1/10/2007 New in Version 4.64.3-1
=================================
* New Features and Improvements *
1 The MailScanner book is now also available for purchase from the EU with
much lower shipping costs. Go to www.lulu.com/mailscanner.
1 Solaris check_mailscanner code now uses pgrep.
1 "MailScanner -v" now lists version of Date::Parse which was missing.
1 Added "$datenumber" to the inline spam warning report.
1 "MailScanner --lint" now checks your %org-name% to ensure it only contains
safe characters (i.e. a-z, A-Z, 0-9 and -).
1 Added "allow" rule to filename.rules.conf for the XML filenames inside
Microsoft Office 2007 (e.g. *.docx) files which are actually archives.
1 F-Prot-6 autoupdater improved to tell you whether it actually downloaded
a new virus signatures file or not.
1 Tar distro now includes ChangeLog.
1 "Treat Invalid Watermarks With No Sender as Spam" can now be set to a number
greater than zero. This value will be added to the spam score.
1 Watermark spam header reports refer to them as "watermarks" and not
"null headers" as that is easier to understand.
2 Changed the default value "ClamAV Full Message Scan = yes". It has a slight
speed impact, but is worth it for the extra spam-spotting ability, especially
if you are using any extra ClamAV additional databases of spam signatures.
3 Changes required for MailWatch v2. Provided for Steve Freegard.
* Fixes *
1 Now set the umask of the directory into which the TNEF attachments are
unpacked by the external TNEF expander. Thanks to derek@csolve.net.
1 Fixed bug which caused crash when using a ruleset on "Filename Rules" setting
when the file listed in the ruleset does not exist. Thanks to Ugo Bellevance.
1 Added line to stop EOCD Format errors being output in UnpackZip. Thanks to
Rick Cooper.
2 Added fix to reported spam scores in some messages sent to multiple
recipients. Provided by Derek Buttineau.
4/9/2007 New in Version 4.63.8-1
================================
* New Features and Improvements *
1 Improved init.d script, so that 'service MailScanner restart' or
'/etc/init.d/MailScanner restart' runs faster. It pauses for just long
enough for the old MailScanner to die gracefully, and starts up the new one
as soon as the old one has died. Previously, it just waited for a fixed
length of time which was much longer than needed for most people.
1 Improved tar installer so the directory created for MailScanner includes the
build revision number as well as the main version number.
1 Improved phishing net logging to log entire real URL not just hostname.
1 Improvement to update_spamassassin to stop cron-generated mail.
1 New setting "Phishing Bad Sites File" which is a live continuously-updated
list of known bad sites that have been reported to various mechanisms around
the world. Please don't ask me for more information as I can't give it to
you, but every site on the list has been manually tested and the list can be
relied upon. Your installation should update this file every hour.
NOTE: Run upgrade_languages_conf after installing this upgrade!
2 Reduce default "Restart Every" time to 2 hours so that updates to the
known bad phishing sites list are re-read more frequently.
2 Added *.fdf to the list of dangerous filenames. Opening a .fdf file can
cause the loading of any file on the internet into Adobe Acrobat.
2 Added 2 new variables to the sender reports: $size = size of message in bytes
and $maxmessagesize = maximum allowed size of this message in bytes.
2 Added new setting "Check Filenames In Password-Protected Archives = yes" so
that the filename checks can be suppressed on encrypted archives to allow
a few people to get exe's and so on through the mail as part of their
business needs. Normally leave this setting at "yes".
2 Added new setting "Include Binary Attachments In SpamAssassin = no" which
can be used to tell SpamAssassin to look at all attachments, not just the
ones containing text (or HTML, etc) which is its normal behaviour.
Changing this setting to "yes" will have no effect without a patch to the
SpamAssassin code, which you can fetch from
http://www.mailscanner.info/mcp.html#patches
It will slightly slow down SpamAssassin some of the time, and is therefore
disabled by default.
This can be very useful if you want to look for rude or derogatory content
in messages, and do not want the huge speed impact of using MCP. It can
successfully scan the content of Microsoft Word documents, for example. It
won't be effective on PDF files however, as these are compressed internally
so there is no readable text anywhere in the file.
3 Added a long $PATH to f-prot-autoupdate so we can find wget on most OS-es
including Solaris.
3 Improved Sophos.install to disable the savupdate cron job and switch off
the unwanted Sophos services.
3 Added a feature to the "SpamAssassin Rule Actions". You can now specify
"SpamScore" and a number comparison, instead of just giving a SpamAssassin
rule name. So you can say
SpamAssassin Rule Actions = SpamScore>25=>delete
and this will cause all messages scoring over 25 to be deleted. You can use
this to set different actions at different spam scores, in addition to the
normal spam actions and high-scoring spam actions. The numerical tests you
can use are ">", ">=", "==", "<=" and "<".
4 The "action" in each "RULE=>action" in "SpamAssassin Rule Actions" can now
be a comma-separated list of actions, so you can easily specify multiple
actions per rule.
6 Added support for F-Prot version 6. Must be specified by
"Virus Scanners = f-prot-6" in MailScanner.conf.
* Fixes *
1 Improvement to phishing net to allow HTML tags with contents split over
multiple lines.
1 Changed options to ClamAVmodule so it doesn't hit false positives with the
phishing and scam email detection signatures.
1-2 Fixed bug where --lint gives "MailScanner.conf file not found" error.
2 Stopped writing a PID file when "MailScanner --lint" is run.
2 update_spamassassin no longer produces any output, so no crond email.
2 Fixed bug where clamavmodule scanner name wouldn't always be logged correctly.
2 Bugfix in ZMDiskStore.pm ZMailer support from Leonardo Helman.
3 Force installation of perl-Getopt-Long to try to solve the problems with
command-line options producing 'config file not found' errors.
3 Commented out sample rules in max.message.size.rules file.
3 Fixed MailScanner.conf Sophos-specific settings for Sophos 5.
5 Fixed problem where MTA=sendmail would cause ruleset to not be used on
Sendmail2 setting.
8 Fixed bug when specifying multiple actions in "SpamAssassin Rule Actions"
for one rule name.
1/8/2007 New in Version 4.62.9-3
================================
* New Features and Improvements *
1 Improved non-Linux installer.
1 Improved Linux installer.
1 Updated OpenBSD installation guide. Thanks to Jeremy Evans for this.
1 Upgraded MIME::Base64 to 3.07.
1 Improved error reporting for clamd permissions problems. Thanks Rick.
2 Added SAUPDATEARGS to /etc/sysconfig/MailScanner and
/usr/sbin/update_spamassassin. For a good use of this, see
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt and search
for "HOWTO" in the Subject: line of the MailScanner-discussion list archive.
This process replaces RulesDuJour entirely.
Another good ruleset to add to your setup is
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
To download this automatically every night, fetch
http://www.mailscanner.info/files/4/KAM.cf.sh and put it in /etc/cron.daily
and make it executable (type "chmod +x /etc/cron.daily/KAM.cf.sh").
3 Added "Known Web Bug Servers" so you can blacklist images from known servers
of web bug services.
3 Added functionality of "milter-null" to MailScanner so you no longer need to
run this separately. It is called "Watermarking" and there is a whole
section for the settings in MailScanner.conf. They are
Add Watermark = yes
Skip Spam Checks If Watermark Valid = yes
Watermark Header = MailScanner-%org-name%-Watermark:
Watermark Lifetime = 432000 # in seconds, = 5 days
Watermark Secret = SET-THIS-TO-A-SECRET!
Also added Digest::MD5 to the required list of Perl modules, this is needed
for the watermarking code.
3 Added optional image to the clean message signature. You can also use this
to add an arbitrary image attachment to any message, if you so wish. The
main point is to be able to have graphical HTML signatures on messages.
The settings are
Attach Image To Signature = no
Attach Image To HTML Message Only = yes
Signature Image Filename = %report-dir%/sig.jpg
Signature Image ![]()
Filename = signature.jpg
4 Added support for Kaspersky kav4fs. Set virus.scanners.conf entry to
point to /opt/kaspersky.
4 Changed default value to "Max SpamAssassin Size = 100k" as modern PDF spams
are getting quite large, and PDFInfo.pm doesn't work with cropped messages.
4 Improved Clamd parser to handle Sane Security ClamAV signature databases
which detect spam and so on from the contents of the headers, and hence
find infections without attachment filenames. Thanks to various people for
help with this, you know who you are :-)
4 Improved upgrade_MailScanner_conf so that it checks that the 'Monitors for
ClamAV Updates' setting looks for inc and cvd files. Problems have recently
been suffered by many due to the value of this setting being out of date.
It doesn't automatically re-write their setting in case they have installed
ClamAV somewhere odd and have customised it.
4 Changed 'Monitors for Sophos Updates' setting default value to point to
appropriate file for Sophos version 5 and upwards, and have added check
in upgrade_MailScanner_conf to ensure their setting now points to a new
location. It prints a warning if sophos-av does not appear in the path.
