ANNOUNCE: Beta 4.23-8 released

Julian Field mailscanner at ecs.soton.ac.uk
Thu Aug 28 12:23:50 IST 2003 

I have just released 4.23-8.
Note that this is a beta release and is not intended for production use.
However, I would be grateful if you could try it out and let me know about
anything that is wrong.

It should include all outstanding fixes except one I'm working on for Tony
Finch (it's not critical).

Download as usual from www.mailscanner.info.

The ChangeLog for 4.23 now looks like this:

28/8/2003 New in Version 4.23-8
===============================
* New Features and Improvements *
- Improved error detection in bitdefender-autoupdate.
- Added 5 minute timeout to clamav-autoupdate.
- Messages bigger than the max SA testing size are now checked by SA, just
   only the first n bytes of the message will be checked.
- Logging now handles syslog-ng better, as it will attempt to re-open the
   syslog connection if it dies while logging to it.
- Better mcafee-autoupdate script from Tony Finch. Allows non-root user
   more easily, and can delete old files if you want it to.
- Implemented special "silent viruses" list keyword "All-Viruses" which matches
   the name of any virus. This means you can make messages silent which contain
   just viruses and none (or a combination) of the HTML hacks that are
detected.
- Implemented "Use Default Rules With Multiple Recipients" configuration
   option to force predictable results when faced with a message with multiple
   recipients who have conflicting user preferences.
- Now check that at least 1 file matches all of the filename patterns
   specified in "Monitors For Sophos Updates".
- Implemented various new parameters so that messages which only have
   dangerous content, and nothing else wrong with them, get a "dangerous
   content" warning rather than a "virus" warning.
- "Include Scanner Name In Reports" now also includes the name "MailScanner"
   at the start of the report lines that come from MailScanner's own
   internal filename, filetype and content checks. The exact wording used can
   be customised in languages.conf.
- Added support for eTrust Antivirus. Assumes installation directory of
   /opt/eTrustAntivirus as recommended by their AdminGuide manual.
- Improved handling of Allowed Sophos Error Messages. To allow more than 1
   string, put each string in quotes and separate them with commas. For example
   Allowed Sophos Error Messages = "corrupt", "format not supported"
- Added ZMailer support to RedHat init.d script.
- All virus scanner package installation paths have been moved to
   virus.scanners.conf so they are not in any of the wrapper or autoupdate
   scripts.
   *NOTE*: If you are not using my "update_virus_scanners" global updater
   *NOTE*: script, but have written your own cron jobs, then you must add
   *NOTE*: the installation path to the autoupdate commands. To see the
   *NOTE*: default path, read virus.scanners.conf.
   *NOTE*: If you don't do this, your autoupdates may not work.
- Added "Definite Spam Is High Scoring" configuration option so that spam
   that is blacklisted is treated using the "High Scoring Spam Actions".
- Improved SuSE init.d script handles sendmail and Postfix.
   It will handle Exim once I can get it to build.
- Changed default path of lockfile in update_virus_scanners so it is more
   compatible with systems that don't have /var/lock.
- Added comment about virus.scanners.conf file to MailScanner.conf.
- Improved ClamAV wrapper so it safely attempts extra command-line flags.
- Added Text Content Protection (TCP) system to be able to quarantine
   messages that contain banned content in text and/or HTML sections. This
   has produced a whole new section in MailScanner.conf with stacks of
   configuration settings.
- Produced patches for SpamAssassin versions 2.55 and 2.60 that allow TCP
   to scan the contents of non-text attachments, such as Microsoft Word
   documents. See docs/install/tcp/index.html for instructions.
- Improved "Spam Checks" description in MailScanner.conf.
- Improved rav-autoupdate so it fixes RAV permissions for non-root users.
- Added "Virus:" type to things you can use in rulesets so you can do
   stuff like only quarantine particular virus infections and not others.
- Sophos autoupdater now handles Sophos beta releases neatly.
- Added simple F-Secure autoupdate script.
- Added Trend autoupdate script.
- Improved handling of messages containing viruses but no MIME structure.
- Added 3 new options to allow fine-grained control of notifications to
   senders, so that you can notify senders of bad filenames but not
   viruses, for example. The 3 new settings are:
   Notify Senders Of Blocked Filenames Or Filetypes
   Notify Senders Of Other Blocked Content
   Notify Senders Of Viruses
- Renamed TCP to MCP (Message Content Protection).

* Fixes *
- Corrected minor typo in check_MailScanner cron job.
- Corrected typo in SweepOther.pm.
- Corrected handling of non-archives in kavdaemonclient scanner.
- SQL Logging code now translates '' into 'NULL' before inserting into table.
- Corrected minor bug in safe filename logging in CustomConfig.pm.
- Fixed bug in RAV output handling.
- Fixed bug in RAV directory traversal by improving wrapper script.
- Fixed bug in RBL result processing when RBL returns 127.0.0.10.
- Fixed bug in Exim handling of client IP address.
- Fixed bug in Command anti-virus detecting viruses in zip files.
- Fixed bug in DoS-attack handling code.
* Still outstanding: Tony Finch's "MIME-handling bug" problem to fix.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list