ANNOUNCE: Beta 4.25-7 released

Julian Field mailscanner at ecs.soton.ac.uk
Fri Nov 14 16:24:41 GMT 2003


Try this patch to Quarantine.pm

--- Quarantine.pm.old      2003-11-07 12:30:39.000000000 +0000
+++ Quarantine.pm       2003-11-14 16:23:55.000000000 +0000
@@ -158,7 +158,7 @@
    my $this = shift;
    my($message) = @_;

-  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner);
+  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner, @chownlist);

    # Create today's directory if necessary
    #$todaydir = $this->{dir} . '/' . TodayDir();
@@ -193,10 +193,11 @@
      #print STDERR "Saving entire message to $msgdir\n";
      MailScanner::Log::InfoLog("Saved entire message to $msgdir");
      $message->{store}->CopyEntireMessage($message, $msgdir, 'message');
+    push @chownlist, "$msgdir/message" if -f "$msgdir/message";
    }

    # Now just quarantine the infected attachment files.
-  my($indir, $attachment, $report, @chownlist);
+  my($indir, $attachment, $report);
    $indir = $global::MS->{work}->{dir} . '/' . $message->{id};
    while(($attachment, $report) = each %{$message->{allreports}}) {
      # Skip reports pertaining to entire message, we've done those.