4 Added configuration setting "SpamAssassin Rule Actions". This setting is
very powerful and can be used to implement many things that MCP can do,
without having the processing overhead of MCP. The documentation for it is
in the MailScanner.conf file. Its power is limited by your imagination :-)
Start combining it with rulesets and you can take (or _not_ take) any
combination of actions dependent on any bit of content in the message or its
headers. You could try out new SA tests by storing in quarantine every
message that matches a new particular SpamAssassin rule (or meta-rule for
creating more complex expressions).
5 Added "custom" spam action, which takes a parameter. This is passed into the
CustomAction function in CustomAction.pm in the CustomFunctions directory.
This can be used to implement anything your heart desires, depending on the
contents of a message.
7 When clamav, clamavmodule or clamd parsers are being used and new setting
"ClamAV Full Message Scan" is set to "yes", pass each of the entire
messages to ClamAV as well as the attachments so that the signatures that
detect spam can work reliably. This is set to "no" be default as it has a
speed impact.
7 The watermark options have been tweaked and renamed a bit, and one new
feature has been added. "upgrade_MailScanner_conf" will show you the renames
and the new feature is designed to save resources on sites with more than
1 MailScanner. Currently, if you have a message delivered to a secondary MX
(with MailScanner) which relays mail to the primary MX (also with
MailScanner) for delivery to users' mailboxes, the spam checks will be
done twice; this is a waste of resources. The new setting "Check Watermarks
To Skip Spam Checks = yes" will remove this waste by skipping the spam
checks on the primary MX as the secondary has already done them.
7 "Virus Scanners = auto" will detect multiple types of ClamAV installed and
tend towards the most useful one. It will use clamd else clamavmodule else
clamav. This helps if you have all 3 installed, which is quite likely.
8 Greatly improved "MailScanner --lint". It now actually tests every virus
scanner that you have installed, and checks that they can successfully scan
a message containing the Eicar test-virus pattern. It reports the results
from each scanner and warns you about checking any that are not reported.
9 Added check to "MailScanner --lint" to check envelope_sender_header in
spam.assassin.prefs.conf is correct and matches MailScanner.conf.
9 Added new setting "Use Watermarking = yes" to give overall control of all
watermarking features.
9 Fixed error with "MailScanner --lint" when not using sendmail.
* Fixes *
2-2 Fixed error in RPM installer.
2-3 Fixed error in update_spamassassin.
3-2 The watermarking code should do something now :-)
3-3 Rewrote the watermarking docs so they reflect the truth.
4 --lint now reads all the Custom Functions properly.
4 Bug in auto-zip fixed where attachments could be deleted without being
added to zip. Thanks to Matt Hampton.
4 Bug with '-' in HTML attribute names confusing phishing net fixed. Thanks
to John Wilcock.
5 Fixed 2 bugs in MSRBL clamav-signature handler. Thanks to UxBoD.
6 Fixed bug from October 2006 involving McAfee finding infections in headers.
7 Fixed bug when unpacking TNEF files with external decoder.
7 Fixed 'monitor files' check in upgrade_MailScanner_conf so it doesn't check
inadvertently when doing an upgrade_languages_conf.
7-3 Fixed bug in full message file creation in scanning dir as permissions
were wrong.
9 Added use POSIX to top of MessageBatch.pm so WNOHANG is defined.
2/7/2007 New in Version 4.61.7-2
================================
* New Features and Improvements *
1 Direct support for the "clamd" virus scanner -- now talks directly to the
clamd daemon without any overhead of calling clamd-wrapper or clamdscan.
As a result, this should be faster than the previous clamd support.
It also has a much smaller memory footprint than the "clamavmodule" scanner.
This is all thanks to Rick Cooper who wrote the original code.
New configuration options are
- Clamd Port = 3310
- Clamd Socket = /tmp/clamd
- Clamd Lock File = /var/lock/subsys/clamd
- Clamd Use Threads = no
The use of these settings is explained in the MailScanner.conf file.
2 Changed session handling in direct clamd virus scanner support.
3 'MailScanner --lint' now finds clamd virus scanner.
3 Made clamd subsys lock file blank by default, so it works on non-Linux
systems.
3 Added another example to the Allowed Sophos Error Messages setting for
password-protected files.
4 Renamed "sa-update" command and cron job to "update_spamassassin".
4 Added ability to easily disable update_virus_scanners script.
4 Added conditional call to sa-compile to update_spamassassin cron job.
4 Added to $PATH in update_phishing_sites for Solaris 10 locations.
5 Watermarking functionality has had to be withdrawn due to patent issues.
Sorry about this, but it would cause huge problems in the USA where
software patents are legally enforceable and it would cause problems with
including patented code in GPL software too.
6 Added facility to change SpamAssassin's temporary working files directory,
using the new option 'SpamAssassin Temporary Dir'. By default this is put
under the Incoming Work Dir location, as that is (hopefully) mounted using
tmpfs. If an attempt to use this directory fails, it reverts to /tmp.
7 Fixed bug in finding PERL5LIB in installers. Thanks to Sean Coleman.
* Fixes *
2 Fixed bug in auto-zip feature with a message containing 2 attachments with
the same filename.
2 Fixed bug in auto-zip feature that would allow zipping of an attachment
which had been cleaned out of the message.
3 Fixed "identified/found" bug in AVG parser.
3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper.
3 Fixed bug in Postfix handler which caused a problem with empty messages.
4 Fixed bug in SuSE init.d script stopping MailScanner reload working properly.
4 Changed method for getting MCP to decode binary attachments (the interesting
ones have "application" in their MIME type). New patch for SpamAssassin 3.2.1
Util.pm required now. No other SpamAssassin patches required at all.
4 Added definition of "noticesizeinfected" to languages.conf.
4 Added speedup (courtesy of Glenn Steen) to the new Postfix milter support.
4 Fixed rare bug in Postfix milter header support (from Glenn Steen).
5 Fixed problems with /usr/sbin/update_spamassassin not calling sa-update.
7 Removed second delay from update_spamassassin as one already exists in the
cron job.
1/6/2007 New in Version 4.60.8-1
================================
* New Features and Improvements *
1 Improved Sophos.install script so that it sets up /etc/ld.so.conf ready for
installation of Perl-SAVI module required for "sophossavi" virus scanner.
1 Custom Functions can now receive parameters not only to their Init and End
functions, but also to their run-time calculation functions (i.e. the real
custom function itself used when processing each message). The Custom
Function is now passed not only the message, but also a ref to a list of
parameters specified in the MailScanner.conf file.
1 Improvement to phishing net.
1 'clamavmodule' scanner no longer detects encrypted zips/rars as viruses,
leaving MailScanner to do the check later in the dangerous content scanning.
The consequence is that MailWatch will allow them to be released from
quarantine.
2 Updated a whole load of Perl modules in the pre-requisites lists for both
MailScanner and SpamAssassin.
2 Added a "--nomodules" command-line option to the MailScanner install.sh
script to skip installing required Perl modules.
2-2 Fixed bugs introduced by 4.60.2 in generic installer. Only affects 'other
Linux and non-Linux' installer.
2-4 Fixed more non-Linux installer problems.
4 Added more modules to the list output by "MailScanner --version".
4 Improved phishing net detection of HTML tags, courtesy of snifer_@hotmail.com.
4 Added patches to provide full "p record" support in Postfix 2.3 and 2.4,
courtesy of Glenn Steen .
5 Added a new feature, to compress all the attachments in a message and
replace them with a single zip file.
Set "Zip Attachments = yes" (no by default), and
set "Attachments Zip Filename = MessageAttachments.zip"
6 Added 2 new configuration options for the "Zip Attachments" feature:
Attachments Min Total Size To Zip = 100k
Attachment Extensions Not To Zip = .zip .rar .tgz .gz .mpg .mpeg .mp3 .rpm
Hopefully these are fairly self-explanatory.
* Fixes *
1 Phishing net now correctly handles HTML tags inside links.
1 Deprecated clamscan flag replaced with supported one to stop it printing
the summary.
1 Added '-b' to nod32-1.99 command-line options in SweepViruses.pm to stop
scanner producing licensing details. Thanks to UxBoD.
1 Removed test in RPM distribution's test for RedHat 6 as it will clash with
RHEL 6 and Fedora. Anyone still running RedHat 6 has bigger problems! :-)
1 Worked round Perl bug in returning number of RBLs hit by a message.
1 Fixed problem causing some password-protected RAR archives to be missed.
3 Fixed bug introduced in earlier beta in RBL code.
6-2 Patch to Exim to handle named ACL variables as well as numbered ones.
Courtesy of Maarten Vink.
7 Added v320.pre to mcp directory.
7 Postfix 2.3/2.4 patch fix.
1/5/2007 New in Version 4.59.4-2
================================
* New Features and Improvements *
2 Changed locations monitored for ClamAV updates to fit new ClamAV 0.9 layout.
2 Added support for clamdscan and clamd. Use "Virus Scanners = clamd".
3 Changed check ordering so that mail from blacklisted addresses is still
marked as spam even its size exceeds the max spam message size check.
