You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Benny Pedersen <me...@junc.eu> on 2021/09/24 03:12:15 UTC
fuglu 1.0.1
anyone using it ? :)
i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
dev-python/domainmagic in gentoo portage to work, with i found after i
had created the first gentoo ebuild for fuglu 1.0.1, late night works,
hehe :)
if others is really using fuglu please share
Re: fuglu 1.0.1
Posted by "Laurent S." <11...@protonmail.ch>.
Hi Alex,
The Filetype plugin of fuglu handles it very well:
https://fuglu.org/plugins-index.html#attachment-blocker
It can filter based on file extension and file type (recognized by Magic
Bytes... so Benny, mimedefang/clamav isn't necessary to block every ELF
or windows executable), even if the file is in an archive. By the way,
fuglu blocks it by default
/etc/fuglu/rules/default-filetypes.conf:
[...]
deny self-extract No self-extracting archives
deny executable No programs allowed
deny ELF No programs allowed
deny Registry No Windows Registry files allowed
That plugin can read a database for exceptions to the default rules.
A mechanism doesn't exist yet of recipient exceptions in the virus
plugins (there are multiple). You could simply skip some plugins for
specific recipients. You could also create a plugin that will read the
result of previous plugins (spamassassin, anti-virus, spf...) and take
appropriate action based on domain or recipient... It's what we did.
Best,
Laurent
On 24.09.21 14:21, Alex wrote:
> Hi,
>
>> We use fuglu in production at work and it works very nicely. But it was
>> on a centos machine. I have it too on a debian raspberry pi and just
>> updated from gitlab. I had a domainmagic dependency missing too but
>> mentionned it to a dev, who's working on a fix. I have no experience
>> with gentoo though.
>>
>> At work, we switched to the dockerized version of fuglu, maybe you could
>> consider it.
>
> I'm also interested in this, as I'm having problems with amavisd (and
> development has effectively stopped).
>
> Does anyone know how it compares? Is it possible to more specifically
> define the policies it applies to domains it processes? For example,
> the problem I'm currently having with amavisd is that things like
> virus/spam destiny, or banned filenames are limited to affecting all
> domains the amavisd instance processes. It would be good to have more
> flexibility there - one domain may wish to allow html files while
> another would like to block them.
>
> I've posted this on the amavisd list before, and it's gone unanswered.
> I'm hoping fuglu is a more modern replacement without too much
> difficulty in the conversion/replacement.
>
> I also like fuglu for it being coded in python - it's much easier to
> find python developers than perl developers these days.
>
>> But I doubt this mailing list is the best place to talk about fuglu.
>
> Yes, not strictly related, but I'm hoping it's closely related enough
> for someone to give me some pointers, given we're all using SA.
>
> Thanks,
> Alex
>
>
>>
>> Best regards,
>> Laurent
>>
>> On 24.09.21 05:12, Benny Pedersen wrote:
>>>
>>> anyone using it ? :)
>>>
>>> i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
>>> dev-python/domainmagic in gentoo portage to work, with i found after i
>>> had created the first gentoo ebuild for fuglu 1.0.1, late night works,
>>> hehe :)
>>>
>>> if others is really using fuglu please share
>>>
>>
Re: fuglu 1.0.1
Posted by Benny Pedersen <me...@junc.eu>.
On 2021-09-24 14:21, Alex wrote:
>> But I doubt this mailing list is the best place to talk about fuglu.
>
> Yes, not strictly related, but I'm hoping it's closely related enough
> for someone to give me some pointers, given we're all using SA.
quote KAM:
You could use some quick code that reads the first few bytes of the file
attachments and then compares it for certain matches called Magic
Bytes. For ELF, it's 0x7F followed by ELF in ASCII (45 4c 46).
You could use that to block any ELF file.
so we need mimedefang to detect it ? :=)
https://github.com/VirusTotal/yara
who will share ELF signature in Yara now ?
based on what KAM write is could make one in native clamav, so it works
in mimedefang && fuglu && amavisd-new
please share
note "google foxhole 3dr party signature" could be usefull to get
started on good protection
Re: [OT] Re: fuglu 1.0.1
Posted by Jared Hall <ja...@jaredsec.com>.
On 9/25/2021 5:08 AM, Giovanni Bechis wrote:
> MIMEDefang might be another program that can help you. I personally don't know much about it, but it seems to be robust.
> MIMEDefang can fix Alex issue ("one domain may wish to allow html files while another would like to block them"),
> we can talk about it on the MIMEDefang ml (https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org) or you can send me an email
> about it.
> Giovanni
Grazie per l'aiuto. Alex dovrebbe essere felice.
:)
-- Jared Hall
[OT] Re: fuglu 1.0.1
Posted by Giovanni Bechis <gi...@paclan.it>.
