MailScanner ANNOUNCE: Version 4.62.9 released

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jul 31 22:01:36 IST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released a new version of MailScanner, 4.62.9. I don't 
normally bother releasing a new version for August, as it's normally 
very quiet and it isn't worth it. However, this year July has been 
absolutely hectic and the list of new features and changes this month is 
enormous!

So here goes for the highlights:

- --- New "Known Web Bug Servers" setting to list sites you know host 
web-bug services, so you can blacklist all images from their servers. 
The default value lists the main offender.
- --- New "watermarking" functionality. 2 uses for this: firstly to 
provide the same functionality as milter-null, so you don't have to 
install that if, for example, you use Exim and so can't use it, or if 
you don't want to install another piece of software on your system. 
Also, you can use it to create a trust relationship between your 
MailScanner servers so that the spam scanning only has to be done once 
on any message, on the first server it hits and not on subsequent ones.
- --- New "ClamAV Full Message Scan" setting, and improvements to the 
ClamAV parser so that the SANESecurity phishing- and spam-detection 
signatures can be reliably used. Note this new setting is disabled by 
default, as it has a slight speed impact.
- --- New "SpamAssassin Rule Actions" setting so that any SpamAssassin 
rule firing can trigger any action on a message, including the...
- --- New "custom()" spam action which allows you to do absolutely 
anything based on any property of a message. Immensely powerful, just 
get your thinking caps on. :-)
- --- Major improvements to "MailScanner --lint". This now checks more, 
and actually tries scanning a real virus-infected message (don't worry, 
it's totally harmless!) to show you the reports from your virus scanners 
to check they are all actually working.
- --- HTML clean message signature can contain an image, so you can have 
graphical sigs on your email messages with the image embedded in the 
message so the recipient always sees it.
- --- Improvements to handling of "Virus Scanners = auto" with multiple 
ClamAV methods installed (ie. clamav, clamavmodule and clamd).
- --- Improvements to upgrade_MailScanner_conf.

That's not everything, that's just the important bits!

Download as usual from www.mailscanner.info.