3 Improved detection of empty --- behave as before
trackback --- get n bytes then backtrack looking for the start
of the attachment we are in the middle of.
continue --- get n bytes then continue up to a maximum
of m extra bytes looking for the end of
the attachment we are in the middle of.
5 Upgraded to tnef version 1.4.3.
5 Upgraded Archive::Zip to 1.16. Builds properly on x64 architectures.
* Fixes *
1 When 'Outgoing Queue Dir' was changed from the default, kicking sendmail
into attempting delivery of a new processed message in the outgoing queue
would just wait for the next regular run of the queue. Now fixed so that
a delivery attempt is made immediately. This fix only affects users who
have changed the "Outgoing Queue Dir" setting and who are also using
sendmail as their MTA.
2 Missed 2 "defined" checks on variables before using them.
Thanks to Andy Kirkpatrick for spotting that one.
2 Fixed version number check.
3 Fixed output bug in less strict phishing net. Does anyone use this?
3 Fixed bug in Sendmail KickMessage() function. Thanks to Martin Billy.
4 Removed Postfix 2.3 extra, and reverted to simple regexp as Holger's version
is buggy (mismatched ')').
5 Changed number of viruses found reported to be max of each AV package's value.
6 Rewrote logic of addenvto so it should now work correctly when the setting
is blank.
6 Put in new version of Postfix 2.3 regexp.
8 Fixed error when using k, m or g multipliers in Max SpamAssassin Size.
1/8/2006 New in Version 4.55.9-1
=================================
* New Features and Improvements *
1 Added educ.ar and uba.ar to country.domains.conf for less strict phishing net.
1 Code tidy up in Message constructor.
1 Speed improvements to ZMailer attachment extraction to keep up with the
other MTAs.
1 "Log Speed = no" now does what it says on the tin. (UK in-joke :-)
1 Added "stopms" option to Linux init.d scripts.
1 Improved behaviour when %percentvars% at start of MailScanner.conf have not
been configured at all. It now uses the fully-qualified hostname to guess
the domain name and website address. It used to refuse to run which was
very impolite.
1 Added Sys::Hostname::Long to list of required modules to implement the above.
2 Documentation rationalisation. Most up to date versions are all on the web.
3 Now output lock type in use with "--lint".
4 Improvement to Sophos.install for Sophos Version 5 so that email logging is
disabled.
4 Now use syslog "notice" priority instead of "info" when issuing messages
that are nearly warnings. This helps you drastically reduce the amount of
syslog output by just logging priorities greater than or equal to "notice".
5 Added a "Contact Us" web page instead of just a mailto: link.
6 Improved Help guidance in Contact Us web page.
6 New command-line option: "-c" or "--changed".
This will print out a table of all the configuration settings that have
been changed from the default values hard-coded into MailScanner. Note
this may not be quite the same as the differences from the supplied
default MailScanner.conf file.
6 Updated hard-coded defaults to better match MailScanner.conf settings.
6 Improved handling of broken Custom Functions. Having a broken Custom
Function will now just result in the setting's default value being used.
7 Bugfix for "--changed" printing when using Custom Functions.
8 Improved syslog-ing code so it doesn't matter is syslogd dies.
8 Upgraded DBD-SQLite to version 1.12 as it builds a lot more easily.
8 Improved handling of Postfix virtual users. Thanks to jpabuyer@tecnoera.com.
9 Added catch to commercial virus scanning code to allow syslogd to die during
a virus scan.
9 Improved speed logging to remove chatter.
9 Upgraded Sys::Syslog to 0.17 which builds okay, unlike 0.16.
9 MCP timings are no longer output if MCP checks are disabled.
* Fixes *
1 Put back in the checks of free disk space that were in 4.53.1 but then lost.
1 Fix in check_MailScanner for MacOSX.
3 Default lock type for sendmail is now posix, as it should be.
4 Fix to phishing net so that links to "www.domain.com." are accepted as legal.
6 Fixed problem with dangerous filenames in TNEF archives when using the
external TNEF expander.
8 Fixed problem with long SpamAssassin report in report files getting truncated
at % signs.
8 Fixed phishing net problem with some cases of outbind://\d+/.... URLs.
9 Stopped logging code producing ridiculous numbers.
9 Improved Denial-of-service attack detector to handle multiple virus scanners
more quickly. Now clears detection in 2 x Virus Scanner Timeout, as expected.
9 Fixed minor bug in TNEF handling of bad messages.
9 "service MailScanner reload" should work properly now.
27/5/2006 New in Version 4.54.6-1
=================================
* New Features and Improvements *
- sa-update cron job disabled by default
- Support for Sophos version 5. This just requires new sophos-autoupdate and
sophos-wrapper. There are no changes to the core MailScanner code.
- The Sophos.install script is not needed for version 5 of Sophos. But it
won't do any harm and will print some useful information on how you
should configure it, and it will make its best attempts to update the
virus.scanners.conf file to point to your new version 5 installation.
So I would still strongly advise that you run Sophos.install to install
Sophos, even with version 5.
- When the SpamAssassin cache is being used, the phrase "cached" or "not cached"
is added to the start of the SpamAssassin detailed report in the headers.
These words are defined in the languages.conf file so you can change them to
anything you like, and translate them into your local languages. Please post
all translations back to me for inclusion in the standard distribution.
- Added a reference to the message batch in the call to look up "lastafterbatch"
so that MailWatch can get the batch statistics.
- Updated loads of Perl modules to more modern versions where there have been
any significant updates to them. Minor doc and test tweaks have been ignored.
- Updated many Perl modules in ClamAV+SA easy-to-install package.
- ClamAV+SA package does not add extra loadplugin lines if they are already
present in the init.pre and v310.pre files.
- Added more examples to /etc/MailScanner/rules/README to show all of the
allowed formats of a numerical IP address range.
- Upgraded to Filesys::Df 0.90.
- Added Spanish translation of rejection.report.txt. Thanks to Leonardo Helman.
- Improved filetype rule for scripts so it doesn't accidentally trigger on
JPEG images with full metadata tags.
5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS.
5 Improved handling of Unicode encoded subject lines with a few trailing spaces.
5 Fresh translation of German languges.conf file.
* Fixes *
- Fixed bug in output formatting of phishing net. This could leave HTML links
open.
- Fixed major problem with Web Bug processor.
- Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to
James for this fix and his patch.
5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5.
5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets.
6 Fixed packaging error with perl-Net-IP.
5/5/2006 New in Version 4.53.8-1
================================
* New Features and Improvements *
- Attachment extraction now checks for available disk space and a DoS attack
using messages with high expansion ratios will fail even quicker than it
did before.
- Added new setting "SpamAssassin Local State Dir" to support the sa-update
tool provided with MailScanner these days, to provide a way of auto-
updating the core SpamAssassin rulesets. The default value is set to what
you need for Linux (/var/lib).
- Added new cron job to run sa-update every night. The location of the
sa-update program is read from /etc/sysconfig/MailScanner.
- Added support for new header -H file format in Exim 4.61.
- Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to
enable unpacking of gzip-ed files for filename and filetype checking.
Even if this is disabled, gzip-ed files will still be virus scanned.
- Added support for numerical entries in phishing.safe.sites.conf file.
- Added support for optional multipliers in numbers in MailScanner.conf.
So you can now write "50M" instead of "50000000". The multipliers supported
are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9)
in upper or lower case.
You must *not* put any spaces between the number and the multiplier character.
- Added a new configuration option "Ignored Web Bug Filenames". This allows
you to whitelist a bunch of filenames that can appear in the URLs of
potential web bugs. So if you decide that all potential web bugs with
"spacer" or "pixel.gif" in the filename are just padding for page layout,
then you can make it ignore them by adding them to this list. A sample
list is provided in MailScanner.conf.
This is disabled by default, as spammers may start to use this as a means
of circumventing the Web Bug trap.
- When Web Bugs are disarmed, the URL used to replace the original web bug
can now be set using the new configuration option "Web Bug Replacement".
If this is not specified, then the old value of "MailScannerWebBug" is used.
The default value supplied in the MailScanner.conf file is the address of
an untracked 1x1 pixel transparent gif (51 bytes) hosted on the MailScanner
web site. This will not be tracked other than to supply an overall count of
the number of hits this image gets, for overall statistical purposes.
- Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA
easy-to-install package, due to the recent change in licence. Now if DCC
could go the same way...
- Updated Catalan translations.
* Fixes *
- Fixed bug in DoS attack handler. Thanks for Jorge for this.
- Commented out setting of "SpamAssassin Local State Dir" in MailScanner.conf.
- Reorganised logic of phishing net to improve reliability and performance.
1/4/2006 New in Version 4.52.2-1
=================================
* New Features and Improvements *
- Added 2 new settings and another configuration data file.
