Recent content by ron

Hi Tom, This setting was in place - but after I saw backscatter was still ending up in user's mailbox, I reset this setting and configured the /etc/mail/spamassassin/custom.cf file instead.

Hi, Over the past few days, one of my users is bombarded with hundreds of backscatter messages. Our domain has a valid, hardfail SPF configuration. Also, the /etc/mail/spamassassin/custom.cf file is configured to mark illegitimate NDRs as SPAM: And still - only about 50% of the backscatter...

Is there a way to enable such filtering, regardless of whether the .exe is a virus or not?

Hi Tom, more and more viruses are passing through the gateway (which is healthy and up to date). I am not sure at all that this is a CLAM issue - even if the files weren't viruses - they are still executables inside an un-encrypted zip file, and should have been blocked ('Dangerous Content'...

Hi ;) attached is an infected file that managed to pass the gateway and was detected/qurantined by smsmse 6.5. over the past few days, there have been a few incidents like this one. can you spot the difference between this file and other executables that are usualy blocked at the gateway level?

Hi, Just upgraded to v2.5, CLAMAV is up to date, all SPAM tests are enabled. We are getting tens of Emails containing a redirection script (attached). How are they getting through? what to do...?

I need it because we get many false-positives, especially with Emails originating from countries like Russia, China, Korea, etc. where non-English fonts are used. some of my users check their daily spam report every morning and whitelist/deliver Emails accordingly, some users delete the report...

I was hoping for an automated way, it will be very time-consuming to go through all mail addresses and write down their whitelist entries...

Hi guys, Is there a way to extract the private whitelists that users create for themselves?

Hi Dietmer, After looking at the mail header, I see the following info: Received-SPF: softfail (XXXXXXX.com: Sender is not authorized by default to use 'X@XXX.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched) Is this SPF telling...

Hi, I am receiving messages from my own Email address: ron@<MyDomain.com>. These messages arrive from different SMTP servers on the internet and are usually quarantined as SPAM. Shouldn't SPF take care of it, and reject the messages even before it starts getting tested by the anti-spam agents...

Hi all :cool: over the past few weeks, SPAM has started penetrating PROXMOX and enter into our mail system. I'm not talking only "Buy VIAGRA" / "Enlarge your johnson" type of SPAM - I'm talking executables inside ZIPed folders. for example, this Email with an attachment called utility.zip...

After a few more viruses went clean through proxmox this morning, I downgraded to version 2.1 . so far so good, I started receiving alerts about blocked viruses again (2.2 was also configured to alert me, but it didn't) and viruses count on exchange server AV is static. freshclaming yields one...

Well, if it's just a matter of manual update - then it's not a big deal (although the error also occurs when trying to update using SSH). I was worried that this error might be just a symptom of a bigger, more critical problem (i.e. viruses passing through proxmox).

The thing is, my ClamAV signature databases were already up to date when the viruses got through. daily.cvd gets succesfully automatically updated a few times every day. My databases are, at the moment, up to date. when I click "update" - freshclam fails (see screenshot). when I click "save"...