For general Groups.io questions, please see the Group Managers Forum and Group_Help groups. Note: those groups are volunteer-led and are not officially run by Groups.io.
|
moderated
Re: Virus scanning
On Tue, Aug 21, 2018 at 9:42 PM, Shal Farley <shals2nd@...> wrote:
Ok, so new group option for dealing with spam: either moderate or reject, with reject being the default. Rejected messages will be logged in the activity log. If I reject a message, should it bounce back to the sender, or should I blackhole it? If a message in the archives is flagged as having a virus or phishing attack, should I put a banner on the page saying so? (and should I go back through the archives doing scans)? By the way, I assume none of the above applies to the boatloads of absolute junk from invalid sources (malware-infected PCs and the like) that I presume you've been dropping all along. Those deserve the black hole treatment. The fact that many/most groups don't accept messages from non-subscribers acts as a natural prevention for a lot of this crap. I don't accept smtp connections from IP addresses that don't have reverse DNS records. I use a few blocklists as well, for all connections to the site, not just email. I haven't done anything with SPF and DKIM data yet. Thanks, Mark
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
On Tue, Aug 21, 2018 at 09:42 PM, Shal Farley wrote:
I don't think I would go as far as Lena suggests, and moderate them without that being a group option; I'm concerned that few group moderators would have the knowledge to make a safe decision for their group. A choice between "moderate" or "reject" might be useful, with "reject" the default.Agree with Shal on this. An email reflector like groups.io, is a multiplier-- it turns a single email into many emails. Cybercriminals love this. Send out a malevolent email to a single address and, depending on the size of the group, the poison goes to hundreds or thousands of potential victims. And those victims are predisposed to swallow the poison because it comes from a familiar source that they intentionally subscribed to. Even better if the email spoofs the name of a prominent member. This is a hacker's dream setup. These criminals are not nice people. Give them a chance and they will hurt you. Rejecting is annoying, but aggressively scrubbing malware from multipliers like groups.io is good policy in my book. Moderators should hesitate and consider carefully a decision to take the "moderate" option. Letting a malevolent email loose on your group could destroy it. Look at the annoyance of automatic rejection as a price a small price paid for the convenience and pleasure you get from membership in a groups.io group. Best, Marv
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
Mark,
> My default implementation would be to turn it on so that it blocks all > emails, files and photos that it finds has a virus or phishing > attempt. > Do you see any reason to not do it this way? "Block" = "Drop" or "Reject"? Drop is a very severe action, and I'm not entirely sure it should be done even with non-subscribers. With subscribers at the least I'd recommend "reject" (and add to the Activity log). As Jim and some others, I was thinking maybe have a group option to put those from subscribers in the pending queue, prominently marked as containing potentially harmful content. This would serve the small fraction of groups who might be studying such things, or might be sharing harmless executable files that trigger a false positive. I'm sympathetic because once long ago forwarding a message to abuse@example.com or spam@example.com was a common way certain senders requested that non-users (of their service) should report "bad" messages coming from their service. But I had an ISP that blocked suspicious messages outbound by me, so I couldn't send the requested report. I don't think I would go as far as Lena suggests, and moderate them without that being a group option; I'm concerned that few group moderators would have the knowledge to make a safe decision for their group. A choice between "moderate" or "reject" might be useful, with "reject" the default. By the way, I assume none of the above applies to the boatloads of absolute junk from invalid sources (malware-infected PCs and the like) that I presume you've been dropping all along. Those deserve the black hole treatment. Shal
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
Jim Higgins
I don't expect scanning to change anything here for me since my groups use plain text and no attachments in the first place.
