From MailScanner at ecs.soton.ac.uk Mon May 1 10:26:00 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon May 1 10:27:18 2006 Subject: MailScanner ANNOUNCE: Stable 4.53.6 released Message-ID: <4455D428.6020502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released the May release of MailScanner, version 4.53.6. The main new improvements this month are: - - Support for sa-update as provided with recent versions of SpamAssassin. - - Support for the new format of headers files produced by Exim 4.61. - - Many improvements to the handling of, and response to, Web Bugs. - - Support for the "gunzip" command so that filetype and filename checks can be done on compressed files created with either the "gzip" or "compress" commands. - - Support for numerical IP addresses in phishing.safe.sites.conf. Using this, entire servers can be whitelisted with one entry, removing the need to add every domain provided by that server. - - Support for "k", "m" and "g" multipliers in MailScanner.conf so that entries can be written as "Max SpamAssassin Size = 30k" instead of "30000". "k" = 1000, "m" = 1000000, "g" = 1000000000. You can download it as usual from www.mailscanner.info The full Change Log is * New Features and Improvements * - - Attachment extraction now checks for available disk space and a DoS attack using messages with high expansion ratios will fail even quicker than it did before. - - Added new setting "SpamAssassin Local State Dir" to support the sa-update tool provided with MailScanner these days, to provide a way of auto- updating the core SpamAssassin rulesets. The default value is set to what you need for Linux (/var/lib). - - Added new cron job to run sa-update every night. The location of the sa-update program is read from /etc/sysconfig/MailScanner. - - Added support for new header -H file format in Exim 4.61. - - Added 2 new configuration options "Gunzip Command" and "Gunzip Timeout" to enable unpacking of gzip-ed files for filename and filetype checking. Even if this is disabled, gzip-ed files will still be virus scanned. - - Added support for numerical entries in phishing.safe.sites.conf file. - - Added support for optional multipliers in numbers in MailScanner.conf. So you can now write "50M" instead of "50000000". The multipliers supported are "k", "m" and "g" to denote 1 thousand, 1 million and 1 billion (10^9) in upper or lower case. You must *not* put any spaces between the number and the multiplier character. - - Added a new configuration option "Ignored Web Bug Filenames". This allows you to whitelist a bunch of filenames that can appear in the URLs of potential web bugs. So if you decide that all potential web bugs with "spacer" or "pixel.gif" in the filename are just padding for page layout, then you can make it ignore them by adding them to this list. A sample list is provided in MailScanner.conf. This is disabled by default, as spammers may start to use this as a means of circumventing the Web Bug trap. - - When Web Bugs are disarmed, the URL used to replace the original web bug can now be set using the new configuration option "Web Bug Replacement". If this is not specified, then the old value of "MailScannerWebBug" is used. The default value supplied in the MailScanner.conf file is the address of an untracked 1x1 pixel transparent gif (51 bytes) hosted on the MailScanner web site. This will not be tracked other than to supply an overall count of the number of hits this image gets, for overall statistical purposes. - - Added Razor2 to the list of plugins automatically enabled by the ClamAV+SA easy-to-install package, due to the recent change in licence. Now if DCC could go the same way... * Fixes * - - Fixed bug in DoS attack handler. Thanks for Jorge for this. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRFXUKRH2WUcUFbZUEQKt3gCfUOcUKAHesluL3Q390ksMuzNG/FYAoLWO mzVi7O1U1UjDLgti8N+6tWN7 =TZ6M -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 20 22:46:59 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 22:51:19 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! Message-ID: <446F8E53.5080407@ecs.soton.ac.uk> Your Software Needs You! I really need some people who are prepared to help with the beta testing of new MailScanner releases. MailScanner is now a complex mature application and the testing I can do on particular features is not enough to prove the co-operation between different settings. This has been highlighted in 4.53. So if you are prepared to partake in beta testing for me then please contact me directly at mailscanner@ecs.soton.ac.uk. You will need to be prepared to either 1) run beta versions on your live MailScanner systems if you are brave, or 2) run beta versions on a copy of your mail feed on a test server. This can be done (with sendmail) using the "roundhouse" milter available from SnertSoft. I'm sure the same can be achieved with Postfix, Exim and ZMailer. It does not matter how much mail you process each day at all. A home user prepared to tweak new settings on a system processing 30 messages per day is just as useful as an ISP processing 100,000 messages per day. Unknowingly, you will each be testing different aspects of MailScanner, so all help is useful regardless of size. I am not insisting that you test every single beta test version I publish, just that you help where and when you can, particularly in the run-up to a stable release. More about that in a minute. Unfortunately I can only offer you payment for this in the form of the odd T-shirt and the satisfaction that you are making an essential contribution to the best email filtering system on the planet. The more of you who are prepared to help, the better. Let us all work together to maintain MailScanner's high standards in quality and performance! