanner/v5/blob/master/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper

https://github.com/MailScanner/v5/pull/553

https://www.withsecure.com/userguides/product.html?business/linux-protection/latest/en/task_6FF3CD0A72924F32A5B43E2600529C51-latest-en

I would expect that you need a licensed copy of WithSecure Linux
Protection, download the package respective to your platform, etc.

https://www.withsecure.com/userguides/product.html#business/linux-protection/latest/en/task_fqp_l43_b1c-latest-en

On Sat, Jun 1, 2024 at 6:17?PM Rick Gutierrez <xserverlinux at gmail.com>
wrote:

> Hi list, I have a question and I want to share it with you, I
> currently have a mailscanner with clamav on rocky linux  working, but
> I want to add a second antivirus, and I saw that someone uses
> F-Secure, on the f-secure page they say that there is no support for
> Linux
> https://community.f-secure.com/en/discussion/126344/f-secure-on-linux.
>
> how did they install it?
>
> Or what other paid antivirus could be used with mailscanner,
> experiences - stability? , I avoid avast :)
>
>
>
> --
> rickygm
>
> http://gnuforever.homelinux.com
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240607/27298f0e/attachment.html>

From xserverlinux at gmail.com  Fri Jun  7 19:23:36 2024
From: xserverlinux at gmail.com (Rick Gutierrez)
Date: Fri, 7 Jun 2024 13:23:36 -0600
Subject: [SEMI-OFFTOPIC] two antivirus
In-Reply-To: <CAHAhptVujPLc-y+dC9iYhTa_Njs4iE8upsPG_HjdNd18bugtEQ@mail.gmail.com>
References: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>
 <CAHAhptVujPLc-y+dC9iYhTa_Njs4iE8upsPG_HjdNd18bugtEQ@mail.gmail.com>
Message-ID: <CAL_GE3SZW02go_NPaQ2=P_G4v+6FYTtxKygs-O4493qmeHB7Kg@mail.gmail.com>

El vie, 7 jun 2024 a las 8:21, Ricky Boone (<ricky.boone at gmail.com>) escribi?:
>
> I don't have experience with F-Secure, but have used Sophos and McAfee way back in the past (when it was supported by a previous version of MailScanner).  Looking at the source code and Github project, it looks like F-Secure (or now known as WithSecure) on Linux is supported via wrapper, where it runs the command line fsanalyze command.  This corresponds to their documentation as well.
>

Hi ricky thnk  for the interest in this email,  on the other hand, I'm
not really looking for F-secure as the only option, rather I was
wondering what antivirus outside of Avast or Clamav they used in
conjunction with mailscanner to add more protection to emails.

> https://github.com/MailScanner/v5/blob/master/common/usr/lib/MailScanner/wrapper/f-secure-12-wrapper
>
> https://github.com/MailScanner/v5/pull/553
>
> https://www.withsecure.com/userguides/product.html?business/linux-protection/latest/en/task_6FF3CD0A72924F32A5B43E2600529C51-latest-en
>
> I would expect that you need a licensed copy of WithSecure Linux Protection, download the package respective to your platform, etc.
>
> https://www.withsecure.com/userguides/product.html#business/linux-protection/latest/en/task_fqp_l43_b1c-latest-en

I'm going to take a look, I'm not sure if this would work on Rocky Linux 8/9.

best regards.

-- 
rickygm

http://gnuforever.homelinux.com

From ricky.boone at gmail.com  Fri Jun  7 21:29:49 2024
From: ricky.boone at gmail.com (Ricky Boone)
Date: Fri, 7 Jun 2024 17:29:49 -0400
Subject: [SEMI-OFFTOPIC] two antivirus
In-Reply-To: <CAL_GE3SZW02go_NPaQ2=P_G4v+6FYTtxKygs-O4493qmeHB7Kg@mail.gmail.com>
References: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>
 <CAHAhptVujPLc-y+dC9iYhTa_Njs4iE8upsPG_HjdNd18bugtEQ@mail.gmail.com>
 <CAL_GE3SZW02go_NPaQ2=P_G4v+6FYTtxKygs-O4493qmeHB7Kg@mail.gmail.com>
Message-ID: <CAHAhptV0xEKKZpupmz2_z==fc_4tDU9MuhCThwSmLB3Tf3-u1g@mail.gmail.com>

On Fri, Jun 7, 2024 at 3:23?PM Rick Gutierrez <xserverlinux at gmail.com> wrote:
>
> Hi ricky thnk  for the interest in this email,  on the other hand, I'm
> not really looking for F-secure as the only option, rather I was
> wondering what antivirus outside of Avast or Clamav they used in
> conjunction with mailscanner to add more protection to emails.