You can now set "Use Stricter Phishing Net = no" which will make the
phishing net just check the name of the company owning the website, along
with any country code of course. There is a configuration file containing
a list of all the 2nd and 3rd level domain names in use by all countries,
it lists domain endings such as "org.uk" which are used by a country to
describe a whole type of websites within their country. So if the website
is "www.hello.company.com" it knows to check just company.com, whereas
given "www.byebye.charity.org.uk" it will check charity.org.uk.
The configuration file "Country Sub-Domains List" lists all the entries
required for this to work in any country, 1 per line. You shouldn't need
to touch this file.
11/3/2006 New in Version 4.51.6-1
=================================
* New Features and Improvements *
- Syntax checking of Spam Actions (and its brothers) at run time.
Message will be delivered if an error is found.
- Improved detection of Solaris GCC in the installers.
- New option "Use TNEF Contents" allows you to add the contents of winmail.dat
attachments to messages in TNEF format. This means that users not running
Microsoft Outlook can read attachments put there by badly-configured
Outlook or Exchange systems. Valid values are "no", "add" or "replace" which
do pretty much what they say. Explanations are in MailScanner.conf.
- Improved PID handling in sendmail on SuSE systems.
- Improved logging of overall batch timing.
- When headers are modified (e.g. Subject: line tagging), all occurrences
of the header are modified, not just the first one. Thanks to ian@blenke.com
for this patch.
* Fixes *
- "Use TNEF Contents = replace" didn't work in release 4.51.4. Fixed.
- Important fix for "Use TNEF Contents = replace" when processing messages
containing delivery reports.
2/2/2006 New in Version 4.50.15-1
=================================
* New Features and Improvements *
- Speed increased significantly! Caches SpamAssassin results.
Note you need to run my install.sh script to get the new modules required.
- If "Virus Scanners = auto" (ie. the installed default value) then it
searches for and uses every available installed virus scanner.
- Added SpamAssassin cache analyser (analyse_SpamAssassin_cache) to the
distributions. 99% written by Steve Freegard of MailWatch fame.
- Upgraded ClamAV+SA bundle to ClamAV 0.88.
- Added default headers that Thunderbird 1.5 will use to automatically
identify spam based on SpamAssassin's spam headers.
- Added UU-decoder to automatically extract files from attachments that were
stored in uu-encoded form. This behaves similarly to the zip and rar
decoders. The virus scanners should check inside these files for themselves
anyway, but this assists them when they do not. It also allows for filename
and filetype checking of files stored in uu-encoded attachments.
- Added configuration option "Find UU-Encoded Files" to set whether uu-encoded
files are decoded or not. These files are very rarely used, and the
overhead of finding them is fairly large as it involves reading all
existing attachments looking for the signature of them. So the default is
to not look for them. A ruleset can be used to protect particularly
vulnerable recipients or senders.
- You can now start up MailScanner without changing MailScanner.conf at all.
It will auto-detect SpamAssassin and all available virus scanners.
- Changed default setting to "Use SpamAssassin = yes" and now auto-detect
installation of SpamAssassin, logging installation instructions if
it is not already installed and working.
- Added DBI and DBD::SQLite Perl modules. Please use my install.sh scripts
when you upgrade or install this version.
- Added American spelling of "analyze_SpamAssassin_cache" as well as English
spelling of "analyse_SpamAssassin_cache".
- DBI installation is forced in RPM distributions.
- Improved RPM installer to handle DBI module dependencies better. It now
installs cleanly on the systems I have tested it on. These include Fedora
Core 3, Fedora Core 4, SuSE 9.3, SuSE 10, RedHat Enterprise 4.
- Made log warnings more obvious when DBI/DBD::SQLite/Digest::MD5 are not
all installed properly.
- Improved comments about "Allow Filenames" and "Allow Filetypes" in
MailScanner.conf.
- Improvement to F-Prot output parser to handle new strings.
- Changed filename/type traps to account for new vulnerability in TNEF files.
- Adapted trend-autoupdate for 2006 onwards.
- --help implemented so you can see how to use it now.
- --debug now written. Works just like "Debug = yes" in MailScanner.conf.
- --debug-sa now written. Works just like "Debug SpamAssassin = yes".
- --check ruleset-checker now written. Takes max 1 from address, multiple to
addresses, client IP address and virus name.
- Added a new command-line parameter "--lint" to verify the config file.
- --lint now prints what virus scanners you have chosen to use, and what
- --lint now checks SpamAssassin configuration too.
scanners it can find installed.
- Added hi-res timing so the batch speed timings are now displayed to micro-
second accuracy.
- Added Time::HiRes to the list of required modules. You must use ./install.sh
to upgrade to, or install, this version in order to get the new module.
Time taken to process the entire batch is logged, and time taken to do
"Always Looked Up Last" is logged separately if it is being used at all.
- Added check that MailScanner.conf has at least been customised to set the
organisation name, long name and web site.
- Added "SpamAssassin Cache Timings" configuration option for the few people
who need to adjust these settings. Do *not* change it unless you really
know what you are doing, the default settings will work nicely.
- Updated important perl modules.
- Removed duplicate logging of warnings about infected messages.
- Added detection of no virus scanners being installed, giving the user
advice about how to install ClamAV using my easy-installation package.
- Improved ClamAV+SA easy-installation package so that it automatically
enables the updates by commenting out the "Example" lines.
- Changed default Lock Type for sendmail to "posix" instead of "flock" as
new Linux systems (the most popular platform by far) run sendmail 8.13 or
later, which requires this to be "posix".
- Upgraded Sys::Hostname::Long and HTML::Parser in ClamAV+SA package.
- Disabled movie format "deny" rules in filetype.rules.conf and have enabled
filetype checking by default.
- Updated man pages.
- Updated AVG parser to handle latest version 7.1.
- Added "Always Looked Up Last After Batch" which is looked up after the
"Always Looked Up Last" option. The 2nd of those is looked up once for
each message, the "...After Batch" value is looked up once for the
entire batch. It is only intended for use with a Custom Function, its
value is ignored.
* Fixes *
- Improved reliability of Bayes rebuilds a lot.
- Force installation of DBI as previous versions cause problems.
- Removed broken patch I was given, which was temporarily in 4.50.
- Packaging bug in 4.50.9-1 fixed. MailTools version typo.
- Fixed bug where temporary files were not cleaned up properly.
- Fixed missing HTML-Parser 3.48 package.
- Added check for creation of SpamAssassin cache database file.
- Fixed problems with --lint when not run as root.
1/1/2006 New in Version 4.49.7-1
==================================
* New Features and Improvements *
- Speed improvements for sendmail systems by changing the
way temporary files are handled and how attachments are parsed. This
should be really noticeable if I've got it right.
Thanks for the great help of the Vodafone SHARK team.
- Added speed improvements for Exim.
- Added speed improvements for Postfix.
- Now changes the command line listed in `ps` (ie $0) to show what
MailScanner is doing. Should help diagnose slow system problems.
- 4 new configuration options, which list patterns against which filenames
and filetypes are matched to see if we should allow them or block them.
This is implemented for the benefit of web-based configuration systems for
MailScanner, it is not really intended for human use as it will complicate
the filename/filetype matching unless you understand it. Read the comments
in the MailScanner.conf and suggest better explanations!
"Allow Filenames", "Deny Filenames", "Allow Filetypes", "Deny Filetypes".
Note: There are 2 new entries in languages.conf so remember to
run an upgrade_languages_conf.
- Upgraded tnef program to 1.3.4.
- Added message 'actions' property for MailWatch reporting.
- Custom Function filenames must end in .pm or .pl. Others will be logged
and skipped.
- Various minor speed improvements.
* Fixes *
- Changed Postfix code to better support latest revision of Perl.
- Now stops MailScanner more reliably on SuSE systems.
- Logging of ![]()
tags only done if logging HTML tags.
- Fixed minor array ref problem in Perl 5.8.7 on FreeBSD 6.0.
1/12/2005 New in Version 4.48.4-2
=================================
* New Features and Improvements *
- Added a new configuration option "Reject Message". This is designed to be
used with a ruleset. Any message matching the ruleset will be deleted and
the "rejection.report.txt" email message will be sent back to the original
sender of the offending message. To save a copy of the message as well as
reject it, use the "Archive Mail" setting.
- Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now read by
SpamAssassin via a link called "mailscanner.cf" in the site_rules directory.
It is no longer read directly by MailScanner, it is just read by Spam-
Assassin during its normal initialisation process.
- Enabled blocking of messages containing web bugs. Note this may have some
false alarms, as a web bug is any image of 2x2 or smaller.
- Improved ClamAVmodule scanning by adding new suggestions from ClamAV author.
- Changed ClamAV parser to not generate warning output when it sees lines it
wasn't expected, as there are so many false positives that no-one ever
looks at them anyway.
- Improved Sophos wrapper script to allow for EM library installations.
