MailScanner ANNOUNCE: Stable release 4.63.7

Julian Field MailScanner at ecs.soton.ac.uk
Sat Sep 1 16:11:41 IST 2007


I have just released the latest stable version 4.63.7.

The major new changes this month are

--  Support for F-Prot version 6, usable by specifying "Virus Scanners = 
f-prot-6".
--  "Phishing Bad Sites File": this is a file which you are recommended 
to update hourly which contains a list of manually tested compromised 
web sites being actively used in phishing fraud attacks. This list is 
being continually modified.
--  Improvements to the "SpamAssassin Rule Actions" so you can easily 
implement as many different levels of spam actions as you want, all in 1 
line.
--  "Include Binary Attachments In SpamAssassin" which can be used to 
tell SpamAssassin to search all attachments, including binary files such 
as Word documents. Off by default as it has a slight speed impact on 
SpamAssassin.
--  "Check Filenames In Password-Protected Archives" so that the 
filename checks can be suppressed on encrypted archives to allow a few 
people to get exe's and other dangerous files for their job, without 
them having to suppress filename checks as well as allow 
password-protected archives. On by default.

Download as usual from www.mailscanner.info.

The full Change Log is this:

* New Features and Improvements *
1 Improved init.d script, so that 'service MailScanner restart' or
  '/etc/init.d/MailScanner restart' runs faster. It pauses for just long
  enough for the old MailScanner to die gracefully, and starts up the 
new one
  as soon as the old one has died. Previously, it just waited for a fixed
  length of time which was much longer than needed for most people.
1 Improved tar installer so the directory created for MailScanner 
includes the
  build revision number as well as the main version number.
1 Improved phishing net logging to log entire real URL not just hostname.
1 Improvement to update_spamassassin to stop cron-generated mail.
1 New setting "Phishing Bad Sites File" which is a live continuously-updated
  list of known bad sites that have been reported to various mechanisms 
around
  the world. Please don't ask me for more information as I can't give it to
  you, but every site on the list has been manually tested and the list 
can be
  relied upon. Your installation should update this file every hour.
  NOTE: Run upgrade_languages_conf after installing this upgrade!
2 Reduce default "Restart Every" time to 2 hours so that updates to the
  known bad phishing sites list are re-read more frequently.
2 Added *.fdf to the list of dangerous filenames. Opening a .fdf file can
  cause the loading of any file on the internet into Adobe Acrobat.
2 Added 2 new variables to the sender reports: $size = size of message 
in bytes
  and $maxmessagesize = maximum allowed size of this message in bytes.
2 Added new setting "Check Filenames In Password-Protected Archives = 
yes" so
  that the filename checks can be suppressed on encrypted archives to allow
  a few people to get exe's and so on through the mail as part of their
  business needs. Normally leave this setting at "yes".
2 Added new setting "Include Binary Attachments In SpamAssassin = no" which
  can be used to tell SpamAssassin to look at all attachments, not just the
  ones containing text (or HTML, etc) which is its normal behaviour.
  Changing this setting to "yes" will have no effect without a patch to the
  SpamAssassin code, which you can fetch from
  http://www.mailscanner.info/mcp.html#patches
  It will slightly slow down SpamAssassin some of the time, and is therefore
  disabled by default.
  This can be very useful if you want to look for rude or derogatory content
  in messages, and do not want the huge speed impact of using MCP. It can
  successfully scan the content of Microsoft Word documents, for example. It
  won't be effective on PDF files however, as these are compressed 
internally
  so there is no readable text anywhere in the file.
3 Added a long $PATH to f-prot-autoupdate so we can find wget on most OS-es
  including Solaris.
3 Improved Sophos.install to disable the savupdate cron job and switch off
  the unwanted Sophos services.
3 Added a feature to the "SpamAssassin Rule Actions". You can now specify
  "SpamScore" and a number comparison, instead of just giving a SpamAssassin
  rule name. So you can say
  SpamAssassin Rule Actions = SpamScore>25=>delete
  and this will cause all messages scoring over 25 to be deleted. You 
can use
  this to set different actions at different spam scores, in addition to the
  normal spam actions and high-scoring spam actions. The numerical tests you
  can use are ">", ">=", "==", "<=" and "<".
4 The "action" in each "RULE=>action" in "SpamAssassin Rule Actions" can now
  be a comma-separated list of actions, so you can easily specify multiple
  actions per rule.
6 Added support for F-Prot version 6. Must be specified by
  "Virus Scanners = f-prot-6" in MailScanner.conf.

* Fixes *
1 Improvement to phishing net to allow HTML tags with contents split over
  multiple lines.
1 Changed options to ClamAVmodule so it doesn't hit false positives with the
  phishing and scam email detection signatures.
1-2 Fixed bug where --lint gives "MailScanner.conf file not found" error.
2 Stopped writing a PID file when "MailScanner --lint" is run.
2 update_spamassassin no longer produces any output, so no crond email.
2 Fixed bug where clamavmodule scanner name wouldn't always be logged 
correctly.
2 Bugfix in ZMDiskStore.pm ZMailer support from Leonardo Helman.
3 Force installation of perl-Getopt-Long to try to solve the problems with
  command-line options producing 'config file not found' errors.
3 Commented out sample rules in max.message.size.rules file.
3 Fixed MailScanner.conf Sophos-specific settings for Sophos 5.
5 Fixed problem where MTA=sendmail would cause ruleset to not be used on
  Sendmail2 setting.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner-announce mailing list