Okay.  From that, it looks like the supported list of virus scanners
could be found here, but I would need to defer to the community for
any additional experience with them.

https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/virus.scanners.conf

I will say, however, that while adding multiple virus engines is good
to help layer your security, it will add additional complexity and
scanning times for your email, which can be an issue for some users
that expect email to be realtime.  Something to think about.

You may also want to consider additional signatures for ClamAV, not
relying only on the official ones.  It can increase your chance of
false-positives, which you will need to either maintain a whitelist
for or similar maintenance, but I have found many malicious emails
with these.  Fangfrisch (https://rseichter.github.io/fangfrisch/) is a
good tool to help select and organize many of these.  One source in
particular that I find helpful is twinclams
(https://github.com/splunk/twinclams), which is fairly active and
accurate.

> I'm going to take a look, I'm not sure if this would work on Rocky Linux 8/9.

Based on their supported operating systems list, it looks like both
should be supported.

From maxsec at gmail.com  Tue Jun 11 13:20:51 2024
From: maxsec at gmail.com (Martin Hepworth)
Date: Tue, 11 Jun 2024 14:20:51 +0100
Subject: bye bye SORBS
Message-ID: <CAGDKorLntcOh67kQNCjqzsMw4uHLd=_0QntVy+pw0z2CcY6Mmg@mail.gmail.com>

A long time useful RBL has just been shutdown.

Spam blocklist SORBS closed by its owner, Proofpoint ? The Register
<https://www.theregister.com/2024/06/07/sorbs_closed/?td=rt-4a>

Worthwhile taking this out of your MailScanner and Spamassassin setting in
case someone abuses it in the future.

-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240611/c7453b20/attachment.html>

From info at digitalessence.net  Tue Jun 11 13:21:20 2024
From: info at digitalessence.net (info at digitalessence.net)
Date: Tue, 11 Jun 2024 14:21:20 +0100
Subject: :  bye bye SORBS
In-Reply-To: <CAGDKorLntcOh67kQNCjqzsMw4uHLd=_0QntVy+pw0z2CcY6Mmg@mail.gmail.com>
References: <CAGDKorLntcOh67kQNCjqzsMw4uHLd=_0QntVy+pw0z2CcY6Mmg@mail.gmail.com>
Message-ID: <E1sH1RA-0000000Bqcx-1MtR@cloud1.digitalessence.net>

An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240611/fbb9433c/attachment.html>

From jerry.benton at mailborder.com  Tue Jun 11 15:09:23 2024
From: jerry.benton at mailborder.com (Jerry  Benton)
Date: Tue, 11 Jun 2024 15:09:23 +0000
Subject: bye bye SORBS
In-Reply-To: <70501a3d09e22f5eeec2c697a0a6f590@mail.gmail.com>
References: <70501a3d09e22f5eeec2c697a0a6f590@mail.gmail.com>
Message-ID: <DS7PR12MB8204B0AE403B29ACD22A9288F4C72@DS7PR12MB8204.namprd12.prod.outlook.com>

I?d be willing to take it over, but I doubt they would be willing to hand it over.


-
Jerry Benton
mailborder.com
________________________________
From: MailScanner <mailscanner-bounces+jerry.benton=mailborder.com at lists.mailscanner.info> on behalf of Martin Hepworth <maxsec at gmail.com>
Sent: Tuesday, June 11, 2024 9:20:51 AM
To: MailScanner discussion <mailscanner at lists.mailscanner.info>
Subject: bye bye SORBS

A long time useful RBL has just been shutdown.

Spam blocklist SORBS closed by its owner, Proofpoint ? The Register<https://www.theregister.com/2024/06/07/sorbs_closed/?td=rt-4a>

Worthwhile taking this out of your MailScanner and Spamassassin setting in case someone abuses it in the future.

