ANNOUNCE: Security release 3.22-14

Julian Field mailscanner at ecs.soton.ac.uk
Thu Sep 12 22:45:49 IST 2002


I have just released version 3.22-14.

This is a security release, and addresses the problem recently highlighted
on the Bugtraq involving fragmented or partial messages. This type of
message can be easily created by Microsoft Outlook Express, and can be used
to bypass many e-mail scanning systems. Many thanks to Tal Kelrich for
bringing this to my attention!

RPM Users
========
If you use the RPM distribution, just apply the new RPM and the 2 parts of
the fix will be automatically installed
for you.

Tar Users
=======
If you use the tar distribution, please note that there is a new patch file
"mime-tools-patch2.txt" which must also be applied to the MIME-tools module
version 5.411. This is separate from the "mime-tools-patch.txt" previously
released. Please read the file docs/install/perl.shtml for links to these
patches.
If you don't know how to apply patches, please read the documentation
supplied with the "patch" command. As an example, if you are in the right
directory in your Perl distribution (usually below the "site_perl"
directory) then the command
        patch -p0 < mime-tools-patch2.txt
is similar to the command you will need. If you still need more help
applying patches, then I suggest you ask a source of Unix assistance, as I
cannot afford to help you all with this.
In the end of the day, patch files are only plain text files and you can
apply the changes by hand with a text editor.

You can download the new versions, as usual, from
        www.mailscanner.info
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list