No support for Sophos V5.0 yet.
- Upgraded ClamAV to 0.87.1.
- Added HTML::Parser to the list of Perl modules installed by my ClamAV+SA
package so it can be used separately from MailScanner, without needing
MailScanner to be installed first.
- Improved Clam+SA package and other installation scripts to create the soft-
link whenever possible.
- Rewritten comments at the top of spam.assassin.prefs.conf.
- Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode.
* Fixes *
- Added "report-type" MIME attribute to spam notification multipart/report
messages as the RFC says it should be there, and this lacking caused a
problem in a few email apps. Thanks for Georg@hackt.net for this.
- Added missing ", 0777" from mkdir call in internal TNEF code.
- Fixed startup problems reading rulesets from LDAP on first message batch.
- Subject lines are all MIME-decoded properly now.
1/11/2005 New in Version 4.47.4-2
=================================
* New Features and Improvements *
- Automatically updates your phishing.safe.sites.conf file with new additions
(and any subsequent deletions) from a master file I keep on
www.mailscanner.info. All your local changes and additions will be kept of
course, it will just add any new sites listed in my master list. If you want
to *not* list a site which is in my master list, just put a "REMOVE site.com"
line in your phishing.safe.sites.conf and that will make it ignore any
listing for site.com that appears in my master list.
Updates are done once per day.
- Quietened ClamAV log output when it scans 0-length files.
- Improved ClamAV+SA install.sh to add the 3 missing plugins to init.pre.
- Improved init.d scripts for RedHat and SuSE so they setup the queue dir
ownerships automatically and generally help new users get started without
them having to follow all the instructions to the letter.
- Added news about fire at ECS and moved all hosting out of Southampton.
* Fixes *
- Corrected rare problem where an empty X-MailScanner-SpamCheck header
could appear in a non-spam email.
- Problem with empty or null filename.rules.conf or filetype.rules.conf fixed.
- Problem with Max Attachments setting not be honoured fixed.
- Problem with "Highlight Phishing Fraud" being ignored fixed.
- Fixed problem where SuSE init.d script crept into RedHat distribution.
1/10/2005 New in Version 4.46.2-2
=================================
* New Features and Improvements *
- Improved phishing net JavaScript detection to make reports more sensible.
- Loads of additions to phishing net safe sites list (thanks Denis!).
- Improved Install-Clam-SA package so that it sets up your /etc/ld.so.conf
file for you, by adding /usr/local/lib if necessary.
- Increased the default expansion factor of archives for the clamav scanner.
- Removed -j3 from call to Kaspersky in kaspersky-wrapper, on advice from
Kaspersky users.
* Fixes *
- Fixed problem with a few TNEF files and the internal TNEF decoder,
caused occasional crashes.
- Fixed warnings with numeric tests in a couple of places.
- Tested against SpamAssassin 3.1.0, one minor problem found and fixed.
- Fixed minor bug in "actions" parser in ZMailer support code.
1/9/2005 New in Version 4.45.4-1
=================================
* New Features and Improvements *
- Added MCP patches for SpamAssassin 3.0.4.
- Added extra output about nodeps switch with install.sh for RPM.
- Added "no bytes" lines to cancel out "use bytes" as it causes problems
with multi-lingual subject lines.
- Improved phishing net so that when you have multiple MailScanner servers
all handling your incoming mail, links caught by the first one won't also
be caught by the following ones. This caused the final message to contain
multiple warnings about the same link. There is now just 1 warning.
- New "Quarantine Modified Body" setting, default is "no". This will cause
all modified messages to be quarantined, including messages which have
had their HTML disarmed. Also optimised this so it never archives twice.
- Added syslog-ing to BitDefender updater.
- Improved web bug handler when disarmed by multiple MailScanners.
- Added new configuration options to control whether you want to highlight
phishing fraud links or modify the subject line or both.
New options are :-
Highlight Phishing Fraud (= yes by default)
Phishing Modify Subject (= "{Fraud?}" by default)
Phishing Subject Text (= no by default)
- Phishing detection now handles URL's containing %xx characters pointing to
web site names with é in them (and characters written like that).
* Fixes *
- Corrected bayes_file_mode in spam.assassin.prefs.conf on advice from
Matt Kettler.
- 'MailScanner -v' now prints out the version number of Convert::TNEF.
- Group memberships problem on BSD fixed. Spam quarantine membership
should now always be correct on BSD systems.
- Tweaked ClamAV+SpamAssassin package so it skips the zlib-vcheck version
check, it doesn't appear to be important and holds up newbies, which is
a Bad Thing(TM).
1/8/2005 New in Version 4.44.6-2
================================
* New Features and Improvements *
- Published new version of the book, but advise you don't purchase until
3rd week of August so I get to check a copy off the press first.
- Optimised situation where spam archive is being kept clean but many
messages are being deleted. Thanks to yavor.trapkov@wipe.int for that.
- Improved logging to show what sort of HTML tags have been disarmed.
- Added "Scan Messages" option (intended to be a ruleset) which is an
easy way of disabling all scanning and processing of messages. Great
for customers who don't want scanning of any sort on their messages.
- More phishing net improvements and additions to the safe sites list.
* Fixes *
- Resolved dependency problems by "tweaking" /usr/lib/rpm/perl.req to
produce no output.
- Added more Postfix temporarily-invalid-message checks.
This is working perfectly reliably now.
- Added disk full checks for MailScanner/incoming space.
- Added missing object instantiate in the generic spam scanner.
- Fixed reporting and scoring bugs in Custom Spam Scanner.
- Made Postfix hash depth measurement more tolerant of stray files such
as Razor logs appearing in the hold queue directories.
- Delete temporary TNEF files created by internal TNEF decoder/expander.
- Removed stray tar.gz files from tar distribution that shouldn't be there.
2/7/2005 New in Version 4.43.8
==============================
* New Features and Improvements *
- Added "Custom Spam Scanner" so that you can very easily plug in your
own spam scanner, for example dspam. See MailScanner.conf and
.../MailScanner/CustomFunctions/GenericSpamScanner.pm for more details.
- "Allowed Sophos Error Messages" now works for SophosSAVI scanner as well
as the command-line Sophos scanner.
- "\n" can be used to insert line breaks in just about any configuration
setting or languages.conf string.
- Optimised scanning of messages when spam/mcp archive is not kept clean.
- Updated Clam+SpamAssassin package for SpamAssassin 3.0.4.
* Fixes *
- Fixed bug in upgrade_MailScanner_conf so that it puts in the new value of
"MailScanner Version Number" rather than copying it over from the old one,
and it now gets all the comments right around this option when the
"--keep-comments" command-line switch is used.
- Syslogging of files with allowed Sophos errors should now be correct.
- Fixed missing syslog entry for MCP actions taken on a non-delivered message.
- Fixed bug where infection could be reported for wrong message ID as well
as correct message ID.
- Modified panda-wrapper to process entire batch in one call instead of
per message.
- If message parsing failed, the pipe might not exist and this wasn't caught.
- Improved fault auto-detection and auto-correcting of Postfix formatting
problems.
- Added missing "use" in MailScanner main script.
1/6/2005 New in Version 4.42.9
==============================
* New Features and Improvements *
- Now automatically detects and warns if the "Incoming Work Directory"
setting contains any links. It also corrects the path (but not in the
MailScanner.conf file) and continues to work properly.
- Added support for Sophos 3.93.2. You must use the sophos-autoupdate from
this version if you want Sophos to work (both the sophos and sophossavi
scanner settings).
- Tar and RPM distribution installation scripts now look for gtar if GNU
tar was not found, and is happy if /usr/local/bin/perl and /usr/bin/perl
point to the same place.
- SophosSAVI errors are detected as if they were viruses, and are not
ignored.
- Panda support completely reimplemented a lot better by Rick Cooper.
- Upgraded File::Temp, Compress::Zlib and ExtUtils-MakeMaker to latest
releases.
- New options "Disarmed Modify Subject" and "Disarmed Subject Text" now
provide the ability to alter the Subject: line if any HTML tags in the
body of the message were disarmed (by having their "Allow .... Tags" set
to "disarm". This is switched on by default.
- New option "Spam Lists To Be Spam" now provides the ability to set how
many Spam Lists a message must appear in before it is considered to be
spam. The default is 1 as that mimics the previous behaviour.
- Improved output of SuSE MailScanner init.d script.
- Reversed spam and disarm tags to leave spam tag at start of Subject:.
* Fixes *
- Fixed problem that could cause harmless header files to be left in the
temporary working directories when using Postfix.
- Fixed problem where attachment size checks were made on the contents of
zip files and not just the zip files themselves.
- Hopefully fixed problem with ClamAV missing Worm.Sober.P occasionally.
- No longer import missing whine method from MIME-tools.
- Fixed problems with incomplete reporting of viruses in zip files.
- Fixed problem with "Delete" MCP action not being logged in syslog.
