build-240815

deeztek · Sep 30, 2024 · e4a4acc · e4a4acc
1 parent 7673160
commit e4a4acc
Show file tree

Hide file tree

Showing 123 changed files with 13,928 additions and 3,622 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,7 @@
 <h1 align="center"> Hermes Secure Email Gateway </h1> <br>
 <p align="center">
-  <a href="https://www.hermesseg.io">
+  <a href="https://www.deeztek.com/products/hermes-secure-email-gateway/">
     <img alt="Hermes Secure Email Gateway" title="Hermes Secure Email Gateway" src="https://imgur.com/Qfzv1iZ.png" width="auto">
-
   </a>
 </p>
 
@@ -23,11 +22,7 @@
 
 ## About
 
-Hermes Secure Email Gateway is a Free Open Source Ubuntu Server based Email Gateway that provides Spam, Virus and Malware protection, full in-transit and at-rest email encryption as well as email archiving. It features the latest email authentication techniques such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance) in order to combat email spoofing, phishing, scams, email compromise attacks and spam.
-
-Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new and CipherMail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization.
-
-It can be deployed to protect your in-house email solution as well as cloud email solutions such as Google Mail and Microsoft Office 365.
+Hermes Secure Email Gateway is a Free Open Source Email Gateway that provides Spam, Virus and Malware protection, full in-transit and at-rest email encryption as well as email archiving. Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new and Ciphermail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization. It can be deployed to protect your in-house email solution as well as cloud email solutions such as Google Mail and Microsoft Office 365.
 
 ## Features
 
@@ -63,8 +58,6 @@ It can be deployed to protect your in-house email solution as well as cloud emai
 
 Hermes SEG can be easily installed in your existing **Ubuntu 20.04 LTS Server** machine by utilizing the **ubuntu_hermes_install.sh** script. The script requires that you have a fully updated Ubuntu installation and that you have a /mnt/data directory for database and email archive storage. **You must have at least 8 GB of RAM and 4 CPUs**.
 
-*** Plese note that Hermes SEG will NOT run in a LXC Environment ***
-
 **Required Information**
 
