ANNOUNCE: Beta 4.25-7 released

Julian Field mailscanner at ecs.soton.ac.uk
Fri Nov 14 16:33:47 GMT 2003


And for good measure, because I screwed up that patch, add this one
afterwards as well:

--- Quarantine.pm.old      2003-11-14 16:28:17.000000000 +0000
+++ Quarantine.pm       2003-11-14 16:31:02.000000000 +0000
@@ -192,7 +192,8 @@
        MailScanner::Config::Value('quarantinewholemessage',$this) =~ /1/) {
      #print STDERR "Saving entire message to $msgdir\n";
      MailScanner::Log::InfoLog("Saved entire message to $msgdir");
-    $message->{store}->CopyEntireMessage($message, $msgdir, 'message');
+    $message->{store}->CopyEntireMessage($message, $msgdir, 'message',
+                                         $uid, $gid, $changeowner);
      push @chownlist, "$msgdir/message" if -f "$msgdir/message";
    }

Should actually work this time!
Oh how I love Friday afternoons. Time to go home...

At 16:24 14/11/2003, you wrote:
>Try this patch to Quarantine.pm
>
>--- Quarantine.pm.old      2003-11-07 12:30:39.000000000 +0000
>+++ Quarantine.pm       2003-11-14 16:23:55.000000000 +0000
>@@ -158,7 +158,7 @@
>    my $this = shift;
>    my($message) = @_;
>
>-  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner);
>+  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner, @chownlist);
>
>    # Create today's directory if necessary
>    #$todaydir = $this->{dir} . '/' . TodayDir();
>@@ -193,10 +193,11 @@
>      #print STDERR "Saving entire message to $msgdir\n";
>      MailScanner::Log::InfoLog("Saved entire message to $msgdir");
>      $message->{store}->CopyEntireMessage($message, $msgdir, 'message');
>+    push @chownlist, "$msgdir/message" if -f "$msgdir/message";
>    }
>
>    # Now just quarantine the infected attachment files.
>-  my($indir, $attachment, $report, @chownlist);
>+  my($indir, $attachment, $report);
>    $indir = $global::MS->{work}->{dir} . '/' . $message->{id};
>    while(($attachment, $report) = each %{$message->{allreports}}) {
>      # Skip reports pertaining to entire message, we've done those.
>
>At 15:36 14/11/2003, you wrote:
>>Hi Julian,
>>
>>Think I've found the problem.
>>
>>I've added a InfoLog near the end of the constructor in Quarantine.pm which
>>displays $this-> uid, gid, fileumask and dirumask, in the logs I get:
>>
>>Nov 14 15:11:24 mailscanner MailScanner[27337]: Quarantine File/Dir
>>Permissions:  uid=48 gid=48 fileumask=79, dirumask=7
>>
>>I sent myself a blocked attachment from home - here is what I get:
>>
>>/var/spool/MailScanner/quarantine/20031114
>>  drwxrwx---    2 apache   apache       4096 Nov 14 15:21 hAEFL1VN028041
>>
>>/var/spool/MailScanner/quarantine/20031114/hAEFL1VN028041
>>  -rw-rw----    1 root     root         1328 Nov 14 15:21 message  <---
>>Incorrect
>>  -rw-rw----    1 apache   apache          0 Nov 14 15:21 test.trap.crap.vbs
>>
>>The same thing seems to happen to spam messages as well - I've had a good
>>look through Message.pm but I really can't work out why it's isn't working
>>on the message/rfc822 message files.
>>
>>Kind regards,
>>Steve.
>>
>>-----Original Message-----
>>From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>>Sent: 14 November 2003 14:55
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>>
>>
>>Hi Julian,
>>
>>I've changed 'Quarantine User = apache' and restarted MailScanner, I'm still
>>getting:
>>
>>-rw-rw----    1 root     root         2108 Nov 14 14:44 hxxxxxxxxxxxxx
>>
>>I'll add some debug to see if I can find out what it going on.
>>
>>Regards,
>>Steve.
>>
>>
>>-----Original Message-----
>>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>>Sent: 14 November 2003 14:16
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>>
>>
>>At 12:58 14/11/2003, you wrote:
>> >One final thing - I'm trying to get the new Quarantine Permissions
>> >features to work with MailWatch.
>> >
>> >I've set:
>> >
>> >Run As User: root
>> >Run As Group: root
>> >Quarantine User: root
>> >Quarantine Group: apache
>> >Quarantine Permissions: 0660
>> >
>> >And I get:
>> >
>> >-rw-rw----    1 root     root         2057 Nov 14 12:36 hxxxxxxxxxxxxx
>> >                                  ^^^^
>> >
>> >Bug? - or have I done something wrong?
>>
>>I've just tried it here with the same settings and it works fine. Can you
>>change the Quarantine User at all?
>>
>>
>>
>> >Kind regards,
>> >Steve.
>> >
>> >-----Original Message-----
>> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>> >Sent: 14 November 2003 12:42
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
>> >
>> >
>> >Further to this:
>> >
>> >I should've mentioned that I upgraded to clamav-0.65 at the same time
>> >and installed the Mail::ClamAV module as well.
>> >
>> >So after upgrading I had:
>> >
>> >Virus Scanners = sophossavi clamavmodule
>> >
>> >Which is when I started to get the log messages as below - reverting
>> >back to using the 'clamav' command-line scanner seems to fix the
>> >problem and get the messages delivered.
>> >
>> >Kind regards,
>> >Steve.
>> >
>> >-----Original Message-----
>> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>> >Sent: 14 November 2003 12:37
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
>> >
>> >
>> >Hi Julian,
>> >
>> >Just upgraded - bit of a problem now - keep seeing this in the log:
>> >
>> >Nov 14 12:33:42 mailscanner MailScanner[14138]: Your
>> >virus.scanners.conf file does not  have 3 words on each line. See if
>> >you  have an old one left over by mistake.
>> >
>> >/etc/MailScanner/virus.scanners.conf:
>> >
>> >antivir         /usr/lib/MailScanner/antivir-wrapper    /usr/lib/AntiVir
