From MailScanner at ecs.soton.ac.uk Sun Jul 1 11:42:49 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jul 1 12:02:07 2007 Subject: MailScanner ANNOUNCE: stable 4.61 released Message-ID: <46878529.5070707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new version of MailScanner, stable version 4.61.7. The main new things this month are: - - Direct support for clamd, for extra speed. - - Bug fixes in the attachments auto-zip feature introduced last month. - - Bug fixes in the support for Postfix milters. Download as usual from www.mailscanner.info. The full change log is: * New Features and Improvements * 1 Direct support for the "clamd" virus scanner -- now talks directly to the clamd daemon without any overhead of calling clamd-wrapper or clamdscan. As a result, this should be faster than the previous clamd support. It also has a much smaller memory footprint than the "clamavmodule" scanner. This is all thanks to Rick Cooper who wrote the original code. New configuration options are - Clamd Port = 3310 - Clamd Socket = /tmp/clamd - Clamd Lock File = /var/lock/subsys/clamd - Clamd Use Threads = no The use of these settings is explained in the MailScanner.conf file. 2 Changed session handling in direct clamd virus scanner support. 3 'MailScanner --lint' now finds clamd virus scanner. 3 Made clamd subsys lock file blank by default, so it works on non-Linux systems. 3 Added another example to the Allowed Sophos Error Messages setting for password-protected files. 4 Renamed "sa-update" command and cron job to "update_spamassassin". 4 Added ability to easily disable update_virus_scanners script. 4 Added conditional call to sa-compile to update_spamassassin cron job. 4 Added to $PATH in update_phishing_sites for Solaris 10 locations. 5 Watermarking functionality has had to be withdrawn due to patent issues. Sorry about this, but it would cause huge problems in the USA where software patents are legally enforceable and it would cause problems with including patented code in GPL software too. 6 Added facility to change SpamAssassin's temporary working files directory, using the new option 'SpamAssassin Temporary Dir'. By default this is put under the Incoming Work Dir location, as that is (hopefully) mounted using tmpfs. If an attempt to use this directory fails, it reverts to /tmp. 7 Fixed bug in finding PERL5LIB in installers. Thanks to Sean Coleman. * Fixes * 2 Fixed bug in auto-zip feature with a message containing 2 attachments with the same filename. 2 Fixed bug in auto-zip feature that would allow zipping of an attachment which had been cleaned out of the message. 3 Fixed "identified/found" bug in AVG parser. 3 Fixed bugs in Panda and AVG parsers courtesy of Rick Cooper. 3 Fixed bug in Postfix handler which caused a problem with empty messages. 4 Fixed bug in SuSE init.d script stopping MailScanner reload working properly. 4 Changed method for getting MCP to decode binary attachments (the interesting ones have "application" in their MIME type). New patch for SpamAssassin 3.2.1 Util.pm required now. No other SpamAssassin patches required at all. 4 Added definition of "noticesizeinfected" to languages.conf. 4 Added speedup (courtesy of Glenn Steen) to the new Postfix milter support. 4 Fixed rare bug in Postfix milter header support (from Glenn Steen). 5 Fixed problems with /usr/sbin/update_spamassassin not calling sa-update. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGh4UzEfZZRxQVtlQRAhseAKDZb7K3zuDXjs8Cj51hUxnkFgFKigCeN7rI iDHrxy7/khtdYYhuYd2LiOc= =3VyR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk From MailScanner at ecs.soton.ac.uk Tue Jul 31 22:01:36 2007 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jul 31 22:03:45 2007 Subject: MailScanner ANNOUNCE: Version 4.62.9 released Message-ID: <46AFA330.7010206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new version of MailScanner, 4.62.9. I don't normally bother releasing a new version for August, as it's normally very quiet and it isn't worth it. However, this year July has been absolutely hectic and the list of new features and changes this month is enormous! So here goes for the highlights: - --- New "Known Web Bug Servers" setting to list sites you know host web-bug services, so you can blacklist all images from their servers. The default value lists the main offender. - --- New "watermarking" functionality. 2 uses for this: firstly to provide the same functionality as milter-null, so you don't have to install that if, for example, you use Exim and so can't use it, or if you don't want to install another piece of software on your system. Also, you can use it to create a trust relationship between your MailScanner servers so that the spam scanning only has to be done once on any message, on the first server it hits and not on subsequent ones. - --- New "ClamAV Full Message Scan" setting, and improvements to the ClamAV parser so that the SANESecurity phishing- and spam-detection signatures can be reliably used. Note this new setting is disabled by default, as it has a slight speed impact. - --- New "SpamAssassin Rule Actions" setting so that any SpamAssassin rule firing can trigger any action on a message, including the... - --- New "custom()" spam action which allows you to do absolutely anything based on any property of a message. Immensely powerful, just get your thinking caps on. :-) - --- Major improvements to "MailScanner --lint". This now checks more, and actually tries scanning a real virus-infected message (don't worry, it's totally harmless!) to show you the reports from your virus scanners to check they are all actually working. - --- HTML clean message signature can contain an image, so you can have graphical sigs on your email messages with the image embedded in the message so the recipient always sees it. - --- Improvements to handling of "Virus Scanners = auto" with multiple ClamAV methods installed (ie. clamav, clamavmodule and clamd). - --- Improvements to upgrade_MailScanner_conf. That's not everything, that's just the important bits! Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Improved non-Linux installer. 1 Improved Linux installer. 1 Updated OpenBSD installation guide. Thanks to Jeremy Evans for this. 1 Upgraded MIME::Base64 to 3.07. 