The full Change Log is this:
* New Features and Improvements *
1 Improved non-Linux installer.
1 Improved Linux installer.
1 Updated OpenBSD installation guide. Thanks to Jeremy Evans for this.
1 Upgraded MIME::Base64 to 3.07.
1 Improved error reporting for clamd permissions problems. Thanks Rick.
2 Added SAUPDATEARGS to /etc/sysconfig/MailScanner and
  /usr/sbin/update_spamassassin. For a good use of this, see
  http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt and search
  for "HOWTO" in the Subject: line of the MailScanner-discussion list 
archive.
  This process replaces RulesDuJour entirely.
  Another good ruleset to add to your setup is
  http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
  To download this automatically every night, fetch
  http://www.mailscanner.info/files/4/KAM.cf.sh and put it in 
/etc/cron.daily
  and make it executable (type "chmod +x /etc/cron.daily/KAM.cf.sh").
3 Added "Known Web Bug Servers" so you can blacklist images from known 
servers
  of web bug services.
3 Added functionality of "milter-null" to MailScanner so you no longer 
need to
  run this separately. It is called "Watermarking" and there is a whole
  section for the settings in MailScanner.conf. They are
  Add Watermark = yes
  Skip Spam Checks If Watermark Valid = yes
  Watermark Header = MailScanner-%org-name%-Watermark:
  Watermark Lifetime = 432000 # in seconds, = 5 days
  Watermark Secret = SET-THIS-TO-A-SECRET!
  Also added Digest::MD5 to the required list of Perl modules, this is 
needed
  for the watermarking code.
3 Added optional image to the clean message signature. You can also use this
  to add an arbitrary image attachment to any message, if you so wish. The
  main point is to be able to have graphical HTML signatures on messages.
  The settings are
  Attach Image To Signature = no
  Attach Image To HTML Message Only = yes
  Signature Image Filename = %report-dir%/sig.jpg
  Signature Image <img> Filename = signature.jpg
4 Added support for Kaspersky kav4fs. Set virus.scanners.conf entry to
  point to /opt/kaspersky.
4 Changed default value to "Max SpamAssassin Size = 100k" as modern PDF 
spams
  are getting quite large, and PDFInfo.pm doesn't work with cropped 
messages.
4 Improved Clamd parser to handle Sane Security ClamAV signature databases
  which detect spam and so on from the contents of the headers, and hence
  find infections without attachment filenames. Thanks to various people for
  help with this, you know who you are :-)
4 Improved upgrade_MailScanner_conf so that it checks that the 'Monitors for
  ClamAV Updates' setting looks for inc and cvd files. Problems have 
recently
  been suffered by many due to the value of this setting being out of date.
  It doesn't automatically re-write their setting in case they have 
installed
  ClamAV somewhere odd and have customised it.
4 Changed 'Monitors for Sophos Updates' setting default value to point to
  appropriate file for Sophos version 5 and upwards, and have added check
  in upgrade_MailScanner_conf to ensure their setting now points to a new
  location. It prints a warning if sophos-av does not appear in the path.
4 Added configuration setting "SpamAssassin Rule Actions". This setting is
  very powerful and can be used to implement many things that MCP can do,
  without having the processing overhead of MCP. The documentation for it is
  in the MailScanner.conf file. Its power is limited by your imagination :-)
  Start combining it with rulesets and you can take (or _not_ take) any
  combination of actions dependent on any bit of content in the message 
or its
  headers. You could try out new SA tests by storing in quarantine every
  message that matches a new particular SpamAssassin rule (or meta-rule for
  creating more complex expressions).
5 Added "custom" spam action, which takes a parameter. This is passed 
into the
  CustomAction function in CustomAction.pm in the CustomFunctions directory.
  This can be used to implement anything your heart desires, depending 
on the
  contents of a message.
7 When clamav, clamavmodule or clamd parsers are being used and new setting
  "ClamAV Full Message Scan" is set to "yes", pass each of the entire
  messages to ClamAV as well as the attachments so that the signatures that
  detect spam can work reliably. This is set to "no" be default as it has a
  speed impact.
7 The watermark options have been tweaked and renamed a bit, and one new
  feature has been added. "upgrade_MailScanner_conf" will show you the 
renames
  and the new feature is designed to save resources on sites with more than
  1 MailScanner. Currently, if you have a message delivered to a 
secondary MX
  (with MailScanner) which relays mail to the primary MX (also with
  MailScanner) for delivery to users' mailboxes, the spam checks will be
  done twice; this is a waste of resources. The new setting "Check 
Watermarks
  To Skip Spam Checks = yes" will remove this waste by skipping the spam
  checks on the primary MX as the secondary has already done them.
7 "Virus Scanners = auto" will detect multiple types of ClamAV installed and
  tend towards the most useful one. It will use clamd else clamavmodule else
  clamav. This helps if you have all 3 installed, which is quite likely.
8 Greatly improved "MailScanner --lint". It now actually tests every virus
  scanner that you have installed, and checks that they can successfully 
scan
  a message containing the Eicar test-virus pattern. It reports the results
  from each scanner and warns you about checking any that are not reported.
9 Added check to "MailScanner --lint" to check envelope_sender_header in
  spam.assassin.prefs.conf is correct and matches MailScanner.conf.
9 Added new setting "Use Watermarking = yes" to give overall control of all
  watermarking features.

* Fixes *
2-2 Fixed error in RPM installer.
2-3 Fixed error in update_spamassassin.
3-2 The watermarking code should do something now :-)
3-3 Rewrote the watermarking docs so they reflect the truth.
4   --lint now reads all the Custom Functions properly.
4   Bug in auto-zip fixed where attachments could be deleted without being
    added to zip. Thanks to Matt Hampton.
4   Bug with '-' in HTML attribute names confusing phishing net fixed. 
Thanks
    to John Wilcock.
5   Fixed 2 bugs in MSRBL clamav-signature handler. Thanks to UxBoD.
6   Fixed bug from October 2006 involving McAfee finding infections in 
headers.
7   Fixed bug when unpacking TNEF files with external decoder.
7   Fixed 'monitor files' check in upgrade_MailScanner_conf so it 
doesn't check
    inadvertently when doing an upgrade_languages_conf.
7-3 Fixed bug in full message file creation in scanning dir as permissions
    were wrong.
9   Added use POSIX to top of MessageBatch.pm so WNOHANG is defined.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGr6MxEfZZRxQVtlQRAvyFAKDXxb2x96bxiV+oQgYhMYrnhzUw5gCfXI1m
hEfYtogRPhdHzVFDEaLY688=
=nqu3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner-announce mailing list