Olefy/Oletools Rspamd integration

I’m working with Filippo and Stephane to integrate the Oletools plugin for Rspamd in NethServer 7.

https://rspamd.com/doc/modules/external_services.html#oletools-specific-details

The olefy project is a small socket server that allows Rspamd to run oletools executables in a separated environment.

We have now a RPM for NethServer and CentOS 7 in the nethserver-testing repository. Source code is here: https://github.com/NethServer/olefy

The rspamd configuration to enable olefy is coming soon, in the meantime refer to the Rspamd documentation.

Who wants to check it out?

installation is good, the service is started…nice

Released with nethserver-mail 2.9.0

Hi @davidep and @stephdl
The strongest motivation for me to switch from Plesk to Nethserver is your Rspamd-implementation.

One Question…

Did you implement the special Emotot prevention from Heinlein? He is one of the biggest, if not the biggest mail guru in Germany.

https://www.heinlein-support.de/blog/news/emotet-mit-rspamd-und-oletools-bekaempfen/
https://www.heinlein-support.de/blog/news/emotet-mit-rspamd-und-oletools-bekaempfen-teil-2/comment-page-1/#comment-238256

As Stephan always says, google translator is your best friend. Or the better one: https://www.deepl.com/translator

Best regrads, Marko

Will check, no problem for the languages

AFAIK, yes: the above articles are dated 2019. And we added olefy/oletools in that period.

I can’t say how much it can protect against latest attacks. I recently received some trojan attachments with encryption that were not detected by olefy/oletoos (and ClamAV).

An encrypted archive (or with password) is still unaccessible for many AV and analysis tools.

13 posts were split to a new topic: Doc or docs with macros attachments ignored by oletools

A post was merged into an existing topic: Doc or docs with macros attachments ignored by oletools