jerbo128 (& Roberto)

Edited by Desperado - 18 January 2008 at 5:29pm

Roberto,

What will happen in the case of a 192.168.0.0/24 ?  Do we need to enter it as a 192.168.0.1/24 so that SFE can tell the difference?

Roberto,

Yes, the new beta of SpamFilter that will be released within the next day or so will allow the CDIR notation, and will thus allow you to specify the /8.

201.0.0.0/8 to block the whole class A.

Jeremy

Edited by jerbo128 - 21 January 2008 at 9:58pm

The CDIR notation is a new feature was introduced to solve a problem reported by Jerbo128 just 4 days ago :-)
Yesterday we released a new pre-release version of SpamFilter v4 that supports it (pre-release versions and betas are usually only available to licensed users). We are able to have such quick turnarounds (bug fixes are often released in less than 24/36 hours) as we are a smaller company and are not limited by inner political and marketing reasons in our business...
For the "holding up a number of years", SpamFilter was first released in Aug 2002, and we hope we'll be around for several more years!

For Avast!, there's no known issues with it nor other solutions. Please note the following however.
By default SpamFilter processes emails in RAM for efficiency. You can use
the following option in the SpamFilter.ini file to change this behavior:

;Set this to 0 to prevent queued emails to be spooled to memory, and force
spooling to disk. While less efficient, spooling to disk helps allow
existing antivirus software to detect and block some infected email files
SpoolQueueFilesToMemory=1

If the temp files are spooled to disk, this allows your antivirus a chance
to catch viruses the files may contain. If this happens, and your AV
deletes the file, SpamFilter is "smart" enough to understand what
happened, and will simply ignore the file and the relative email. However
your AV must be able to keep up with the mail flow, and not all of them
can.
The antivirus plugin for the partner we use, Norman, is fully integrated
in SpamFilter, and will inspect all attachments in emails. We go even as
far as "hacking" the passwords in zip files if they are not longer than 6
digits, so we can catch many of the viruses in password protected zip
files.

Is there a guide on how to use the CDIR feature? 
Do we just include the IP block in the IP Filter list (e.g. xxx.yyy.zzz.0/16)?
I don't see mention of it in the official documentation.

This feature is effective as of 4.0.0.772, correct?

And finally, as a registered SF user (since the 1.x days), it has been a real pleasure dealing with Roberto and using a product that the USERS can influence the direction of.

Hi Alan,

The CDIR notation was added in v4.0.0.770, but, to be truthful, I do not know when we added the documentation to the manual. Here's the relevant section:

Blacklisted IPs - You can keep a file with additional IPs that you want to blacklist by entering the filename below. If the file does not exist it will be created. The file is reloaded every minute. List individual IP addresses on each line. Use an ending .0 for a Class C wildcard (i.e. 192.12.45.0 to block 192.12.45.1 --> 192.12.45.255). This IP blacklist also supports the use of CDIR notation to specify networks. For example, 192.12.45.0/24 will block the previous Class C of addresses as well. The contents of the file will be loaded in the memo box, allowing you to make changes to the file.

Unfortunately most likely we're still not going to be able to provide support for comments in all the blacklist/whitelist files. The reason is the same for which we do not check for correctness (the most common problems are leading/trailing spaces in the entries). Some customers have dozens of millions of entries in these lists, and checking each line for correctness (and parsing out the comments) would severely hamper performance in these cases. We process these white/black lists in bulk when reading/writing them, without looking at individual entries but rather by managing the raw memory locations that hold the strings as a whole, without applying any parsing for speed.