- Fixed problem with the "null MIME boundary" vulnerability test.
- Added check to upgrade_MailScanner_conf and upgrade_langages_conf so they
check to ensure all input files have content before starting.
- Fixed bug where clean header was being applied to unscanned mail when using
virus scanning rulesets.
- Fixed wrong build number for 1 Perl module in install.sh scripts.
- Fixed typo in upgrade_MailScanner_conf.
- Made significant changes to child worker process management and re-spawning,
to try to avoid problems reported by a few users with MailScanner "slowly
stopping working" over the space of several hours.
1/5/2005 New in Version 4.41.3
==============================
* New Features and Improvements *
- Improved install.sh to work on AMD64 Fedora Core 3 systems.
- Added * wildcard support to phishing.safe.sites.conf, so you can list
*.safedomain.com instead of having to list subdomains and other servers
individually. Useful for listing your own domain.
- Improved IPv6 support as sendmail on Linux adds "IPv6:" on the front of
the IPv6 SMTP client address.
- Improved support for \ characters in URLs in phishing net.
- Better handling of subdirectories in RAR archives.
- Duplicates removed in quarantine postmaster notice.
- Added filetype entry to allow PostScript files.
- Improved phishing net by adding detector for numeric IPs which do match
but warn as they might be part of a fraud.
- Added new entry to languages.conf which needs translating.
- Improved phishing net to improve handling of numbered website references
automatically inserted by some Unix text-only email clients.
- Improved handling of ClamAV output when it scanned zero-length attachments.
- Updated phishing net safe-sites list.
- Added comment to MailScanner.conf about Maxium Archive Depth being a ruleset.
- Changed default auto-whitelisting to "no".
- Installation support for Solaris 10, in main ./install.sh and ClamAV-SA
installation script.
- Changed blacklisting so it doesn't override whitelisting if you always
want to get the SpamAssassin results header.
So if you whitelist an address@domain.com and blacklist *@domain.com,
it works as you would expect it to.
- Upgraded ClamAV+SA tarball to SpamAssassin 3.0.3 and ClamAV 0.84.
* Fixes *
- RAR archive handling: creation of directory only archive entries, both
windows and *nix created archives (caused problems for SAVI).
- RAR archive handling: possible false Encrypted file trigger on file names
containing the word "Encrypted".
- RAR archive handling: full path names used when extracting archived files,
extracted to safe file name without out path.
- Removed harmless error message when clearing out empty working directories
at startup in debug mode.
- Fixed problem where using rulesets to scan messages for dangerous content
but not for viruses would cause the messages to be scanned by viruses anyway.
- Fixed problem where filename/type checks were still being done on messages
which had rulesets saying they should not do dangerous content checking.
- Fixed problem in tar distribution install script where it would not
correctly find the installed tnef expander binary.
2/4/2005 New in Version 4.40.11
===============================
* New Features and Improvements *
- The "clamavmodule" scanner cannot unpack archives of RAR version 3.
2 new configuration settings allow you to unpack the latest RAR archives
for testing by the "clamavmodule" scanner.
It also enables the contents of the RAR archive to be checked for illegal
filenames and filetypes, and also to see if they are password-protected.
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
- "Allow Password-protected Archives" can now be a ruleset when using the
clamavmodule virus scanner.
- Multiple "Subject:" lines are removed. The 1st one is kept.
- If the "Unrar Command" is defined and points to an executable program,
it will automatically be used by the "clamav" scanner. No -wrapper
tweaking is needed to do this any more.
- You can now use shell environment variables such as $HOSTNAME or
${HOSTNAME} in MailScanner.conf and its relatives.
- More improvements to the phishing net.
- More additions to the starter phishing.safe.sites.conf file.
- Removed my spam.assassin.prefs.conf file in favour of the one from
www.fsl.com, with just enough changes to produce an identical file
layout to my previous versions.
- Re-enabled ALL_TRUSTED rule after comments from Matt Kettler. Thanks!
- Added long comment about ALL_TRUSTED rule, many thanks to Matt Kettler.
- Improved screen behaviour of RPM-based init.d script.
- Greatly improved RAR archive handler, thanks to Rick Cooper.
- Changed IPBlock DSN to 550 and made it easily configurable.
Look for "$FailCode" in the CustomConfig.pm code and the IPBlock cron job.
- Changed the "Envelope-From" and "Envelope-To" headers to include your
organisation's name.
- Made date and time stamps consistent across whole system.
- Added extra rules to the phishing net to avoid false alarms with some
examples of Microsoft's .NET system.
- Added Custom Functions to implement multiple input and output queues for
ZMailer users. Many thanks to MailScanner-devel@pert.com.ar (Leonardo
Helman and Mariano Absatz) for all their hard work implementing this.
- Improved RedHat init.d script so reload is handled better for Postfix.
- Changed default supplied values for "Allow xxxxx Tags" to disarm all of
these tags.
- Added 20 minute timeout to bitdefender's autoupdate script. Easy to set
the timeout to your own value, just look at the start of the script.
- Added support for non-hashed queue directories for Postfix 2.2.
* Fixes *
- Fixed problem with missing Attachment-Warning when encountering a virus
that is both silent and non-forging.
- Improved output format of Sender warning, and removed duplicate lines.
- In IPBlock facility, changed MTA dsn to 451 to temporarily refuse the
connections, rather than the total block it used to do.
- Removed erroneous log output from SpamAssassin bayes-rebuilder.
- Postfix problem fixes.
- Fixed SpamAssassin Bayes database rebuild timeout problem.
- Fixed Exim problem with removing multiple "Subject:" headers.
- Fixed Postfix problem with removing multiple "Subject:" headers.
- Fixed problems in new Unrar code when renaming files in archives.
- Fixed problems in earlier betas with occasional missing attachment warnings.
- Fixed directory problem in vexira-autoupdate.
- Fixed problems with defunct processes when not virus scanning.
- Fixed problem with filename checks not happening without virus scanning.
- Fixed problem extracting RAR archives with filenames containing special
characters.
- Fixed problem where 2 matching "No" rules would cause message to be checked
for spam, if SpamChecks is moved in ConfigDefs.pl.
2/3/2005 New in Version 4.39.6
==============================
* New Features and Improvements *
- If the AttachmentWarning message put into a message is empty (zero-length)
then the empty attachment won't be added to the message at all.
- Added scanning of PE's by default to clamavmodule scanner.
- Added feature when IP address in a ruleset has all 4 numbers, so that a
full string match is done against the client IP, not a substring match.
- Added support for output from latest F-Prot and archive bomb detection.
- Set all virus scanners to SUPPORTED so no tweaking needed by users.
- Added 4 new configuration options for setting all ClamAV settings when
using the "clamavmodule" scanner:
ClamAVmodule Maximum Recursion Level
ClamAVmodule Maximum Files
ClamAVmodule Maximum File Size
ClamAVmodule Maximum Compression Ratio
- Phishing net now traps website names containing unicode characters.
* Fixes *
- Corrected problem with tags that have no text contents and no .
- 2 minor typos in the Swedish reports.
- Changed check_MailScanner to check_mailscanner in cron job.
- Fixed problem where files with no extension, inside a zip file, were
extracted with ".dat" added onto the end of them.
- Fixed problem with phishing net being confused by some malformed URLs.
- Syslog calls are forced to 8-bit characters.
- Fixed problems with nested input queues not being used consistently.
- Custom Function reader no longer includes Debian dpkg files it should ignore.
- Fixed problems with messages being rebuilt just because they contain
or ![]()
.
- Fixed problems with some messages with sendmail nested input queue but
flat output queue.
- Fixed problems where an infected spam message containing a broken zip
file could break MailScanner when delivered as an RFC-822 attachment
to a new message.
2/2/2005 New in Version 4.38.10
===============================
* New Features and Improvements *
- Upgraded to MIME-tools 5.417.
- Added new filename restrictions using Microsoft vulnerability report from AUScert.
- Improved /etc/sysconfig/MailScanner so that it finds Incoming Work Dir and
Incoming Queue Dir automatically from MailScanner.conf file.
- Can now use $from, $id and $subject in inline signature for signing clean
messages.
- Any entry in the "Archive Mail" setting can contain _DATE_ which will be
replaced with the current date in yyyymmdd form, so you can backup or move
yesterday's archive safely knowing that it won't be written to today.
- Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to
cause problems.
- Added "Also Find Numeric Phishing" setting (on by default) so that all
numeric IP addresses in links are flagged as being dangerous.
- Added "$postmastername" to the list of variables available in many reports.
- ClamAV -autoupdate script now logs all warnings and errors from freshclam.
- Postfix support added to "IPBlock" functionality for SMTP connection
throttling. Many thanks to Rakesh for writing this.
- Updated German translations. Many thanks to Felix for doing this.
- Added PDF version of new MailScanner advertising "flyer".