--
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240611/6d37cfa4/attachment.html>

From maxsec at gmail.com  Wed Jun 12 08:36:37 2024
From: maxsec at gmail.com (Martin Hepworth)
Date: Wed, 12 Jun 2024 09:36:37 +0100
Subject: bye bye SORBS
In-Reply-To: <DS7PR12MB8204B0AE403B29ACD22A9288F4C72@DS7PR12MB8204.namprd12.prod.outlook.com>
References: <70501a3d09e22f5eeec2c697a0a6f590@mail.gmail.com>
 <DS7PR12MB8204B0AE403B29ACD22A9288F4C72@DS7PR12MB8204.namprd12.prod.outlook.com>
Message-ID: <CAGDKorLNsR=hPdxFZvCDEpe899L0S-9c5-+RZefpbJimh-vj8g@mail.gmail.com>

As a trusted individual that would be good, but if it gets into the hands
of  someone more nefarious, or you suffer a spanner attack and are forced
to hand over.....

https://xkcd.com/538/

-- 
Martin Hepworth, CISSP
Oxford, UK


On Tue, 11 Jun 2024 at 16:09, Jerry Benton <jerry.benton at mailborder.com>
wrote:

> I?d be willing to take it over, but I doubt they would be willing to hand
> it over.
>
>
> -
> Jerry Benton
> mailborder.com
> ------------------------------
> *From:* MailScanner <mailscanner-bounces+jerry.benton=
> mailborder.com at lists.mailscanner.info> on behalf of Martin Hepworth <
> maxsec at gmail.com>
> *Sent:* Tuesday, June 11, 2024 9:20:51 AM
> *To:* MailScanner discussion <mailscanner at lists.mailscanner.info>
> *Subject:* bye bye SORBS
>
> A long time useful RBL has just been shutdown.
>
> Spam blocklist SORBS closed by its owner, Proofpoint ? The Register
> <https://www.theregister.com/2024/06/07/sorbs_closed/?td=rt-4a>
>
> Worthwhile taking this out of your MailScanner and Spamassassin setting in
> case someone abuses it in the future.
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240612/c061814b/attachment.html>

From xserverlinux at gmail.com  Wed Jun 12 18:21:13 2024
From: xserverlinux at gmail.com (Rick Gutierrez)
Date: Wed, 12 Jun 2024 12:21:13 -0600
Subject: [SEMI-OFFTOPIC] two antivirus
In-Reply-To: <CAHAhptV0xEKKZpupmz2_z==fc_4tDU9MuhCThwSmLB3Tf3-u1g@mail.gmail.com>
References: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>
 <CAHAhptVujPLc-y+dC9iYhTa_Njs4iE8upsPG_HjdNd18bugtEQ@mail.gmail.com>
 <CAL_GE3SZW02go_NPaQ2=P_G4v+6FYTtxKygs-O4493qmeHB7Kg@mail.gmail.com>
 <CAHAhptV0xEKKZpupmz2_z==fc_4tDU9MuhCThwSmLB3Tf3-u1g@mail.gmail.com>
Message-ID: <CAL_GE3SWcG+RX9nNCqZZQLF9Le2vgWdzQbUjQyCYTqtNc7Zy4w@mail.gmail.com>

El vie, 7 jun 2024 a las 15:29, Ricky Boone (<ricky.boone at gmail.com>) escribi?:
>
>
> Okay.  From that, it looks like the supported list of virus scanners
> could be found here, but I would need to defer to the community for
> any additional experience with them.
>
> https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/virus.scanners.conf
>
> I will say, however, that while adding multiple virus engines is good
> to help layer your security, it will add additional complexity and
> scanning times for your email, which can be an issue for some users
> that expect email to be realtime.  Something to think about.
>
> You may also want to consider additional signatures for ClamAV, not
> relying only on the official ones.  It can increase your chance of
> false-positives, which you will need to either maintain a whitelist
> for or similar maintenance, but I have found many malicious emails
> with these.  Fangfrisch (https://rseichter.github.io/fangfrisch/) is a
> good tool to help select and organize many of these.  One source in
> particular that I find helpful is twinclams
> (https://github.com/splunk/twinclams), which is fairly active and
> accurate.
>
> > I'm going to take a look, I'm not sure if this would work on Rocky Linux 8/9.
>
> Based on their supported operating systems list, it looks like both
> should be supported.
>


Hi Ricky , This information is useful to me, thanks for sharing.


