Mailing List Archive

fuglu 1.0.1
anyone using it ? :)

i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
dev-python/domainmagic in gentoo portage to work, with i found after i
had created the first gentoo ebuild for fuglu 1.0.1, late night works,
hehe :)

if others is really using fuglu please share
Re: fuglu 1.0.1 [ In reply to ]
Hi Benny,

We use fuglu in production at work and it works very nicely. But it was
on a centos machine. I have it too on a debian raspberry pi and just
updated from gitlab. I had a domainmagic dependency missing too but
mentionned it to a dev, who's working on a fix. I have no experience
with gentoo though.

At work, we switched to the dockerized version of fuglu, maybe you could
consider it.

But I doubt this mailing list is the best place to talk about fuglu.

Best regards,
Laurent

On 24.09.21 05:12, Benny Pedersen wrote:
>
> anyone using it ? :)
>
> i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
> dev-python/domainmagic in gentoo portage to work, with i found after i
> had created the first gentoo ebuild for fuglu 1.0.1, late night works,
> hehe :)
>
> if others is really using fuglu please share
>
Re: fuglu 1.0.1 [ In reply to ]
Hi,

> We use fuglu in production at work and it works very nicely. But it was
> on a centos machine. I have it too on a debian raspberry pi and just
> updated from gitlab. I had a domainmagic dependency missing too but
> mentionned it to a dev, who's working on a fix. I have no experience
> with gentoo though.
>
> At work, we switched to the dockerized version of fuglu, maybe you could
> consider it.

I'm also interested in this, as I'm having problems with amavisd (and
development has effectively stopped).

Does anyone know how it compares? Is it possible to more specifically
define the policies it applies to domains it processes? For example,
the problem I'm currently having with amavisd is that things like
virus/spam destiny, or banned filenames are limited to affecting all
domains the amavisd instance processes. It would be good to have more
flexibility there - one domain may wish to allow html files while
another would like to block them.

I've posted this on the amavisd list before, and it's gone unanswered.
I'm hoping fuglu is a more modern replacement without too much
difficulty in the conversion/replacement.

I also like fuglu for it being coded in python - it's much easier to
find python developers than perl developers these days.

> But I doubt this mailing list is the best place to talk about fuglu.

Yes, not strictly related, but I'm hoping it's closely related enough
for someone to give me some pointers, given we're all using SA.

Thanks,
Alex


>
> Best regards,
> Laurent
>
> On 24.09.21 05:12, Benny Pedersen wrote:
> >
> > anyone using it ? :)
> >
> > i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
> > dev-python/domainmagic in gentoo portage to work, with i found after i
> > had created the first gentoo ebuild for fuglu 1.0.1, late night works,
> > hehe :)
> >
> > if others is really using fuglu please share
> >
>
Re: fuglu 1.0.1 [ In reply to ]
On 9/24/2021 8:21 AM, Alex wrote:
> I'm also interested in this, as I'm having problems with amavisd (and
> development has effectively stopped).
>
> Does anyone know how it compares? Is it possible to more specifically
> define the policies it applies to domains it processes? For example,
> the problem I'm currently having with amavisd is that things like
> virus/spam destiny, or banned filenames are limited to affecting all
> domains the amavisd instance processes. It would be good to have more
> flexibility there - one domain may wish to allow html files while
> another would like to block them.
>
> I've posted this on the amavisd list before, and it's gone unanswered.
> I'm hoping fuglu is a more modern replacement without too much
> difficulty in the conversion/replacement.
Considering that you can effectively do the same in SA, that's one place
you could do HTML/Non-HTML stuff.

You can also artificially raise or lower scores relative to
sa_tag2_level_deflt using rules,
header  RULENAME To:addr /.*\@mydomain\.com/i
score   RULENAME  -3.0

Repeat as necessary for CC addresses.  BCCs will take some inspection of
your Received headers (depending on MTA).

But, you probably know this already.
> I also like fuglu for it being coded in python - it's much easier to
> find python developers than perl developers these days.
MIMEDefang might be another program that can help you.  I personally
don't know much about it, but it seems to be robust.