- Added "Log Dangerous HTML Tags" configuration setting, and removed old
"Log IFrame Tags" configuration setting, so that all potentially dangerous
HTML tags are now logged. This helps when you are developing your white-
list of safe sources of HTML tags, such as newsletters and daily cartoons.
- Added "Phishing Safe Sites File" configuration setting to point to a file
containing a list of fully-qualified hostnames which are ignored in the
phishing detection tests. Any links to any of these hostnames are ignored
in the phishing tests.
- Added "Eicar" to non-forging viruses list, so it's easier for testing.
- Upgraded to latest HTML::Parser version 3.45.
- Changed logging about HTML disarming to only log if it actually changed
the message.
- Improved comments about ruleset filenames for Spam Actions et al.
- Upgraded to latest Net::CIDR version 0.10.
- Improved phishing net to handle links which look like email addresses.
- Upgraded Vexira to handle new version. Note that support for the old
version of Vexira has been dropped. You *must* upgrade to use this release.
- Upgraded install-Clam-SA.tar.gz script (on the downloads page) to install
ClamAV 0.81 and SpamAssassin 3.0.2.
- Better updated translations of pt_br by Eduard Michels.
- Improved logging of numeric-ip based phishing attempts.
* Fixes *
- Fixed problem where some spam was delivered even if the Spam Actions was set
to "store delete" if the messages were not to be virus-scanned.
- Fixed harmless uninitialised variables in HTML disarming.
- Removed 2nd copy of tnef sources from tar distribution.
- Fixed problem in phishing net where empty tags would cause false alarm
on the previous normal link.
- Fixed problem in a few situations where logging would say content disarming
was happening when actually it wasn't.
- Fixed problem where messages that were not virus-scanned did not have
arbitrary headers removed.
- Subject lines are now MIME decoded before writing to Postmaster notices.
- Fixed bug in SpamAssassin score counting in MCP functionality.
- Fixed bug in handling of phishing safe sites file.
1/1/2005 New in Version 4.37.7
================================
* New Features and Improvements *
- When stripping HTML messages to plain text, the contents of script and
style tags are omitted.
- Phishing net improved to ignore email addresses.
- Now supports split sendmail queues where any incoming mqueue.in directory
can have qf, df, xf, tf subdirectories, each containing the appropriate
type of file for each message. This will greatly speed operation on big
queues as the directories will be less than half the size of a combined
queue directory.
- New option "Keep Spam And MCP Archive Clean" which forces it to virus scan
all spam that is quarantined. Any spam (or MCP messages) found to be virus-
infected are removed from the quarantine, so you can safely let your users
have access to the spam archive safe in the knowledge that they cannot get
any viruses out of it.
Note: This feature is disabled by default, as most people won't want the
performance hit of all the extra scanning, as they don't their users
access to the spam quarantine anyway.
- Changed Postfix handling so that "Archive Mail" feature creates files
with unique names so that re-used message-ids don't cause overwriting of
older files in the same day with the same message-id.
- Spam and MCP actions (and of course their non- and high-scoring- alternatives
can now include extra headers which are added in each case. These entire
headers must be contained in double quotes. So for example, you can have
Spam Actions = header "X-Spam-Status: yes" deliver
and the message will be delivered but with the extra header
X-Spam-Status: yes
added to the message.
* Fixes *
- Fixed sendmail and ZMailer problem where subject lines starting with a
line-break were not tagged correctly.
- Fixed minor problems with multi-line Subject: headers.
- Fixed bugs with some MTAs when keeping spam archive clean.
- %vars% in MailScanner.conf are now handled properly in "other" settings.
- Fixed problem with correctly removing Phishing frauds from badly formatted
html with missing tags before corresponding .
- Fixed problem with message duplication on some sendmail systems.
- Worked around Perl bug causing crashes with a few bounces from Hotmail.
- Fixed problems stopping SPF checks working properly.
1/12/2004 New in Version 4.36.4
===============================
* New Features and Improvements *
- Improved URL trimming in phishing net.
- Various improvements and fixes in phishing net.
- Added support for RedHat Enterprise Linux 4.
- Added check for Password-Protected Archives setting when using clamavmodule.
- Added support for "fast" parameter to all installation scripts.
This reduces all waits to 1 second, greatly speeds installation!
- Improved logging when there are too many attachments.
- Added message ID to log of phishing attempts.
- Added autoupdater for Panda.
- Added %variables% to text and HTML report messages, so the email "signature"
added to the end of each report is customised centrally from
MailScanner.conf. This currently uses %org-long-name% and %web-site%.
- Added upgrade_languages_conf script to automate upgrading of
the languages.conf file in whatever translation directory you use.
* Fixes *
- Fixed outstanding problem in bitdefender-autoupdate, so that it works
properly on new installations.
- Fixed logging problem with phishing net on a few malformed messages.
- Removed /var/tmp files from MailScanner-MIME-Base64 rpm build.
- Fixed problem in Vexira parser.
- Fixed problem where All-Viruses would cause every problem to be silent.
4/11/2004 New in Version 4.35.11
================================
* New Features and Improvements *
- SpamAssassin 3 SPF checks are now fully supported.
- Added Disposition-Notification-To and Return-Receipt-To to the list of
headers I advise you to remove.
- Added "Log Silent Viruses" configuration option.
- Mandrake Linux 10 is now supported by the RPM installation script.
- Added new configuration option "Find Phishing Fraud". This will scan HTML
messages for links which don't link to the site they appear to. This
should catch most "phishing" fraud attacks. It uses new text in the
languages.conf file, so you will need to add the extra lines to yours.
- Added support for F-Secure 4.6x.
- Removed pre-built tnef programs from bin directory of distribution.
- Moved "virusscan" from "First" to "All".
- Tweaked generic-autoupdate so it apparently does nothing.
- Support Mail::ClamAV 0.12 and upwards. Dropped support for 0.11.
- Support ClamAV 0.80 and upwards. Dropped support for 0.75 and earlier.
- Added support for Kaspersky 5.0 autoupdater.
- Upgraded to Archive::Zip 1.14.
- Filenames are sanitised before being put into virus reports.
- Added a default empty string for Lock Type so upgrade_MailScanner_conf
works more smoothly.
- Improved logging of attachment size errors.
* Fixes *
- Fixed bug where filetype checks that matched no rules were not logged
properly.
- Fixed problems with MIME::Base64 dependencies.
- Fixed bug with @INC path reversal when loading MIME::Base64 and
MIME::QuotedPrint.
- Fixed bug where MCP files were quarantined with the wrong owner.
- Fixed bug where MCP files were incorrectly logged if they were also spam.
- Fixed issue where Postfix insisted (quite correctly) on having a space
after "Subject:" in the headers.
- Moved Envelope-From header for SpamAssassin to the top of the headers sent
to SpamAssassin.
- Fixed existence check bug in antivir-autoupdate.
- Fixed problem where some parent reports were masked by child reports.
- Fixed problem with rules with multiple results and multiple tests.
- Messages with a null MIME boundary are now rejected instead of passed.
- Got MIME boundary fix rolled back into MIME-tools code.
- Added X-MailScanner-From header definition to SpamAssassin setup so
that SPF checks and NO_DNS_FOR_FROM checks work properly.
- Completely new MIME::Base64 that lives in /usr/lib/MailScanner/utils.
- Fixed bug in minimum attachment size checking.
1/10/2004 New in Version 4.34.8
===============================
* New Features and Improvements *
- Added "Bounce Spam As Attachment" and "Bounce MCP As Attachment" options.
These will cause the original message (up to the Max SpamAssassin Size so
it cannot be used for denial-of-service attacks) to be included in the
bounced message as an RFC/822 attachment, which some mail clients can read
very nicely. This lets the original sender see what message got bounced.
- Updated the Qmail support. See opencomputing.sf.net for more info on Qmail.
- Changed default supplied values for a few settings. This will have no effect
on upgraded installations, but will improve resource use for new
installations, such as not quarantining silent viruses which is pretty
much a waste of disk space and i/o load.
- Added POSIX back-compatibility switches to scripts wanting to use "tail".
- Added "Remove These Headers" setting to allow arbitrary headers, such as
delivery receipt requests, to be removed from mail.
- Implemented MCP support for SpamAssassin 3.0.0.
- Published packages for RPM and non-RPM systems to install ClamAV and
SpamAssassin 3.
- Adapted code to run with MIME-tools 5.412.
- Removed most of the MIME-tools version checks as the new code doesn't
specify versions for its components.
- Added a load more optional modules to the version number list so we get
all the modules required by SpamAssassin 3 and Mail::ClamAV.
- Added MIME-tools 5.413 and MIME-Base64 3.03. You must have these installed.
- Updated Catalan reports.
- Added support for NOD32 2.04.
- Added $longspamreport to sender.spam.sa report.
- Update Trend-autoupdate script so it supports Trend's new opr.ini file.
- Added 4 new MCP options to provide the same subject line modifications as
you can do with spam messages: "MCP Modify Subject", "MCP Subject Text",
"High Scoring MCP Modify Subject", "High Scoring MCP Subject Text".