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From MailScanner at ecs.soton.ac.uk Sat May 20 22:49:53 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 20 22:51:20 2006 Subject: MailScanner ANNOUNCEMENT: Release schedule change Message-ID: <446F8F01.9030600@ecs.soton.ac.uk> MailScanner is now a pretty mature application. It has undergone continuous development for about 6 years and has come a long way in that time. Version 1 was 1,200 lines of Perl and shell, and had about 15 configuration options. Version 4.54 is over 44,000 lines of Perl and shell, and has 343 configuration options. These days, virtually all of the new features are written specifically for a few people, and are not desperately needed by most users. As a result of this, and to allow more time for testing, I am going to change the normal release schedule to a new stable release every 2 months instead of every month. Due to the nature of the world, I reserve the right to release every month or two months as I choose. The latest stable version number is always posted at the top of the home page of the www.MailScanner.info website. This will be good for MailScanner as it will be tested better before release, and it will be good for me by reducing the time I have to spend in the run-up to the start of every month. Note: This will not affect important bug-fix releases at all. Serious problems in the latest stable release will still be fixed as soon as possible, and published as soon as they have been fixed. These may be released either as later stable releases or early betas of the next release, as I do not want to have to fork the source code database at the start of every month and maintain two copies of the source code. Due to the extra time available for testing, this problem will be drastically reduced anyway. I hope you all understand my reasons for making this change, and that it will also reduce the time some of you spend maintaining your MailScanner systems at the very latest version. Maybe you would like to be in the "inner circle" of official beta-testers. I might even print a special T-shirt for you with your company logo on it advertising that you are a member of the inner circle. Please read my other posting re beta testers. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. From lhaig at haigmail.com Sun May 21 18:07:11 2006 From: lhaig at haigmail.com (Lance Haig) Date: Thu May 25 20:09:12 2006 Subject: MailScanner ANNOUNCEMENT: Your Software Needs You! In-Reply-To: <446F8E53.5080407@ecs.soton.ac.uk> References: <446F8E53.5080407@ecs.soton.ac.uk> Message-ID: <44709E3F.4090501@haigmail.com> Just sent you an e-mail Count me in Lance Julian Field wrote: > Your Software Needs You! > > I really need some people who are prepared to help with the beta > testing of new MailScanner releases. MailScanner is now a complex > mature application and the testing I can do on particular features is > not enough to prove the co-operation between different settings. This > has been highlighted in 4.53. > > So if you are prepared to partake in beta testing for me then please > contact me directly at mailscanner@ecs.soton.ac.uk. > > You will need to be prepared to either > 1) run beta versions on your live MailScanner systems if you are brave, > or > 2) run beta versions on a copy of your mail feed on a test server. > This can be done (with sendmail) using the "roundhouse" milter > available from SnertSoft. I'm sure the same can be achieved with > Postfix, Exim and ZMailer. > > It does not matter how much mail you process each day at all. A home > user prepared to tweak new settings on a system processing 30 messages > per day is just as useful as an ISP processing 100,000 messages per > day. Unknowingly, you will each be testing different aspects of > MailScanner, so all help is useful regardless of size. > > I am not insisting that you test every single beta test version I > publish, just that you help where and when you can, particularly in > the run-up to a stable release. More about that in a minute. > > Unfortunately I can only offer you payment for this in the form of the > odd T-shirt and the satisfaction that you are making an essential > contribution to the best email filtering system on the planet. > > The more of you who are prepared to help, the better. > Let us all work together to maintain MailScanner's high standards in > quality and performance! > From MailScanner at ecs.soton.ac.uk Sat May 27 20:33:56 2006 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat May 27 20:34:25 2006 Subject: MailScanner ANNOUNCE: 4.54.6 released Message-ID: <4478A9A4.9020009@ecs.soton.ac.uk> I have just released version 4.54.6. The main aim of this release is to remove the (minor) problems there were with 4.53.8. The main improvements are support for Sophos 5, and a fix to the phishing net output formatting which could leave some links open. I have also upgraded the easy-to-install ClamAV+SpamAssassin to the very latest versions. There have also been various other changes, improvements and other fixes since 4.53. The full Change Log is: * New Features and Improvements * - sa-update cron job disabled by default - Support for Sophos version 5. This just requires new sophos-autoupdate and sophos-wrapper. There are no changes to the core MailScanner code. - The Sophos.install script is not needed for version 5 of Sophos. But it won't do any harm and will print some useful information on how you should configure it, and it will make its best attempts to update the virus.scanners.conf file to point to your new version 5 installation. So I would still strongly advise that you run Sophos.install to install Sophos, even with version 5. - When the SpamAssassin cache is being used, the phrase "cached" or "not cached" is added to the start of the SpamAssassin detailed report in the headers. These words are defined in the languages.conf file so you can change them to anything you like, and translate them into your local languages. Please post all translations back to me for inclusion in the standard distribution. - Added a reference to the message batch in the call to look up "lastafterbatch" so that MailWatch can get the batch statistics. - Updated loads of Perl modules to more modern versions where there have been any significant updates to them. Minor doc and test tweaks have been ignored. - Updated many Perl modules in ClamAV+SA easy-to-install package. - ClamAV+SA package does not add extra loadplugin lines if they are already present in the init.pre and v310.pre files. - Added more examples to /etc/MailScanner/rules/README to show all of the allowed formats of a numerical IP address range. - Upgraded to Filesys::Df 0.90. - Added Spanish translation of rejection.report.txt. Thanks to Leonardo Helman. - Improved filetype rule for scripts so it doesn't accidentally trigger on JPEG images with full metadata tags. 5 Added Net::IP Perl module as it is needed for SpamAssassin and Net::DNS. 5 Improved handling of Unicode encoded subject lines with a few trailing spaces. 5 Fresh translation of German languges.conf file. * Fixes * - Fixed bug in output formatting of phishing net. This could leave HTML links open. - Fixed major problem with Web Bug processor. - Fixed bug in handling of multi-line Subject: lines in Postfix. Thanks to James for this fix and his patch. 5 Fixed bug in sophos-wrapper caused by confusion between Sophos V4 and V5. 5 Fixed bug stopping regexp rule /^$/ from working properly in rulesets. 6 Fixed packaging error with perl-Net-IP. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.