We plan to add Suricata 7 with enabled JA3, but before we can add this, we need full rust compiler support with changed dependency handling. Because default rust-cargo will download every dependency from net while compiling which ends in non consistent builds.
Michael is working on rust. I think it need some time but it should ready soon.
Generally speaking, malware still has a heavy presence in email delivery. Do everything you can there:
enable SPF, DKIM, ADSP, DMARC
cloud-based spam/virus filtering before it hits your mail server
client-based A/V
In web browsers, use a filtering extension like U-block Origin.
It’s configured pretty well out of the box. I don’t mess with the settings except maybe at home on my personal machine where I have time to fix things if they break.
just a minor comment on this snippet from a postmaster’s point of view: It is not always necessary to move your mail infrastructure to the cloud, or use something cloud-based in front of it. (Actually, some folks recommend using your own mail server whenever possible…)
Basically, the content scanner working in the IPFire project’s mail infrastructure is just a tuned rspamd, combined with a good acceptable use policy. Works pretty well so far, spam messages rarely make it through.
As a privacy guy, I love the fact that we do not have to expose our mail traffic in general to any 3rd party.
makes me uncomfortable