toggle quoted messageShow quoted text
Actions? Perhaps DROP ALL and DROP ATTACHMENT ONLY should be available... as well as maybe some sort of "Quarantine for Review/Moderation by Group Owner" option. Notification? Notify Owner, Notify Sender, Notify Both seem like decent options. Notify Owner (or both) seems to go hand in hand with an action of "Quarantine for Review..." (above). Jim H Received from Mark Fletcher at 8/21/2018 03:24 AM UTC:
Hi All,
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
Laurence Taylor
Ellen Moody <ellen.moody@gmail.com> wrote:
I just read that Groups.io is down for maintenance. We were informed itUTC - Co-ordinated Universal Time. Pretty much the same as GMT. West coast USA is GMT-8 (-7 in summer) and East coast is GMT-5 (-4 in summer). -- rgds LAurence <><
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
I confess to not knowing where this main forum is. I also am unaware that I have any software called a timezone. I'm one of those who when confronted with centigrade temperatures doubles the number and adds thirty. I don't know the formula for moving from fahrenheit to centigrade. I can't imagine meters as yet: inches, feet, yards, miles. But I do have the decimal system downpat .... Ellen
On Tue, Aug 21, 2018 at 12:12 PM Toby Kraft <toby@...> wrote: Ellen,
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
Dave Wade
Mark,
Yes scanners can catch spam/phish/malware, the trouble is that virus scanners are tuned for high detection rate because any one choosing a virus scanner will invariably choose the one with the highest detection rate. Of course this usually equates to a high false positive rate, but no one ever tests for this, and figures for false positives are notoriously hard to find. This can be a real pain as it often results in critical messages, for example those about SPAM, things containing copies of bad headers in the message body, things where you are trying to send samples of VBScript. Have you tested what happens when you send innocent, but slightly malicious messages?
Dave
From: main@beta.groups.io <main@beta.groups.io> On Behalf Of Ken Schweizer
Sent: 21 August 2018 16:55 To: main@beta.groups.io; beta@groups.io Subject: Re: [beta] Virus scanning
Hi Mark,
My questions are: Will the Owners/Moderators know that a message was blocked? Will we know how many are blocked each day? When will it start?
Yahoo blocked messages and never notified us what, why and how many. It became a disaster not knowing.
Ken
"And if any man shall take away from the words of the book of this prophecy, God shall take away his part out of the book of life, and out of the holy city, and from the things which are written in this book." God
From: main@beta.groups.io [mailto:main@beta.groups.io] On Behalf Of Mark Fletcher
Hi All,
I've been testing virus/phishing scanning the last few weeks and I'm pretty confident that it's catching what it should. In testing, it's scanning all emails, all uploaded files and photos. And right now, if the sender is not a subscriber, it drops any emails it finds has a virus or phishing attack.
My default implementation would be to turn it on so that it blocks all emails, files and photos that it finds has a virus or phishing attempt. Do you see any reason to not do it this way?
The scanner I'm using is here: http://www.clamav.net/
Thanks, Mark
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
Ellen,
Planned outages are posted as events on the calendar in the Beta/Main forum. If you have your timezone configured correctly (Account -> Preferences), when you view the calendar and hover over the event, the time of the outage will be displayed in your timezone. As shown here (I'm in Central (Chicago) timezone): Information on what is affected by the outage is included in the event. Thanks Toby
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
Chris, the only question I have is will group owners know what emails are rejected? Hopefully these will be activity logged like any other rejection. Shal
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
Hi Mark,
My questions are: Will the Owners/Moderators know that a message was blocked? Will we know how many are blocked each day? When will it start?
Yahoo blocked messages and never notified us what, why and how many. It became a disaster not knowing.
Ken
"And if any man shall take away from the words of the book of this prophecy, God shall take away his part out of the book of life, and out of the holy city, and from the things which are written in this book." God
From: main@beta.groups.io [mailto:main@beta.groups.io]
On Behalf Of Mark Fletcher
Sent: Monday, August 20, 2018 10:25 PM To: beta@groups.io Subject: [beta] Virus scanning
Hi All,
I've been testing virus/phishing scanning the last few weeks and I'm pretty confident that it's catching what it should. In testing, it's scanning all emails, all uploaded files and photos. And right now, if the sender is not a subscriber, it drops any emails it finds has a virus or phishing attack.
My default implementation would be to turn it on so that it blocks all emails, files and photos that it finds has a virus or phishing attempt. Do you see any reason to not do it this way?
