<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Sehr schön, da fallen mir die ganzen Optionen am Ende auf!<div class=""><br class=""></div><div class="">Sind das die Default, oder sollte man die so setzen?</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">BTW: @Carsten, in deinem Kurs geht es mehr um rspamd, oder? </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Viele Grüße! Frank</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">Am 05.12.2018 um 11:28 schrieb Carsten Rosenberg <<a href="mailto:cr@ncxs.de" class="">cr@ncxs.de</a>>:</div><br class="Apple-interchange-newline"><div class=""><a href="https://github.com/rspamd/rspamd.com/pull/369" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://github.com/rspamd/rspamd.com/pull/369</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Ich hab die SAVDI Doku für den Rspamd mal präzisiert.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Viele Grüße</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Carsten</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">On 04.12.18 19:28, Frank Fiene wrote:</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">Na also:<br class=""><br class="">554 5.7.1 sophos: virus found: "EICAR-AV-Test"<br class=""><br class=""><br class=""><br class="">Also vielen Dank an alle!<br class=""><br class="">Das sollte vl. mal dokumentiert werden, ich schreibe den Vsevolod<br class="">Stakhov mal an.<br class=""><br class=""><br class="">Viele Grüße!<br class="">Frank<br class="">-- <br class="">Frank Fiene<br class="">IT-Security Manager VEKA Group<br class=""><br class="">Fon: +49 2526 29-6200<br class="">Fax: +49 2526 29-16-6200<br class="">mailto: <a href="mailto:ffiene@veka.com" class="">ffiene@veka.com</a><span class="Apple-converted-space"> </span><<a href="mailto:ffiene@veka.com" class="">mailto:ffiene@veka.com</a>><br class=""><a href="http://www.veka.com/" class="">http://www.veka.com</a><br class=""><br class="">PGP-ID: 62112A51<br class="">PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51<br class="">Threema: VZK5NDWW<br class=""><br class="">VEKA AG<br class="">Dieselstr. 8<br class="">48324 Sendenhorst<br class="">Deutschland/Germany<br class=""><br class="">Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),<br class="">Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr.<br class="">Werner Schuler,<br class="">Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer<br class="">HRB 8282 AG Münster/District Court of Münster<br class=""><br class=""><blockquote type="cite" class="">Am 04.12.2018 um 19:22 schrieb Frank Fiene <<a href="mailto:ffiene@veka.com" class="">ffiene@veka.com</a><br class=""><<a href="mailto:ffiene@veka.com" class="">mailto:ffiene@veka.com</a>>>:<br class=""><br class="">Ich meinte natürlich SSSP. <br class=""><br class="">Ich habe mal die Requests mitgelogt.<br class=""><br class="">181204:192035 [5C06A00C] 00038402 New session<br class="">181204:192035 [5C06A00C/1] 00030406 Client request<br class=""> SSSP/1.0<br class="">181204:192035 [5C06A00C/2] 00030406 Client request<br class=""> SCANDATA 9585<br class="">181204:192035 [5C06A00C/3] 00030406 Client request<br class=""> BYE<br class="">181204:192035 [5C06A00C] 00038403 Session ended<br class="">181204:192035 [5C06A00C] 00038401 Connection ended<br class=""><br class=""><br class="">Das sieht doch eigentlich gut aus, oder?<br class=""><br class="">Muss nochmal den EICAR durchjagen.<br class=""><br class=""><br class="">Viele Grüße!<br class="">Frank<br class="">-- <br class="">Frank Fiene<br class="">IT-Security Manager VEKA Group<br class=""><br class="">Fon:<span class="Apple-converted-space"> </span><a href="tel:+49%202526%2029-6200" class="">+49 2526 29-6200</a><br class="">Fax:<span class="Apple-converted-space"> </span><a href="tel:+49%202526%2029-16-6200" class="">+49 2526 29-16-6200</a><br class="">mailto: <a href="mailto:ffiene@veka.com" class="">ffiene@veka.com</a><span class="Apple-converted-space"> </span><<a href="mailto:ffiene@veka.com" class="">mailto:ffiene@veka.com</a>><br class=""><a href="http://www.veka.com/" class="">http://www.veka.com</a><span class="Apple-converted-space"> </span><<a href="http://www.veka.com/" class="">http://www.veka.com/</a>><br class=""><br class="">PGP-ID: 62112A51<br class="">PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51<br class="">Threema: VZK5NDWW<br class=""><br class="">VEKA AG<br class="">Dieselstr. 8<br class="">48324 Sendenhorst<br class="">Deutschland/Germany<br class=""><br class="">Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),<br class="">Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr.<br class="">Werner Schuler,<br class="">Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich<br class="">Weimer<br class="">HRB 8282 AG Münster/District Court of Münster<br class=""><br class=""><blockquote type="cite" class="">Am 04.12.2018 um 17:52 schrieb Frank Fiene <<a href="mailto:ffiene@veka.com" class="">ffiene@veka.com</a><br class=""><<a href="mailto:ffiene@veka.com" class="">mailto:ffiene@veka.com</a>>>:<br class=""><br class="">Ja, ich habe auch gerade das Scanner Protocol auf SSCP umgestellt.<br class=""><br class="">Ich habe bei rspamd nicht gefunden, ob Sophie oder SSCP benutzt wird.