-- 
rickygm

http://gnuforever.homelinux.com

From info at digitalessence.net  Wed Jun 12 18:29:23 2024
From: info at digitalessence.net (info at digitalessence.net)
Date: Wed, 12 Jun 2024 19:29:23 +0100
Subject: :  Re: [SEMI-OFFTOPIC] two antivirus
In-Reply-To: <CAL_GE3SWcG+RX9nNCqZZQLF9Le2vgWdzQbUjQyCYTqtNc7Zy4w@mail.gmail.com>
References: <CAL_GE3QJSQi+B23jmSe3bd0u2=x4cmw8nvd38+fpZEnh-WWV2A@mail.gmail.com>
 <CAHAhptVujPLc-y+dC9iYhTa_Njs4iE8upsPG_HjdNd18bugtEQ@mail.gmail.com>
 <CAL_GE3SZW02go_NPaQ2=P_G4v+6FYTtxKygs-O4493qmeHB7Kg@mail.gmail.com>
 <CAHAhptV0xEKKZpupmz2_z==fc_4tDU9MuhCThwSmLB3Tf3-u1g@mail.gmail.com>
 <CAL_GE3SWcG+RX9nNCqZZQLF9Le2vgWdzQbUjQyCYTqtNc7Zy4w@mail.gmail.com>
Message-ID: <E1sHSip-0000000Eg0Z-3pUf@cloud1.digitalessence.net>

An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240612/1ab8ddc6/attachment.html>

From ravgrg at gmail.com  Wed Jun 12 21:32:41 2024
From: ravgrg at gmail.com (Raviv Golov)
Date: Thu, 13 Jun 2024 00:32:41 +0300
Subject: Seeking Developer to Customize MailWatch/MailScanner
Message-ID: <CAH4YD+7dtaiytrY9QNkUu=t6QoSq_8PeNSBHe8RkoP4DoareaA@mail.gmail.com>

Hello everyone,

I am looking for an experienced developer to customize
MailWatch/MailScanner with custom filters and additional features. This is
a paid opportunity, and I am open to discussing the specifics and your
rates.

If you are interested, please get in touch with me directly at [your email
address].

Thank you!

Best regards,

Raviv G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240613/217e6c1f/attachment.html>

From mailscanner at barendse.to  Thu Jun 27 08:15:19 2024
From: mailscanner at barendse.to (mailscanner at barendse.to)
Date: Thu, 27 Jun 2024 10:15:19 +0200 (CEST)
Subject: bye bye SORBS
In-Reply-To: <CAGDKorLntcOh67kQNCjqzsMw4uHLd=_0QntVy+pw0z2CcY6Mmg@mail.gmail.com>
References: <CAGDKorLntcOh67kQNCjqzsMw4uHLd=_0QntVy+pw0z2CcY6Mmg@mail.gmail.com>
Message-ID: <368de040-8d38-bbd3-e222-ec727be4a234@barendse.to>

Thanks for the heads-up, would have totally missed that one!

On Tue, 11 Jun 2024, Martin Hepworth wrote:

> A long time useful RBL has just been shutdown.
> 
> Spam blocklist SORBS closed by its owner, Proofpoint ? The Register
> 
> Worthwhile taking this out of your MailScanner and Spamassassin setting in case someone abuses it in the future.
> 
> --
> Martin Hepworth, CISSP
> Oxford, UK
> 
>

From info at digitalessence.net  Thu Jun 27 08:15:45 2024
From: info at digitalessence.net (info at digitalessence.net)
Date: Thu, 27 Jun 2024 09:15:45 +0100
Subject: :  Re: bye bye SORBS
In-Reply-To: <368de040-8d38-bbd3-e222-ec727be4a234@barendse.to>
References: <CAGDKorLntcOh67kQNCjqzsMw4uHLd=_0QntVy+pw0z2CcY6Mmg@mail.gmail.com>
 <368de040-8d38-bbd3-e222-ec727be4a234@barendse.to>
Message-ID: <E1sMkID-00000000DJG-1ttO@cloud1.digitalessence.net>

An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20240627/b064b549/attachment.html>