At 15:36 14/11/2003, you wrote:
>Hi Julian,
>
>Think I've found the problem.
>
>I've added a InfoLog near the end of the constructor in Quarantine.pm which
>displays $this-> uid, gid, fileumask and dirumask, in the logs I get:
>
>Nov 14 15:11:24 mailscanner MailScanner[27337]: Quarantine File/Dir
>Permissions:  uid=48 gid=48 fileumask=79, dirumask=7
>
>I sent myself a blocked attachment from home - here is what I get:
>
>/var/spool/MailScanner/quarantine/20031114
>  drwxrwx---    2 apache   apache       4096 Nov 14 15:21 hAEFL1VN028041
>
>/var/spool/MailScanner/quarantine/20031114/hAEFL1VN028041
>  -rw-rw----    1 root     root         1328 Nov 14 15:21 message  <---
>Incorrect
>  -rw-rw----    1 apache   apache          0 Nov 14 15:21 test.trap.crap.vbs
>
>The same thing seems to happen to spam messages as well - I've had a good
>look through Message.pm but I really can't work out why it's isn't working
>on the message/rfc822 message files.
>
>Kind regards,
>Steve.
>
>-----Original Message-----
>From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>Sent: 14 November 2003 14:55
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>
>
>Hi Julian,
>
>I've changed 'Quarantine User = apache' and restarted MailScanner, I'm still
>getting:
>
>-rw-rw----    1 root     root         2108 Nov 14 14:44 hxxxxxxxxxxxxx
>
>I'll add some debug to see if I can find out what it going on.
>
>Regards,
>Steve.
>
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: 14 November 2003 14:16
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>
>
>At 12:58 14/11/2003, you wrote:
> >One final thing - I'm trying to get the new Quarantine Permissions
> >features to work with MailWatch.
> >
> >I've set:
> >
> >Run As User: root
> >Run As Group: root
> >Quarantine User: root
> >Quarantine Group: apache
> >Quarantine Permissions: 0660
> >
> >And I get:
> >
> >-rw-rw----    1 root     root         2057 Nov 14 12:36 hxxxxxxxxxxxxx
> >                                  ^^^^
> >
> >Bug? - or have I done something wrong?
>
>I've just tried it here with the same settings and it works fine. Can you
>change the Quarantine User at all?
>
>
>
> >Kind regards,
> >Steve.
> >
> >-----Original Message-----
> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> >Sent: 14 November 2003 12:42
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
> >
> >
> >Further to this:
> >
> >I should've mentioned that I upgraded to clamav-0.65 at the same time
> >and installed the Mail::ClamAV module as well.
> >
> >So after upgrading I had:
> >
> >Virus Scanners = sophossavi clamavmodule
> >
> >Which is when I started to get the log messages as below - reverting
> >back to using the 'clamav' command-line scanner seems to fix the
> >problem and get the messages delivered.
> >
> >Kind regards,
> >Steve.
> >
> >-----Original Message-----
> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> >Sent: 14 November 2003 12:37
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
> >
> >
> >Hi Julian,
> >
> >Just upgraded - bit of a problem now - keep seeing this in the log:
> >
> >Nov 14 12:33:42 mailscanner MailScanner[14138]: Your
> >virus.scanners.conf file does not  have 3 words on each line. See if
> >you  have an old one left over by mistake.
> >
> >/etc/MailScanner/virus.scanners.conf:
> >
> >antivir         /usr/lib/MailScanner/antivir-wrapper    /usr/lib/AntiVir
> >bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
> >clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
> >command         /usr/lib/MailScanner/command-wrapper    /usr
> >etrust          /usr/lib/MailScanner/etrust-wrapper
>/opt/eTrustAntivirus
> >f-prot          /usr/lib/MailScanner/f-prot-wrapper     /usr/local/f-prot
> >f-secure        /usr/lib/MailScanner/f-secure-wrapper   /opt/f-secure/fsav
> ><<snip>>
> >
> >And nothing is being delivered!!
> >
> >Kind regards,
> >Steve.
> >
> >
> >-----Original Message-----
> >From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
> >Sent: 14 November 2003 11:49
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: ANNOUNCE: Beta 4.25-7 released
> >
> >
> >Morning all,
> >
> >I've just released the latest beta/unstable version 4.25-7.
> >
> >Main addition since the last beta is the addition of support for the
> >ClamAV perl module, which means no external programs have to be started
> >every time ClamAV is invoked. Should be noticeably faster.
> >
> >There also a whole bunch of other fixes and additions, which are
> >detailed in the ChangeLog included below.
> >
> >Expect a stable release soon, but please do test this version and check
> >that it works okay. Thanks!
> >
> >Download as usual from www.mailscanner.info
> >
> >ChangeLog for 4.25:
> >
> >* New Features and Improvements *
> >- Panda version 7.0 supported.
> >- Added dependency on Net::CIDR module so could add support for more
> >ways
>of
> >    specifying IP ranges in rulesets. Can now do all of:
> >          152.78.
> >          /^152\.78/
> >          152.78.0.0/16
> >          152.78.0.0-152.78.255.255
> >- Added support for "disarm" option on all HTML tag detectors, which will
> >    disarm those tags while leaving the rest of the HTML intact.
> >- Added support for retrieving configuration from LDAP.
> >- Changed SpamAssassin timeout handler to kill processes and not
> >process group.
> >- Added support for changing uid, gid and permissions of both Incoming Work
> >    Dir and Quarantine Dir.
> >- Improved ClamAV parser to handle errors printed when processing viruses
> >    containing corrupted zip files.
> >- Improved documentation in virus.scanners.conf.
> >- Improved documentation of "disarm" configuration settings.
> >- Added optimisation to LDAP ruleset compiler that identifies 1-line
> >rulesets
> >    which hold the default value.
> >- Added support for Mail::ClamAV perl module, enabling ClamAV to scan
> >without
> >    having to call any external programs at all.
> >
> >* Fixes*
> >- RPM distribution install.sh script now checks and creates pod2text
> >properly.
> >- Fixed bug whereby the same message files could be deleted more than once,
> >    which could delete unprocessed messages using MTAs that name files
>after
> >    the inode and not the time.
> >- Syslogging should now start successfully on all versions of Solaris
> >and IRIX.
> >- Bug fix in Postfix file handling code from Stefan Baltus which will
> >    hopefully patch up the last Solaris Postfix problem.
> >- Fixed bug that broke rulesets in earlier betas.
> >
> >
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> >
> >--
> >This email and any files transmitted with it are confidential and
> >intended solely for the use of the individual or entity to whom they
> >are addressed. If you have received this email in error please notify
> >the sender and delete the message from your mailbox.
> >
> >This footnote also confirms that this email message has been swept by
> >MailScanner (www.mailscanner.info) for the presence of computer
> >viruses.
> >
> >--
> >This email and any files transmitted with it are confidential and
> >intended solely for the use of the individual or entity to whom they
> >are addressed. If you have received this email in error please notify
> >the sender and delete the message from your mailbox.
> >
> >This footnote also confirms that this email message has been swept by
> >MailScanner (www.mailscanner.info) for the presence of computer
> >viruses.
> >
> >--
> >This email and any files transmitted with it are confidential and
> >intended solely for the use of the individual or entity to whom they
> >are addressed. If you have received this email in error please notify
> >the sender and delete the message from your mailbox.
> >
> >This footnote also confirms that this email message has been swept by
> >MailScanner (www.mailscanner.info) for the presence of computer
> >viruses.
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>
>--
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the sender and delete
>the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>--
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the sender and delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654



More information about the MailScanner mailing list