On 9/25/21 08:32, Jared Hall wrote:
> MIMEDefang might be another program that can help you. I personally don't know much about it, but it seems to be robust.
MIMEDefang can fix Alex issue ("one domain may wish to allow html files while another would like to block them"),
we can talk about it on the MIMEDefang ml (https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org) or you can send me an email
about it.
Giovanni
Re: fuglu 1.0.1
Posted by Jared Hall <ja...@jaredsec.com>.
On 9/24/2021 8:21 AM, Alex wrote:
> I'm also interested in this, as I'm having problems with amavisd (and
> development has effectively stopped).
>
> Does anyone know how it compares? Is it possible to more specifically
> define the policies it applies to domains it processes? For example,
> the problem I'm currently having with amavisd is that things like
> virus/spam destiny, or banned filenames are limited to affecting all
> domains the amavisd instance processes. It would be good to have more
> flexibility there - one domain may wish to allow html files while
> another would like to block them.
>
> I've posted this on the amavisd list before, and it's gone unanswered.
> I'm hoping fuglu is a more modern replacement without too much
> difficulty in the conversion/replacement.
Considering that you can effectively do the same in SA, that's one place
you could do HTML/Non-HTML stuff.
You can also artificially raise or lower scores relative to
sa_tag2_level_deflt using rules,
header RULENAME To:addr /.*\@mydomain\.com/i
score RULENAME -3.0
Repeat as necessary for CC addresses. BCCs will take some inspection of
your Received headers (depending on MTA).
But, you probably know this already.
> I also like fuglu for it being coded in python - it's much easier to
> find python developers than perl developers these days.
MIMEDefang might be another program that can help you. I personally
don't know much about it, but it seems to be robust.
Generally speaking, most programmers (regardless of language) don't like
to take jobs where the Cost/Benefit ratio returns a divide-by-zero error.
If you want something free, I certainly wouldn't limit your search to
just Python.
Or, you could just fork over a couple hundred bucks and find someone on
Upwork, or maybe Freelancer, to do exactly what you want.
> Thanks,
> Alex
>
Good Luck,
-- Jared Hall
Re: fuglu 1.0.1
Posted by Alex <my...@gmail.com>.
Hi,
> We use fuglu in production at work and it works very nicely. But it was
> on a centos machine. I have it too on a debian raspberry pi and just
> updated from gitlab. I had a domainmagic dependency missing too but
> mentionned it to a dev, who's working on a fix. I have no experience
> with gentoo though.
>
> At work, we switched to the dockerized version of fuglu, maybe you could
> consider it.
I'm also interested in this, as I'm having problems with amavisd (and
development has effectively stopped).
Does anyone know how it compares? Is it possible to more specifically
define the policies it applies to domains it processes? For example,
the problem I'm currently having with amavisd is that things like
virus/spam destiny, or banned filenames are limited to affecting all
domains the amavisd instance processes. It would be good to have more
flexibility there - one domain may wish to allow html files while
another would like to block them.
I've posted this on the amavisd list before, and it's gone unanswered.
I'm hoping fuglu is a more modern replacement without too much
difficulty in the conversion/replacement.
I also like fuglu for it being coded in python - it's much easier to
find python developers than perl developers these days.
> But I doubt this mailing list is the best place to talk about fuglu.
Yes, not strictly related, but I'm hoping it's closely related enough
for someone to give me some pointers, given we're all using SA.
Thanks,
Alex
>
> Best regards,
> Laurent
>
> On 24.09.21 05:12, Benny Pedersen wrote:
> >
> > anyone using it ? :)
> >
> > i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
> > dev-python/domainmagic in gentoo portage to work, with i found after i
> > had created the first gentoo ebuild for fuglu 1.0.1, late night works,
> > hehe :)
> >
> > if others is really using fuglu please share
> >
>
Re: fuglu 1.0.1
Posted by "Laurent S." <11...@protonmail.ch>.
Hi Benny,
We use fuglu in production at work and it works very nicely. But it was
on a centos machine. I have it too on a debian raspberry pi and just
updated from gitlab. I had a domainmagic dependency missing too but
mentionned it to a dev, who's working on a fix. I have no experience
with gentoo though.
At work, we switched to the dockerized version of fuglu, maybe you could
consider it.
But I doubt this mailing list is the best place to talk about fuglu.
Best regards,
Laurent
On 24.09.21 05:12, Benny Pedersen wrote:
>
> anyone using it ? :)
>
> i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
> dev-python/domainmagic in gentoo portage to work, with i found after i
> had created the first gentoo ebuild for fuglu 1.0.1, late night works,
> hehe :)
>
> if others is really using fuglu please share
>