The scanner I'm using is here: http://www.clamav.net/
Thanks, Mark
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
Leeni
-------Original Message-------
Thank you all. So I'll just proceed as usual, only I'll send my postings from my gmail.
I am confused about time: how does pacific time 11 pm translate into daylight savings time on the east coast?
Ellen
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
11pm pst is 2pm est
On Tue, Aug 21, 2018, 11:18 AM Ellen Moody <ellen.moody@...> wrote:
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
Thank you all. So I'll just proceed as usual, only I'll send my postings from my gmail. I am confused about time: how does pacific time 11 pm translate into daylight savings time on the east coast? Ellen
|
|||||||
|
|
|||||||
|
moderated
Event: Website outage #outage - Tuesday, 21 August 2018
#outage
#cal-invite
main@beta.groups.io Calendar <main@...>
Website outage #outage When: Description: At approximately 6:50am, the website started to become unresponsive. Internally, the web servers were rebooting because they were running out of database connections. I originally thought that this was a database issue, but after much investigation, I was able to track down the problem. A fix I pushed to the site yesterday afternoon affecting Chat was now causing database connections to leak. I have temporarily disabled the Chat function until I can fix the bugfix. Email delivery was not affected during this time. I will post a post mortem either later today or tomorrow, after I've reinstated Chat and had some time to consider what, if any, changes to make based on this outage.
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
Leeni
-------Original Message-------
Dear People,
I just read that Groups.io is down for maintenance. We were informed it will be back by 11 pm pacific time and 4 am UTC (? -- I don't know what that is).
So, 1) When will groups.io be back EST or daylight savings time?
2) Is it better to wait until the site is back up again before posting again? or does it not matter if one posts now and then the messages come through when the site is back up?
I hope this goes through
Ellen Moody
|
|||||||
|
|
|||||||
|
moderated
Re: Groups.io is down ...
Barbara Byers
This went through fine, and so did a couple of messages I just posted to my groups, so I believe whatever the issue is, it's not affecting everything. Barb
On 2018-08-21 10:25 AM, Ellen Moody wrote:
|
|||||||
|
|
|||||||
|
moderated
Groups.io is down ...
Dear People, I just read that Groups.io is down for maintenance. We were informed it will be back by 11 pm pacific time and 4 am UTC (? -- I don't know what that is). So, 1) When will groups.io be back EST or daylight savings time? 2) Is it better to wait until the site is back up again before posting again? or does it not matter if one posts now and then the messages come through when the site is back up? I hope this goes through Ellen Moody
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
Michael Capelle <mike.capelle@...>
I agree with this Mark.
From: Mark Fletcher
Sent: Monday, August 20, 2018 10:24 PM
To: beta@groups.io
Subject: [beta] Virus scanning Hi All,
I've been testing virus/phishing scanning the last few weeks and I'm pretty
confident that it's catching what it should. In testing, it's scanning all
emails, all uploaded files and photos. And right now, if the sender is not a
subscriber, it drops any emails it finds has a virus or phishing attack.
My default implementation would be to turn it on so that it blocks all
emails, files and photos that it finds has a virus or phishing attempt. Do you
see any reason to not do it this way?
The scanner I'm using is here: http://www.clamav.net/
Thanks,
Mark
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
I have mixed feelings on this. Will it be possible to disable the virus
scanning on individual groups. Yahoogroups had virus scanning (probably a far inferior system to what you are proposing) and we always disabled it. Apart from the odd occasion when members had their Yahoo emails hacked we never had any issues with viruses getting through. But my groups are private groups with membership needing to be approved. Maybe different for public groups. Likewise with my email, I have disabled the server side filtering and do it all myself with Mailwasher. Dave On 20 Aug 2018 at 20:24, Mark Fletcher wrote: My default implementation would be to turn it on so that it blocks all http://davesergeant.com
|
|||||||
|
|
|||||||
|
moderated
Re: Virus scanning
best Nick ___
dUNMUR | member of the AOP
|
|||||||
|
|