<br class=""><br class="">--<span class="Apple-converted-space"> </span><br class="">Frank Fiene<br class="">IT-Security Manager VEKA Group<br class=""><br class="">Fon:<span class="Apple-converted-space"> </span><a href="tel:+49%202526%2029-6200" class="">+49 2526 29-6200</a><br class="">Fax:<span class="Apple-converted-space"> </span><a href="tel:+49%202526%2029-16-6200" class="">+49 2526 29-16-6200</a><br class="">mailto:<span class="Apple-converted-space"> </span><a href="mailto:ffiene@veka.com" class="">ffiene@veka.com</a><span class="Apple-converted-space"> </span><<a href="mailto:ffiene@veka.com" class="">mailto:ffiene@veka.com</a>><br class=""><a href="http://www.veka.com/" class="">http://www.veka.com</a><span class="Apple-converted-space"> </span><<a href="http://www.veka.com/" class="">http://www.veka.com/</a>><br class=""><br class="">PGP-ID: 62112A51<br class="">PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51<br class=""><br class="">VEKA AG<br class="">Dieselstr. 8<br class="">48324 Sendenhorst<br class="">Deutschland/Germany<br class=""><br class="">Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),<br class="">Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr.<br class="">Werner Schuler,<br class="">Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich<br class="">Weimer<br class="">HRB 8282 AG Münster/District Court of Münster<br class=""><br class=""><blockquote type="cite" class="">Am 04.12.2018 um 16:17 schrieb Michael Wuttke<br class=""><<a href="mailto:mwuttke@beuth-hochschule.de" class="">mwuttke@beuth-hochschule.de</a><span class="Apple-converted-space"> </span><<a href="mailto:mwuttke@beuth-hochschule.de" class="">mailto:mwuttke@beuth-hochschule.de</a>>>:<br class=""><br class="">Hallo,<br class=""><br class="">noch mal als Nachtrag, da es Nachfragen gab:<br class=""><br class="">Wir haben bei uns das SSSP-Protokoll von Sophos in Amavis auf dem Port<br class="">4010 eingebunden. Daher haben wir den unten genannten Schaltet für den<br class="">channel for SSSP konfiguriert.<br class=""><br class="">Und da dieser Schalter für SAVDI bislang undokumentiert ist, bitte<br class="">einfach den unten stehenden contextstr-Schnipsel im scanner-Block vom IP<br class="">channel for SSSP hinzufügen.<br class=""><br class="">Danke & Gruß,<br class="">Michael Wuttke<br class=""><br class=""><blockquote type="cite" class="">Am 04.12.18 um 10:19 schrieb Michael Wuttke:<br class="">Hallo,<br class=""><br class="">sehr hilfreich ist noch in der SAVDI Konfigurationsdatei savdid.conf<br class="">folgende Einstellung hinzuzufügen, die zum einen aus der<br class="">DFN-Mail-AK-Liste stammt und mir aber auch von einem Enterprise Account<br class="">Executive von sophos bestätigt wurde:<br class=""><br class="">/ /<br class="">/CXMail is our context based detection/<br class="">/ /<br class=""><br class="">/This particular detection is fired on Microsoft office<br class="">attachments(often compressed) that have macros inside. These macros<br class="">work as a file dropper/downloader and access the internet to download<br class="">a malware payload. The URL's accessed by these attachments change on a<br class="">regular basis and will automatically switch to a new one if the<br class="">existing one is blocked. /<br class=""><br class="">scanner {<br class=""><br class="">...<br class="">contextstr: Genes/Extn/ProdVer OEM:Email:1.0.0<br class="">...<br class="">}<br class=""><br class="">Die Erkennungsrate von Macro-Viren ist bei uns seit dem deutlich nach<br class="">oben gegangen. ;-)<br class=""><br class="">Danke & Gruß,<br class="">Michael<br class=""><br class=""><blockquote type="cite" class="">Am 04.12.18 um 08:32 schrieb Frank Fiene:<br class="">Moin,<br class=""><br class="">Ich habe ein paar Fragen, ich möchte gerne einen zusätzlichen<br class="">Virenscanner testen neben Clamav und da ist mir Sophos in dein<br class="">Sinn gekommen.<br class="">Grund ist, dass immer mehr Viren durchkommen, die weder Clamav<br class="">noch Trendmicro (im Backend) erkennen, selbst ältere.<br class=""><br class=""><br class="">1.) Was benötige ich alles, auf den Gateways läuft Postfix und<br class="">amavisd-new?<br class=""><br class="">2.) Installiere ich den Sophos Virenscanner auf einer eigenen<br class="">Maschine oder auf jedem Gateway?<br class=""><br class="">3.) Gibt es Testversionen ohne Einschränkungen?<br class=""><br class="">4.) Was kostet das, wenn sagen wir mal 10.000 Mails pro Tag<br class="">gescannt werden müssen, also durch die anderen Abwehrmaßnahmen<br class="">durchgekommen sind?<br class=""><br class=""><br class=""><br class="">Viele Grüße!<br class="">Frank</blockquote></blockquote></blockquote></blockquote></blockquote></blockquote></div></blockquote></div><br class=""><div class="">
<div dir="auto" style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Viele Grüße!<br class="">i.A. Frank Fiene<br class="">-- <br class="">Frank Fiene</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">IT-Security Manager VEKA Group</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class="">Fon: +49 2526 29-6200<br class="">Fax: +49 2526 29-16-6200<br class="">mailto: <a href="mailto:ffiene@veka.com" class="">ffiene@veka.com</a><br class=""><a href="http://www.veka.com" class="">http://www.veka.com</a><br class=""><br class=""></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">PGP-ID: 62112A51<br class="">PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Threema: VZK5NDWW<br class=""><br class="">VEKA AG<br class="">Dieselstr. 8<br class="">48324 Sendenhorst<br class="">Deutschland/Germany<br class=""><br class="">Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),<br class="">Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler,<br class="">Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer<br class="">HRB 8282 AG Münster/District Court of Münster</div></div></div></div></div></div></div></div>
</div>
<br class=""></div></body></html>