ANNOUNCE: Beta 4.25-7 released
Julian Field
mailscanner at ecs.soton.ac.uk
Fri Nov 14 16:27:25 GMT 2003
At 16:13 14/11/2003, you wrote:
>Julian,
>
>Just tested it here with clamavmodule.
>
>Clamavmodule Works fine but it did trap an IFrame tag as a virus
>(weird!):
>Nov 14 10:20:37 dbeauchemin MailScanner[12223]: INFECTED::
>Exploit.IFrame.Gen:: ./hAEFKUao012330/message3
>Nov 14 10:20:37 dbeauchemin MailScanner[12223]: Virus Scanning: ClamAV
>Module found 1 infections
That's a quirk of Clam. It detects IFrames as viruses.
>As for disarming tags, it doesn't seem to work:
>Allow IFrame Tags = disarm
>Log IFrame Tags = yes
>Allow Form Tags = disarm
Did you check the table at the start of "Convert Dangerous HTML to Plain Text"?
>The message contained an attachment with a FORM that passed through MS:
>--=-KHlT6txKqQiTOwvM3PMn
>Content-Disposition: attachment; filename=message2
>Content-Transfer-Encoding: quoted-printable
>Content-Type: text/html; name=message2; charset=ISO-8859-15
>
>=20
><form method=3D'GET' action=3D'nouveautes.php3'>
><input type=3D"hidden" name=3D"recalcul" value=3D"oui">
><input type=3D'submit' class=3D'spip_bouton' name=3D'submit' value=3D'Recal=
>culer cette page'></form>
>
>--=-KHlT6txKqQiTOwvM3PMn--
It probably ignored that as it's an attachment, not a piece of the main
body. I carefully leave HTML attachments alone.
>I also have mixed results with quarantine permissions and users:
>Quarantine User = virusck
>Quarantine Group = virusck
>Quarantine Permissions = 0640
>
># ls -l /quarantaine/autres/20031114/hAEFKUao012330
>total 8
>-rw-r----- 1 root root 1078 nov 14 10:20 message
>-rw-r----- 1 virusck virusck 162 nov 14 10:20 message3
Have just fixed that. See recent post.
>Denis
>
>Le ven 14/11/2003 à 06:49, Julian Field a écrit :
> > Morning all,
> >
> > I've just released the latest beta/unstable version 4.25-7.
> >
> > Main addition since the last beta is the addition of support for the ClamAV
> > perl module, which means no external programs have to be started every time
> > ClamAV is invoked. Should be noticeably faster.
> >
> > There also a whole bunch of other fixes and additions, which are detailed
> > in the ChangeLog included below.
> >
> > Expect a stable release soon, but please do test this version and check
> > that it works okay. Thanks!
> >
> > Download as usual from www.mailscanner.info
> >
> > ChangeLog for 4.25:
> >
> > * New Features and Improvements *
> > - Panda version 7.0 supported.
> > - Added dependency on Net::CIDR module so could add support for more
> ways of
> > specifying IP ranges in rulesets. Can now do all of:
> > 152.78.
> > /^152\.78/
> > 152.78.0.0/16
> > 152.78.0.0-152.78.255.255
> > - Added support for "disarm" option on all HTML tag detectors, which will
> > disarm those tags while leaving the rest of the HTML intact.
> > - Added support for retrieving configuration from LDAP.
> > - Changed SpamAssassin timeout handler to kill processes and not
> process group.
> > - Added support for changing uid, gid and permissions of both Incoming Work
> > Dir and Quarantine Dir.
> > - Improved ClamAV parser to handle errors printed when processing viruses
> > containing corrupted zip files.
> > - Improved documentation in virus.scanners.conf.
> > - Improved documentation of "disarm" configuration settings.
> > - Added optimisation to LDAP ruleset compiler that identifies 1-line
> rulesets
> > which hold the default value.
> > - Added support for Mail::ClamAV perl module, enabling ClamAV to scan
> without
> > having to call any external programs at all.
> >
> > * Fixes*
> > - RPM distribution install.sh script now checks and creates pod2text
> properly.
> > - Fixed bug whereby the same message files could be deleted more than once,
> > which could delete unprocessed messages using MTAs that name files after
> > the inode and not the time.
> > - Syslogging should now start successfully on all versions of Solaris
> and IRIX.
> > - Bug fix in Postfix file handling code from Stefan Baltus which will
> > hopefully patch up the last Solaris Postfix problem.
> > - Fixed bug that broke rulesets in earlier betas.
> >
> >
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>--
>Denis Beauchemin, analyste
>Université de Sherbrooke, S.T.I.
>T: 819.821.8000x2252 F: 819.821.8045
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list