 The script will prompt you for the following information before it starts installation. Ensure you have that information available before you begin:
@@ -146,18 +139,17 @@ tmpfs           395M     0  395M   0% /run/user/1000
 ```
 
 Reboot and ensure /mnt/data gets mounted automatically
-
-**Quick script install and run instructions**
+## Quick script install and run instructions ##
 
 Git clone the Hermes SEG repository:
 
-`sudo git clone https://github.com/deeztek/Hermes-Secure-Email-Gateway.git`
+`sudo git clone https://gitlab.deeztek.com/dedwards/hermes-seg-18.04.git`
 
-This will clone the repository and create a Hermes-Secure-Email-Gateway directory in the directory you ran the git clone command from.
+This will clone the repository and create a **hermes-seg-18.04** directory in the directory you ran the git clone command from.
 
-Change to the **Hermes-Secure-Email-Gateway** directory:
+Change to the hermes-seg-18.04 directory:
 
-`cd Hermes-Secure-Email-Gateway/`
+`cd hermes-seg-18.04/`
 
 Make script executable:
 
@@ -169,11 +161,11 @@ Run the script as root:
 
 ## Getting Started Guide
 
-Ensure you follow the [Getting Started Guide](https://docs.deeztek.com/books/hermes-seg-administrator-guide/page/getting-started) to get your Hermes SEG installation configured quickly and correctly. 
+Check out our [Getting Started Guide](https://docs.deeztek.com/books/hermes-seg-administrator-guide/page/getting-started) to get your Hermes SEG installation configured quickly.
 
 ## Documentation
 
-Check out the [Hermes SEG Administrator](https://docs.deeztek.com/books/hermes-seg-administrator-guide) and [Hermes SEG User](https://docs.deeztek.com/books/hermes-seg-user-guide) guides
+Check out the [Hermes SEG Administrator Guide](https://docs.deeztek.com/books/hermes-seg-administrator-guide) and [Hermes SEG User Guide](hhttps://docs.deeztek.com/books/hermes-seg-user-guide)
 
 ## Support
 
@@ -183,13 +175,9 @@ Post your questions at:
 Chat with us on Matrix:
 [https://matrix.to/#/#hermesseg:matrix.org](https://matrix.to/#/#hermesseg:matrix.org)
 
-Chat with us on Telegram:
-[https://t.me/HermesSEG](https://t.me/HermesSEG)
-
 ## Bugs
 
-Bugs can be posted on Github Issues at:
-
-[https://github.com/deeztek/Hermes-Secure-Email-Gateway/issues](https://github.com/deeztek/Hermes-Secure-Email-Gateway/issues)
+Bugs can be posted on our Github Issues at:
 
+[https://gitlab.deeztek.com/dedwards/hermes-seg-18.04/-/issues](https://gitlab.deeztek.com/dedwards/hermes-seg-18.04/-/issues)
 
diff --git a/dirstructure/opt/hermes/conf_files/50-user.HERMES b/dirstructure/opt/hermes/conf_files/50-user.HERMES
@@ -110,13 +110,48 @@ $sql_select_white_black_list =
 #  . ' ORDER BY mailaddr.priority DESC';
 
 #$sql_select_policy = 'SELECT domain FROM domains WHERE CONCAT("@",domain) IN (%k)';
-#=== CLAMAV-UNOFFICIAL-SIGS CONFIGURATION ===
+
+#=== FANGFRISCH UNOFFICIAL SIGNATURES CONFIGURATION ===
 @keep_decoded_original_maps = (new_RE(
 qr'^MAIL$', # retain full original message for virus checking
 qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
+# qr'^Zip archive data',     # don't trust Archive::Zip
 ));
 
+@virus_name_to_spam_score_maps =
+   (new_RE(  # the order matters!
+     [ qr'^TwinWave\.'                                      => undef ],# keep as infected
+     [ qr'^MiscreantPunch\.'                                => undef ],# keep as infected
+     [ qr'^Structured\.(SSN|CreditCardNumber)\b'            => 2.0 ],
+     [ qr'^(Heuristics\.)?Phishing\.'                       => 2.0 ],
+     [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)'      => 10.0 ],
+     [ qr'^Sanesecurity\.(Malware|Badmacro|Foxhole|Rogue|Trojan)\.' => undef ],# keep as infected
+     [ qr'^Sanesecurity\.Phishing\.'                        => 6.0 ],
+     [ qr'^Sanesecurity\.Blurl\.'                           => 4.0 ],
+     [ qr'^Sanesecurity\.Jurlbl\.'                          => 2.0 ],
+     [ qr'^Sanesecurity\.Spam\.'                            => 2.0 ],
+     [ qr'^Sanesecurity\.SpamL\.'                           => 2.0 ],
+     [ qr'^Sanesecurity\.Junk\.'                            => 4.0 ],
+     [ qr'^Sanesecurity\.Scam4\.'                           => 2.0 ],
+     [ qr'^Sanesecurity\.'                                  => 0.1 ],
+     [ qr'^Sanesecurity.TestSig_'                           => 0   ],
+     [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0   ],
+     [ qr'^BofhlandMW\.'                                    => undef ],# keep as infected
+     [ qr'^Bofhland\.Malware\.'                             => undef ],# keep as infected
+     [ qr'^Bofhland\.'                                      => 2.0 ],
+     [ qr'^winnow.malware\.'                                => undef ],# keep as infected
+     [ qr'^winnow\_'                                        => 2.0 ],
+     [ qr'^PhishTank\.Phishing\.'                           => 6.0 ],
+     [ qr'^Porcupine\.Malware\.'                            => undef ],# keep as infected
+     [ qr'^Porcupine\.'                                     => 2.0 ],
+     [ qr'^Email\.Spammail\b'                               => 2.0 ],
+     [ qr'^Safebrowsing\.'                                  => 2.0 ],
+     [ qr'^winnow\.(phish|spam)\.'                          => 2.0 ],
+     [ qr'^SecuriteInfo.com\.Phish'                         => 6.0 ],
+     [ qr'^SecuriteInfo.com\.Spam'                          => 2.0 ],
+     [ qr'^MBL_'                                            => 4.0 ],
+   ));
 
 #=== BANNED FILE CONFIGURATION BELOW ===
 $banned_filename_re = new_RE(

diff --git a/dirstructure/opt/hermes/conf_files/clamd.conf.HERMES b/dirstructure/opt/hermes/conf_files/clamd.conf.HERMES
@@ -32,7 +32,6 @@ MaxHTMLNoTags 2M
 MaxScriptNormalize 5M
 MaxZipTypeRcg 1M
 ScanSWF true
-DetectBrokenExecutables false
 ExitOnOOM false
 LeaveTemporaryFiles false
 IdleTimeout 30
@@ -44,7 +43,6 @@ CommandReadTimeout 5
 SendBufTimeout 200
 MaxQueue 100
 ExtendedDetectionInfo true
-ScanOnAccess false
 AllowAllMatchScan true
 ForceToDisk false
 DisableCertCheck false
@@ -75,20 +73,5 @@ ExcludePUA PUA.Win.Trojan.Molebox
 ExcludePUA PUA.Win.Packer.Upx
 ExcludePUA PUA.Doc.Packed
 #HERMES CONFIGURATION BELOW
-Scan-Mail
-Scan-Archive
-Archive-BlockEncrypted
-Scan-PE
-Scan-OLE2
-OLE2-BlockMacros
-Scan-PDF
-Scan-HTML
-Algorithmic-Detection
-Scan-ELF
-Phishing-Signatures
-Phishing-ScanURLs
-Phishing-AlwaysBlockSSLMismatch
-Phishing-AlwaysBlockCloak
-Detect-PUA
-HeuristicScan-Precedence
+HERMES_ANTIVIRUS_SETTINGS_GO_HERE
 #HERMES CONFIGURATION ABOVE
diff --git a/dirstructure/opt/hermes/email/hermes_top_banner_email.png b/dirstructure/opt/hermes/email/hermes_top_banner_email.png