1 Improved error reporting for clamd permissions problems. Thanks Rick. 2 Added SAUPDATEARGS to /etc/sysconfig/MailScanner and /usr/sbin/update_spamassassin. For a good use of this, see http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt and search for "HOWTO" in the Subject: line of the MailScanner-discussion list archive. This process replaces RulesDuJour entirely. Another good ruleset to add to your setup is http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf To download this automatically every night, fetch http://www.mailscanner.info/files/4/KAM.cf.sh and put it in /etc/cron.daily and make it executable (type "chmod +x /etc/cron.daily/KAM.cf.sh"). 3 Added "Known Web Bug Servers" so you can blacklist images from known servers of web bug services. 3 Added functionality of "milter-null" to MailScanner so you no longer need to run this separately. It is called "Watermarking" and there is a whole section for the settings in MailScanner.conf. They are Add Watermark = yes Skip Spam Checks If Watermark Valid = yes Watermark Header = MailScanner-%org-name%-Watermark: Watermark Lifetime = 432000 # in seconds, = 5 days Watermark Secret = SET-THIS-TO-A-SECRET! Also added Digest::MD5 to the required list of Perl modules, this is needed for the watermarking code. 3 Added optional image to the clean message signature. You can also use this to add an arbitrary image attachment to any message, if you so wish. The main point is to be able to have graphical HTML signatures on messages. The settings are Attach Image To Signature = no Attach Image To HTML Message Only = yes Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg 4 Added support for Kaspersky kav4fs. Set virus.scanners.conf entry to point to /opt/kaspersky. 4 Changed default value to "Max SpamAssassin Size = 100k" as modern PDF spams are getting quite large, and PDFInfo.pm doesn't work with cropped messages. 4 Improved Clamd parser to handle Sane Security ClamAV signature databases which detect spam and so on from the contents of the headers, and hence find infections without attachment filenames. Thanks to various people for help with this, you know who you are :-) 4 Improved upgrade_MailScanner_conf so that it checks that the 'Monitors for ClamAV Updates' setting looks for inc and cvd files. Problems have recently been suffered by many due to the value of this setting being out of date. It doesn't automatically re-write their setting in case they have installed ClamAV somewhere odd and have customised it. 4 Changed 'Monitors for Sophos Updates' setting default value to point to appropriate file for Sophos version 5 and upwards, and have added check in upgrade_MailScanner_conf to ensure their setting now points to a new location. It prints a warning if sophos-av does not appear in the path. 4 Added configuration setting "SpamAssassin Rule Actions". This setting is very powerful and can be used to implement many things that MCP can do, without having the processing overhead of MCP. The documentation for it is in the MailScanner.conf file. Its power is limited by your imagination :-) Start combining it with rulesets and you can take (or _not_ take) any combination of actions dependent on any bit of content in the message or its headers. You could try out new SA tests by storing in quarantine every message that matches a new particular SpamAssassin rule (or meta-rule for creating more complex expressions). 5 Added "custom" spam action, which takes a parameter. This is passed into the CustomAction function in CustomAction.pm in the CustomFunctions directory. This can be used to implement anything your heart desires, depending on the contents of a message. 7 When clamav, clamavmodule or clamd parsers are being used and new setting "ClamAV Full Message Scan" is set to "yes", pass each of the entire messages to ClamAV as well as the attachments so that the signatures that detect spam can work reliably. This is set to "no" be default as it has a speed impact. 7 The watermark options have been tweaked and renamed a bit, and one new feature has been added. "upgrade_MailScanner_conf" will show you the renames and the new feature is designed to save resources on sites with more than 1 MailScanner. Currently, if you have a message delivered to a secondary MX (with MailScanner) which relays mail to the primary MX (also with MailScanner) for delivery to users' mailboxes, the spam checks will be done twice; this is a waste of resources. The new setting "Check Watermarks To Skip Spam Checks = yes" will remove this waste by skipping the spam checks on the primary MX as the secondary has already done them. 7 "Virus Scanners = auto" will detect multiple types of ClamAV installed and tend towards the most useful one. It will use clamd else clamavmodule else clamav. This helps if you have all 3 installed, which is quite likely. 8 Greatly improved "MailScanner --lint". It now actually tests every virus scanner that you have installed, and checks that they can successfully scan a message containing the Eicar test-virus pattern. It reports the results from each scanner and warns you about checking any that are not reported. 9 Added check to "MailScanner --lint" to check envelope_sender_header in spam.assassin.prefs.conf is correct and matches MailScanner.conf. 9 Added new setting "Use Watermarking = yes" to give overall control of all watermarking features. * Fixes * 2-2 Fixed error in RPM installer. 2-3 Fixed error in update_spamassassin. 3-2 The watermarking code should do something now :-) 3-3 Rewrote the watermarking docs so they reflect the truth. 4 --lint now reads all the Custom Functions properly. 4 Bug in auto-zip fixed where attachments could be deleted without being added to zip. Thanks to Matt Hampton. 4 Bug with '-' in HTML attribute names confusing phishing net fixed. Thanks to John Wilcock. 5 Fixed 2 bugs in MSRBL clamav-signature handler. Thanks to UxBoD. 6 Fixed bug from October 2006 involving McAfee finding infections in headers. 7 Fixed bug when unpacking TNEF files with external decoder. 7 Fixed 'monitor files' check in upgrade_MailScanner_conf so it doesn't check inadvertently when doing an upgrade_languages_conf. 7-3 Fixed bug in full message file creation in scanning dir as permissions were wrong. 9 Added use POSIX to top of MessageBatch.pm so WNOHANG is defined. Jules - -- Julian Field MEng CITP www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) Charset: ISO-8859-1 wj8DBQFGr6MxEfZZRxQVtlQRAvyFAKDXxb2x96bxiV+oQgYhMYrnhzUw5gCfXI1m hEfYtogRPhdHzVFDEaLY688= =nqu3 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. For all your IT requirements visit www.transtec.co.uk