Generally speaking, most programmers (regardless of language) don't like
to take jobs where the Cost/Benefit ratio returns a divide-by-zero error.
If you want something free, I certainly wouldn't limit your search to
just Python.

Or, you could just fork over a couple hundred bucks and find someone on
Upwork, or maybe Freelancer, to do exactly what you want.
> Thanks,
> Alex
>

Good Luck,

-- Jared Hall
Re: fuglu 1.0.1 [ In reply to ]
On 2021-09-24 14:21, Alex wrote:

>> But I doubt this mailing list is the best place to talk about fuglu.
>
> Yes, not strictly related, but I'm hoping it's closely related enough
> for someone to give me some pointers, given we're all using SA.

quote KAM:

You could use some quick code that reads the first few bytes of the file
attachments and then compares it for certain matches called Magic
Bytes. For ELF, it's 0x7F followed by ELF in ASCII (45 4c 46).

You could use that to block any ELF file.

so we need mimedefang to detect it ? :=)

https://github.com/VirusTotal/yara

who will share ELF signature in Yara now ?

based on what KAM write is could make one in native clamav, so it works
in mimedefang && fuglu && amavisd-new

please share

note "google foxhole 3dr party signature" could be usefull to get
started on good protection
Re: fuglu 1.0.1 [ In reply to ]
Hi Alex,

The Filetype plugin of fuglu handles it very well:
https://fuglu.org/plugins-index.html#attachment-blocker

It can filter based on file extension and file type (recognized by Magic
Bytes... so Benny, mimedefang/clamav isn't necessary to block every ELF
or windows executable), even if the file is in an archive. By the way,
fuglu blocks it by default
/etc/fuglu/rules/default-filetypes.conf:
[...]
deny self-extract No self-extracting archives
deny executable No programs allowed
deny ELF No programs allowed
deny Registry No Windows Registry files allowed


That plugin can read a database for exceptions to the default rules.

A mechanism doesn't exist yet of recipient exceptions in the virus
plugins (there are multiple). You could simply skip some plugins for
specific recipients. You could also create a plugin that will read the
result of previous plugins (spamassassin, anti-virus, spf...) and take
appropriate action based on domain or recipient... It's what we did.

Best,
Laurent

On 24.09.21 14:21, Alex wrote:
> Hi,
>
>> We use fuglu in production at work and it works very nicely. But it was
>> on a centos machine. I have it too on a debian raspberry pi and just
>> updated from gitlab. I had a domainmagic dependency missing too but
>> mentionned it to a dev, who's working on a fix. I have no experience
>> with gentoo though.
>>
>> At work, we switched to the dockerized version of fuglu, maybe you could
>> consider it.
>
> I'm also interested in this, as I'm having problems with amavisd (and
> development has effectively stopped).
>
> Does anyone know how it compares? Is it possible to more specifically
> define the policies it applies to domains it processes? For example,
> the problem I'm currently having with amavisd is that things like
> virus/spam destiny, or banned filenames are limited to affecting all
> domains the amavisd instance processes. It would be good to have more
> flexibility there - one domain may wish to allow html files while
> another would like to block them.
>
> I've posted this on the amavisd list before, and it's gone unanswered.
> I'm hoping fuglu is a more modern replacement without too much
> difficulty in the conversion/replacement.
>
> I also like fuglu for it being coded in python - it's much easier to
> find python developers than perl developers these days.
>
>> But I doubt this mailing list is the best place to talk about fuglu.
>
> Yes, not strictly related, but I'm hoping it's closely related enough
> for someone to give me some pointers, given we're all using SA.
>
> Thanks,
> Alex
>
>
>>
>> Best regards,
>> Laurent
>>
>> On 24.09.21 05:12, Benny Pedersen wrote:
>>>
>>> anyone using it ? :)
>>>
>>> i added it to ::fidonet gentoo overlay, it missed dev-python/pygeoip,
>>> dev-python/domainmagic in gentoo portage to work, with i found after i
>>> had created the first gentoo ebuild for fuglu 1.0.1, late night works,
>>> hehe :)
>>>
>>> if others is really using fuglu please share
>>>
>>