>> >bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
>> >clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
>> >command         /usr/lib/MailScanner/command-wrapper    /usr
>> >etrust          /usr/lib/MailScanner/etrust-wrapper
>>/opt/eTrustAntivirus
>> >f-prot          /usr/lib/MailScanner/f-prot-wrapper     /usr/local/f-prot
>> >f-secure        /usr/lib/MailScanner/f-secure-wrapper   /opt/f-secure/fsav
>> ><<snip>>
>> >
>> >And nothing is being delivered!!
>> >
>> >Kind regards,
>> >Steve.
>> >
>> >
>> >-----Original Message-----
>> >From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>> >Sent: 14 November 2003 11:49
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: ANNOUNCE: Beta 4.25-7 released
>> >
>> >
>> >Morning all,
>> >
>> >I've just released the latest beta/unstable version 4.25-7.
>> >
>> >Main addition since the last beta is the addition of support for the
>> >ClamAV perl module, which means no external programs have to be started
>> >every time ClamAV is invoked. Should be noticeably faster.
>> >
>> >There also a whole bunch of other fixes and additions, which are
>> >detailed in the ChangeLog included below.
>> >
>> >Expect a stable release soon, but please do test this version and check
>> >that it works okay. Thanks!
>> >
>> >Download as usual from www.mailscanner.info
>> >
>> >ChangeLog for 4.25:
>> >
>> >* New Features and Improvements *
>> >- Panda version 7.0 supported.
>> >- Added dependency on Net::CIDR module so could add support for more
>> >ways
>>of
>> >    specifying IP ranges in rulesets. Can now do all of:
>> >          152.78.
>> >          /^152\.78/
>> >          152.78.0.0/16
>> >          152.78.0.0-152.78.255.255
>> >- Added support for "disarm" option on all HTML tag detectors, which will
>> >    disarm those tags while leaving the rest of the HTML intact.
>> >- Added support for retrieving configuration from LDAP.
>> >- Changed SpamAssassin timeout handler to kill processes and not
>> >process group.
>> >- Added support for changing uid, gid and permissions of both Incoming Work
>> >    Dir and Quarantine Dir.
>> >- Improved ClamAV parser to handle errors printed when processing viruses
>> >    containing corrupted zip files.
>> >- Improved documentation in virus.scanners.conf.
>> >- Improved documentation of "disarm" configuration settings.
>> >- Added optimisation to LDAP ruleset compiler that identifies 1-line
>> >rulesets
>> >    which hold the default value.
>> >- Added support for Mail::ClamAV perl module, enabling ClamAV to scan
>> >without
>> >    having to call any external programs at all.
>> >
>> >* Fixes*
>> >- RPM distribution install.sh script now checks and creates pod2text
>> >properly.
>> >- Fixed bug whereby the same message files could be deleted more than once,
>> >    which could delete unprocessed messages using MTAs that name files
>>after
>> >    the inode and not the time.
>> >- Syslogging should now start successfully on all versions of Solaris
>> >and IRIX.
>> >- Bug fix in Postfix file handling code from Stefan Baltus which will
>> >    hopefully patch up the last Solaris Postfix problem.
>> >- Fixed bug that broke rulesets in earlier betas.
>> >
>> >
>> >
>> >--
>> >Julian Field
>> >www.MailScanner.info
>> >MailScanner thanks transtec Computers for their support
>> >
>> >PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>> >
>> >--
>> >This email and any files transmitted with it are confidential and
>> >intended solely for the use of the individual or entity to whom they
>> >are addressed. If you have received this email in error please notify
>> >the sender and delete the message from your mailbox.
>> >
>> >This footnote also confirms that this email message has been swept by
>> >MailScanner (www.mailscanner.info) for the presence of computer
>> >viruses.
>> >
>> >--
>> >This email and any files transmitted with it are confidential and
>> >intended solely for the use of the individual or entity to whom they
>> >are addressed. If you have received this email in error please notify
>> >the sender and delete the message from your mailbox.
>> >
>> >This footnote also confirms that this email message has been swept by
>> >MailScanner (www.mailscanner.info) for the presence of computer
>> >viruses.
>> >
>> >--
>> >This email and any files transmitted with it are confidential and
>> >intended solely for the use of the individual or entity to whom they
>> >are addressed. If you have received this email in error please notify
>> >the sender and delete the message from your mailbox.
>> >
>> >This footnote also confirms that this email message has been swept by
>> >MailScanner (www.mailscanner.info) for the presence of computer
>> >viruses.
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>>
>>--
>>This email and any files transmitted with it are confidential and intended
>>solely for the use of the individual or entity to whom they are addressed.
>>If you have received this email in error please notify the sender and delete
>>the message from your mailbox.
>>
>>This footnote also confirms that this email message has been swept by
>>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>>
>>--
>>This email and any files transmitted with it are confidential and
>>intended solely for the use of the individual or entity to whom they
>>are addressed. If you have received this email in error please notify
>>the sender and delete the message from your mailbox.
>>
>>This footnote also confirms that this email message has been swept by
>>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654



More information about the MailScanner mailing list