ANNOUNCE: Beta release 4.25-6

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Tue Nov 11 19:42:24 GMT 2003 

Julian,

I cannot get mailscanner-4.25-6 to disarm anything (IFrame or Form): it
just blocks them.

I get the IFrame log but anything else than yes for Allow IFrame Tags or
Allow Form Tags block the message (and nothing is sent to the user
(me)).  My maillog confirms this.

BTW there is an ownership problem in my quarantine directory (I'm not
sure this is what you corrected with an earlier patch):
# l /quarantaine/autres/20031111/hABJaujx007429
total 8
-rw-r-----    1 root     root         1078 nov 11 14:36 message
-rw-r-----    1 virusck  virusck       162 nov 11 14:36 message3

The attachment (message3) is OK but the email itself (message) is not.

I'm running on RH 9 with perl-5.8.0-88.3.

Denis

Le lun 10/11/2003 à 16:06, Denis Beauchemin a écrit :
> Julian,
> 
> Nothing was delivered to the user!  Normal messages are delivered OK.
> 
> Denis
> Le lun 10/11/2003 à 15:58, Julian Field a écrit :
> > At 20:50 10/11/2003, you wrote:
> > >Julian,
> > >
> > >I am testing the new disarming features and they do not seem to work
> > >(they are blocked):
> > >Nov 10 15:41:15 dbeauchemin MailScanner[1993]: New Batch: Scanning 1 
> > >messages, 1579 bytes
> > >Nov 10 15:41:15 dbeauchemin MailScanner[1993]: Spam Checks: Starting
> > >Nov 10 15:41:15 dbeauchemin MailScanner[1993]: Virus and Content Scanning: 
> > >Starting
> > >Nov 10 15:41:16 dbeauchemin MailScanner[1993]: Content Checks: Detected 
> > >HTML-specific exploits in hAAKfE4N002024
> > >Nov 10 15:41:16 dbeauchemin MailScanner[1993]: Content Checks: Found 1 
> > >problems
> > >Nov 10 15:41:16 dbeauchemin MailScanner[1993]: Saved entire message to 
> > >/quarantaine/autres/20031110/hAAKfE4N002024
> > >Nov 10 15:41:16 dbeauchemin MailScanner[1993]: Saved infected "message2" 
> > >to /quarantaine/autres/20031110/hAAKfE4N002024
> > ># cat /quarantaine/autres/20031110/hAAKfE4N002024/message2
> > ><form method='GET' action='nouveautes.php3'>
> > ><input type="hidden" name="recalcul" value="oui">
> > ><input type='submit' class='spip_bouton' name='submit' value='Recalculer 
> > >cette page'></form>
> > >
> > >Now for my MS settings:
> > >Silent Viruses = All-Viruses HTML-IFrame HTML-Codebase HTML-Form
> > >Allow Form Tags = disarm
> > >
> > >I was initially using a ruleset for the Allow Form Tags but it wasn't
> > >working...  I simplified it a bit but still no go.
> > 
> > The point of the quarantine is that it should be an untouched copy of the 
> > original message. Check what was delivered to the user, not what was stored 
> > in the quarantine.
> > 
> > 
> > >Denis
> > >
> > >Le ven 07/11/2003 à 09:47, Julian Field a écrit :
> > > > Folks,
> > > >
> > > > I have added support for changing the uid, gid and permissions on files and
> > > > directories within the quarantine area and "incoming work dir" temporary
> > > > files area.
> > > >
> > > > I would appreciate it if people could try it out on their own favourite MTA
> > > > and confirm if it all works okay.
> > > >
> > > > This release also includes the ClamAV parsing improvement from a couple of
> > > > days ago.
> > > >
> > > > Download, as usual, from www.mailscanner.info.
> > > >
> > > > ChangeLog is this:
> > > >
> > > > 7/11/2003 New in Version 4.25-6
> > > > ===============================
> > > > * New Features and Improvements *
> > > > - Panda version 7.0 supported.
> > > > - Added dependency on Net::CIDR module so could add support for more 
> > > ways of
> > > >    specifying IP ranges in rulesets. Can now do all of:
> > > >          152.78.
> > > >          /^152\.78/
> > > >          152.78.0.0/16
> > > >          152.78.0.0-152.78.255.255
> > > > - Added support for "disarm" option on all HTML tag detectors, which will
> > > >    disarm those tags while leaving the rest of the HTML intact.
> > > > - Added support for retrieving configuration from LDAP.
> > > > - Changed SpamAssassin timeout handler to kill processes and not 
> > > process group.
> > > > - Added support for changing uid, gid and permissions of both Incoming Work
> > > >    Dir and Quarantine Dir.
> > > > - Improved ClamAV parser to handle errors printed when processing viruses
> > > >    containing corrupted zip files.
> > > >
> > > > * Fixes*
> > > > - RPM distribution install.sh script now checks and creates pod2text 
> > > properly.
> > > > - Fixed bug whereby the same message files could be deleted more than once,
> > > >    which could delete unprocessed messages using MTAs that name files after
> > > >    the inode and not the time.
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > MailScanner thanks transtec Computers for their support
> > > >
> > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> > >--
> > >Denis Beauchemin, analyste
> > >Université de Sherbrooke, S.T.I.
> > >T: 819.821.8000x2252 F: 819.821.8045
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list