davidep
(Davide Principi)
October 24, 2019, 8:45am
#1
I’m working with Filippo and Stephane to integrate the Oletools plugin for Rspamd in NethServer 7.
https://rspamd.com/doc/modules/external_services.html#oletools-specific-details
The olefy project is a small socket server that allows Rspamd to run oletools executables in a separated environment.
We have now a RPM for NethServer and CentOS 7 in the nethserver-testing repository. Source code is here: https://github.com/NethServer/olefy
The rspamd configuration to enable olefy is coming soon, in the meantime refer to the Rspamd documentation.
Who wants to check it out?
6 Likes
stephdl
(Stéphane de Labrusse)
October 24, 2019, 9:04am
#2
installation is good, the service is started…nice
2 Likes
davidep
(Davide Principi)
November 20, 2019, 3:11pm
#3
Released with nethserver-mail 2.9.0
1 Like
capote
(Marko)
October 10, 2020, 4:10pm
#4
Hi @davidep and @stephdl
The strongest motivation for me to switch from Plesk to Nethserver is your Rspamd-implementation.
One Question…
Did you implement the special Emotot prevention from Heinlein? He is one of the biggest, if not the biggest mail guru in Germany.
https://www.heinlein-support.de/blog/news/emotet-mit-rspamd-und-oletools-bekaempfen/
https://www.heinlein-support.de/blog/news/emotet-mit-rspamd-und-oletools-bekaempfen-teil-2/comment-page-1/#comment-238256
As Stephan always says, google translator is your best friend. Or the better one: https://www.deepl.com/translator
Best regrads, Marko
stephdl
(Stéphane de Labrusse)
October 10, 2020, 4:58pm
#5
Will check, no problem for the languages
davidep
(Davide Principi)
October 12, 2020, 7:11am
#6
AFAIK, yes: the above articles are dated 2019. And we added olefy/oletools in that period.
opened 03:56PM - 28 Oct 19 UTC
closed 03:08PM - 20 Nov 19 UTC
Using oletools (http://www.decalage.info/python/oletools) we could scan MS Office files looking for suspicious macros and block malicious emails.
We need:
oletools with olefy
rspamd config...
verified
I can’t say how much it can protect against latest attacks. I recently received some trojan attachments with encryption that were not detected by olefy/oletoos (and ClamAV).
2 Likes
pike
(Michael Kicks)
October 12, 2020, 7:46am
#7
An encrypted archive (or with password) is still unaccessible for many AV and analysis tools.
2 Likes
davidep
(Davide Principi)
Split this topic
October 21, 2020, 4:05pm
#8
davidep
(Davide Principi)
Split this topic
October 21, 2020, 4:08pm
#9