The defaults are the same as for spam.
- Added a "generic" virus scanner. This enables you to write your own
virus (or other "nasty content") scanner, which produces input which is
read by MailScanner and used to mark certain files as virus-infected.
The spec of what output is required from your scanner is in the
"generic-wrapper" script. It's very simple to use.
- When a child process is HUPped it will now attempt to kill any running
child scanner processes, to avoid problems with uvscan consuming 100% CPU.
- Timeout code added to AntiVir updating script.
- Added a new setting "First Check" so you can control whether the MCP or
the spam checks are done first. It is MCP by default as that is how it has
run in the past, but you may well want to do spam checks first if you
delete most spam.
* Fixes *
- Fixed another Postfix perl buffering error on a few OS's.
- Added remaining MCP definitions to languages.conf files.
- Fixed installation problems with MIME-Base64.
- Fixed bug in Exim.pm where case of MAIL sender wasn't properly preserved.
- Fixed problem causing bitdefender-autoupdate to hang.
1/9/2004 New in Version 4.33.3
==============================
* New Features and Improvements *
- When converting an HTML message to plain text, HTML comments are removed.
- Now prints more realistic Perl version with -v, and includes Net::DNS.
- Custom Functions can now take parameters. These are passed to the Init
and End functions corresponding to each Custom Function.
- Updated Czech translations.
- McAfee -autoupdate script improved to handle situation where McAfee upgrade
was manually installed and previous installation was not removed first.
- Added all the MCP settings to the shipped MailScanner.conf file.
- Added support for the "Symantec Scan Engine" scanner.
- Non-RPM installer never opts for RPM install.
- Upgraded Archive::Zip to 1.13.
- Improved "MailScanner -v" output so it gives kernel and OS release
information if it can find any. Also now logs version of MIME::Base64.
- Added setting to SpamAssassin so that Version 3.0 will use fast non-NFS
file locking, as most MailScanner users don't access Bayes across NFS.
- Configuration compiler much more tolerant of errors and missing files.
* Fixes *
- AntiVir is now forced to run in English.
- RAR archives that cannot be handled by ClamAV's internal RAR unpacker are
now handled properly.
- Couple of minor fixes to ZMailer support.
- Added a space in the Postmaster report to improve formatting.
- Fixed bug in spam score number formatting.
- Now set the charset in messages that are "notices to".
- Now catch the case where SpamAssassin fails to set the autolearn status.
27/7/2004 New in Version 4.32.5
===============================
* New Features and Improvements *
- Per-domain white and blacklisting now supports IP address checks.
- Disarmed web bugs now tell you where they came from.
- New "Run In Foreground" option which will be useful if you are trying to
use another tool to monitor MailScanner's health and restart it auto-
matically if it dies for some reason.
- New "--perl=" switch for install.sh on non-RPM systems.
- Added extra strings to languages.conf to support new feature of reporting
the fault with a message in the subject line of the postmaster report.
- CheckModuleVersion now supports the "-v" command-line option, to make its
output more verbose.
- Upgraded Archive::Zip to 1.12.
- Added *.job to the list of banned filenames.
- New "Spam Score Number Format" option to allow numeric formatting of the
number that is substituted for _SCORE_ in the spam score outputting.
- Added "--version" (or "-v" or anything that looks roughly like "-v").
This will make MailScanner print the version number of all the modules
that MailScanner uses, along with its own version number.
- Improved MailScanner.conf settings to explicitly say that "Virus Scanners"
cannot be a ruleset.
- Improvement to installer for non-RPM systems to catch broken MakeMaker on
some Solaris systems.
- Updated OpenBSD manual installation instructions.
- Added $MailScanner::Config::ConfFile so that Custom Functions can find the
configuration directory easily.
- Updated Spanish translations.
* Fixes *
- Postfix file corruption problem remaining on a few systems, now fixed.
It was a Perl bug.
- tar distribution check_mailscanner.cron file now calls check_mailscanner
and not check_MailScanner.
- Comments output in upgrade_MailScanner_conf made more consistent.
- Moved "Spam List" so it matches the first rule, not all rules. This enables
you to apply rules for entire domains and exceptions for certain addresses
within those domains.
- Improved zip of death detection.
- Changed web bug disarming so alt text is only provided if there is a 'src'.
- Fixed bug where autolearn status was reported incorrectly with SpamAssassin 2.
- Fixed bug causing symptom of missing identically-named nested zip files.
- Fixed bug in ZMailer.pm from Mariano.
- Fixed bug involving '+' characters in address patterns in config compiler.
1/6/2004 New in Version 4.31.4
==============================
* New Features and Improvements *
- Added install.sh script for tar distribution which builds all Perl modules,
tnef decoder and MailScanner automatically.
- Added configuration option "Dangerous Content Scanning" to allow you to
disable all the content scanning except for the virus scanning.
- Added support for Vexira virus scanner.
- Implemented support for F-Secure 4.61.
- Implemented support for Nod32 2.01. If you are still running 1.99, you
will need to edit /etc/MailScanner/virus.scanners.conf.
- Reports can now contain %variables% such as %org-name%.
- Changed default installation location of Bitdefender to /opt/bdc.
- Upgraded tnef to latest release from sourceforge.
- Moved ExtUtils::MakeMaker into list of normal perl modules to install.
- Linux distributions now auto-detect MTA setting in /etc/sysconfig/MailScanner.
- Can now detect very small images in a message, that may be "web bugs" to
track you. These can be disarmed if you want.
- Changed documentation to just list single-instance version of Postfix.
- Changed init.d scripts to work well with both single and double instance of
Postfix.
- Improved init.d script to support SuSE 9.1 properly.
* Fixes *
- Forced AVG to run in English.
- Corrected problem with negative failure counts from RBLs and SA.
- Fixed bug in LDAP ruleset handling.
- Sendmail code now auto-detects the correct lock type to use, flock or posix.
- That code has just been removed.
- Sendmail qf files no longer have to define an IP address.
- Corrected report when archive is nested too deeply.
- ZMailer forwarding fix provided by Mariano.
- Fixed Postfix message corruption on recent Postfixes on some architectures.
- Worked around latest tweaks to Postfix spec.
- Fixed problems with PDF docs when signing messages.
1/5/2004 New in Version 4.30.3
===============================
* New Features and Improvements *
- Zip files can now be located either by filename or by file contents, so
you can effectively control whether your users can avoid zip file checking
by renaming ".zip" to "_zip" for example. Note this does not affect virus
checking, the contents of zip files will still be scanned for viruses.
Note that this works with self-extracting zip files as well. The
configuration option is called "Find Archives By Content" and is on by
default.
- Tightened up MIME decoder to catch more of the tests at www.testvirus.org.
- Added support for Grisoft AVG virus scanner. Thanks to Rick Cooper for his
hard work on this.
- BitDefender wrapper and autoupdate scripts now support both old and new
versions without any modifications needed. They find the version
automatically.
- The upgrade_MailScanner_conf command now preserves all your custom
%variable% settings.
- Linux cron job scripts added to tarball distribution.
- Made the spam tag come before the virus tag on infected messages so that
spam can be dumped more easily automatically.
- Added support for SpamAssassin version 3.
- Added new configuration options so that RBL's (and SpamAssassin) can have
their network checks disabled is they fail more than a certain fraction of
the time. This is very good for finding unreliable RBL's that don't always
fail and are therefore not found by the "max timeouts" settings.
- Added new configuration option "Ignore Spam Whitelist If Recipients Exceed"
to catch spammers who deliver messages to lots of recipients, including
one recipient who chooses to receive all their spam.
- Added link to the Ellen MacArthur Trust to the home page. Please support
this charity, they perform excellent work in an area that is very close to
my heart.
- Improved update_virus_scanners so it ignores the lock if it is old.
- Added scanner name to log output from library-based virus scanners modules.
- Improved building of SRPMs so they work on all RedHat and SuSE versions.
* Fixes *
- Debian fix for their different dir structure causing problems with
update_virus_scanners.
- Fixed problem where some HTML messages from Yahoo did not have the clean
message signature added to their HTML portion.
- Fixed problem with some systems not rewinding file extraction directory
properly.
- Fix to avoid problems in Qmail with regular expression match which reading
Qf file.
- Messages with too many attachments should get a proper report now.
- Quarantine and Incoming Queue group memberships should now work properly
for non-root users.
- Now only signs text/plain and text/html sections, so some PDF files and
Outlook messages are not corrupted.
1/4/2004 New in Version 4.29.7
==============================
* New Features and Improvements *
- More robust MIME decoding, should catch postmaster bounces a lot better
when they include the entire message with broken MIME headers.
- Clam -wrapper script adds /usr/ucb to end of $PATH for Solaris users.
- Moved cron job maximum update delay to /etc/sysconfig/MailScanner so it
is preserved across upgrades.
-