ANNOUNCE: Beta 4.25-7 released

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Fri Nov 14 16:13:40 GMT 2003


Just tested it here with clamavmodule.  

Clamavmodule Works fine but it did trap an IFrame tag as a virus
Nov 14 10:20:37 dbeauchemin MailScanner[12223]: INFECTED:: Exploit.IFrame.Gen:: ./hAEFKUao012330/message3
Nov 14 10:20:37 dbeauchemin MailScanner[12223]: Virus Scanning: ClamAV Module found 1 infections

As for disarming tags, it doesn't seem to work:
Allow IFrame Tags = disarm
Log IFrame Tags = yes
Allow Form Tags = disarm

Nov 14 11:00:21 dbeauchemin MailScanner[12223]: Virus and Content Scanning: Starting
Nov 14 11:00:21 dbeauchemin MailScanner[12223]: Uninfected: Delivered 1 messages

The message contained an attachment with a FORM that passed through MS:
Content-Disposition: attachment; filename=message2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; name=message2; charset=ISO-8859-15

<title>Bulletin PROFETIC</title>
<body leftmargin=3D"0" topmargin=3D"0" marginwidth=3D"0" marginheight=3D"0">
<form method=3D'GET' action=3D'nouveautes.php3'>
<input type=3D"hidden" name=3D"recalcul" value=3D"oui">
<input type=3D'submit' class=3D'spip_bouton' name=3D'submit' value=3D'Recal=
culer cette page'></form>


I also have mixed results with quarantine permissions and users:
Quarantine User = virusck
Quarantine Group = virusck
Quarantine Permissions = 0640

# ls -l /quarantaine/autres/20031114/hAEFKUao012330
total 8
-rw-r-----    1 root     root         1078 nov 14 10:20 message
-rw-r-----    1 virusck  virusck       162 nov 14 10:20 message3


Le ven 14/11/2003 à 06:49, Julian Field a écrit :
> Morning all,
> I've just released the latest beta/unstable version 4.25-7.
> Main addition since the last beta is the addition of support for the ClamAV
> perl module, which means no external programs have to be started every time
> ClamAV is invoked. Should be noticeably faster.
> There also a whole bunch of other fixes and additions, which are detailed
> in the ChangeLog included below.
> Expect a stable release soon, but please do test this version and check
> that it works okay. Thanks!
> Download as usual from
> ChangeLog for 4.25:
> * New Features and Improvements *
> - Panda version 7.0 supported.
> - Added dependency on Net::CIDR module so could add support for more ways of
>    specifying IP ranges in rulesets. Can now do all of:
>          152.78.
>          /^152\.78/
> - Added support for "disarm" option on all HTML tag detectors, which will
>    disarm those tags while leaving the rest of the HTML intact.
> - Added support for retrieving configuration from LDAP.
> - Changed SpamAssassin timeout handler to kill processes and not process group.
> - Added support for changing uid, gid and permissions of both Incoming Work
>    Dir and Quarantine Dir.
> - Improved ClamAV parser to handle errors printed when processing viruses
>    containing corrupted zip files.
> - Improved documentation in virus.scanners.conf.
> - Improved documentation of "disarm" configuration settings.
> - Added optimisation to LDAP ruleset compiler that identifies 1-line rulesets
>    which hold the default value.
> - Added support for Mail::ClamAV perl module, enabling ClamAV to scan without
>    having to call any external programs at all.
> * Fixes*
> - RPM distribution script now checks and creates pod2text properly.
> - Fixed bug whereby the same message files could be deleted more than once,
>    which could delete unprocessed messages using MTAs that name files after
>    the inode and not the time.
> - Syslogging should now start successfully on all versions of Solaris and IRIX.
> - Bug fix in Postfix file handling code from Stefan Baltus which will
>    hopefully patch up the last Solaris Postfix problem.
> - Fixed bug that broke rulesets in earlier betas.
> --
> Julian Field
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list