Search found 183 matches

by aahq
Mon May 16, 2016 4:12 am
Forum: MailEnable Enterprise Edition
Topic: filter zipped exe attachments
Replies: 2
Views: 2698

Re: filter zipped exe attachments

Hi Alex, I know that there is no way that Mail Enable does this natively. I have another email chain explaining how to set up a batch file for your MTA Pickup that extract mime content, uncompress and mark up the message for the filters to deal with if it has any extension type you dont want. I am u...
by aahq
Tue May 10, 2016 5:47 am
Forum: MailEnable Enterprise Edition
Topic: Bypass antivirus
Replies: 1
Views: 2612

Re: Bypass antivirus

I think the AV Scanning of ME doesn't do much at the time of scan (if you are just returning a result). Everything happens from the filters. Probably, creating an advanced filter would help. I have something below that may help you with the programming. You could probably change the end statement to...
by aahq
Tue May 10, 2016 5:32 am
Forum: MailEnable Enterprise Edition
Topic: Sophos Antivirus
Replies: 4
Views: 4853

Re: Sophos Antivirus

Have a look at sanesecurity.com for add-ins for ClamAV. Increases my Spam/AV hit rates gigantically.

I have another post on how to install it. It is pretty simple.

Scott
by aahq
Thu Apr 07, 2016 9:42 am
Forum: MailEnable Enterprise Edition
Topic: Filter Script logic issue
Replies: 2
Views: 3183

Re: Filter Script logic issue

Thanks, Think I got it now. I think the CriteriaMet([ME_HASVIRUS], 1) had to be a literal 1 rather than inside "" I broke the script down into individual logic statements which still works. I found I had to set the "Sender Authenticated" to override the other filter results to reduce my internal fal...
by aahq
Wed Apr 06, 2016 1:27 pm
Forum: MailEnable Developers
Topic: Automatically Train Bayes In Spam Assassin
Replies: 2
Views: 11913

Re: Automatically Train Bayes In Spam Assassin

Hey. That looks pretty cool in concept. If I am running an established server thats been around for 8 years odd I probably should try to clean up older spam in peoples inboxes before running this. I am running a sourceforge version of SA from a few years ago so otherwise I should be OK. Any other go...
by aahq
Wed Apr 06, 2016 1:19 pm
Forum: MailEnable Enterprise Edition
Topic: Filter Script logic issue
Replies: 2
Views: 3183

Filter Script logic issue

Can anyone give me an idea on where I have gone wrong with the below: In the header of the message if my unpack process finds an exe in a zip it marks the header up with a "SV-Unwanted" line. My External Spam Assassin marks up with "X-Spam-Status: Yes" if it has spam. I am using the ME Internal Crit...
by aahq
Mon Apr 04, 2016 9:43 am
Forum: MailEnable Professional Edition
Topic: ClamAV Questions
Replies: 1
Views: 2559

Re: ClamAV Questions

Look at this thread for creating the schedule

http://www.mailenable.com/kb/content/ar ... D=me020568

Also look at my other thread in Mail Enable Enterprise for instructions on hypercharging ClamAV

:)

Scott
by aahq
Sat Apr 02, 2016 4:48 am
Forum: MailEnable Enterprise Edition
Topic: CLAMAV doesn't seem to be trapping virus
Replies: 4
Views: 5023

Re: CLAMAV doesn't seem to be trapping virus

I have been going on an antispam campaign this week. Tightening rules. Now I am putting in new processes and tryingto get ClamAV to "detect more" and get my AV a bit more in order. I have stumbled onto the below which most will find useful. This is from a Donation style company called Sane Security....
by aahq
Thu Mar 31, 2016 11:13 am
Forum: MailEnable Enterprise Edition
Topic: Filtering compressed (zip,rar) attachments containing executable (exe,etc) files.
Replies: 8
Views: 7744

Re: Filtering compressed (zip,rar) attachments containing executable (exe,etc) files.

Last was an old version of the script. This one works better. :) ---------- copy "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1" c:\temp\original md "c:\munpack\temp\%1" copy "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1" c:\munpack\temp\%1 c:\munpack\uudeview ...
by aahq
Thu Mar 31, 2016 7:12 am
Forum: MailEnable Enterprise Edition
Topic: CLAMAV doesn't seem to be trapping virus
Replies: 4
Views: 5023

Re: CLAMAV doesn't seem to be trapping virus

Try also uploading the "virus" to Virustotal.com and see if Clam is picking it up, I have hundreds of messages a day that ClamAV doesnt detect. If it is not being detected then this is not ME's fault by the way it is ClamAV. In another thread here I have exact instructions of how to deal with these ...
by aahq
Thu Mar 31, 2016 7:04 am
Forum: MailEnable Enterprise Edition
Topic: Filtering compressed (zip,rar) attachments containing executable (exe,etc) files.
Replies: 8
Views: 7744

Re: Filtering compressed (zip,rar) attachments containing executable (exe,etc) files.

I found out munpack wasnt decompressing mime64 stuff and some filenames correctly so I added a second command line utility called "uudeview" to my batch file from http://www.fpx.de/fp/Software/UUDeview/ I also have 7zip unpacking *.* rather than *.rar or *.zip (due to munpack not making extensions p...
by aahq
Fri Mar 18, 2016 6:10 am
Forum: MailEnable Standard Edition
Topic: Large SMTP Activity logs due to hackers
Replies: 9
Views: 9872

Re: Large SMTP Activity logs due to hackers

I would consider blocking entire ranges on your firewall e.g 195.22.*.* until they go away.

Chances are you aren't going to get mail from there :)

Scott
by aahq
Fri Mar 18, 2016 5:58 am
Forum: Suggestions
Topic: Inbuilt Attachment Content Filter for Examining Zip and Rar for Executables
Replies: 0
Views: 6089

Inbuilt Attachment Content Filter for Examining Zip and Rar for Executables

Below is what I am using in my pickup event but it would be great if there was an inbuilt filter like the below as a standard feature. I think a lot of people would be happy with just mime unpacking, unarchiving, and checking for malicious content and marking it up for action. For those wondering ab...
by aahq
Thu Mar 17, 2016 11:36 am
Forum: MailEnable Enterprise Edition
Topic: Help - NO SMTP server detected at this ip
Replies: 4
Views: 3517

Re: Help - NO SMTP server detected at this ip

I see in another thread that you are moving to a new server. Make sure your IP Addresses are the same. I can telnet to port 25 of 74.125.141.26 btw from the internet if that helps so it looks partially set up correctly? This could be anything otherwise :( Maybe a good idea to move back to your old s...
by aahq
Thu Mar 17, 2016 11:30 am
Forum: MailEnable Enterprise Edition
Topic: After evaluation - what could be the problem
Replies: 2
Views: 2591

Re: After evaluation - what could be the problem

I think the issue is more than licensing but ME's licensing is based on the amount of CPU in the server and the Computer Name of the server. If there is any change here it will move into "not happy" mode. I recommend logging online to the mail enable site with your details and recreate the key based...