ANNOUNCE: Beta 4.25-7 released

Steve Freegard steve.freegard at LBSLTD.CO.UK
Fri Nov 14 16:53:38 GMT 2003


Julian,

It is working for these now:

[root at mailscanner hAEGmvHs002312]# pwd
/var/spool/MailScanner/quarantine/20031114/hAEGmvHs002312
[root at mailscanner hAEGmvHs002312]# ls -al
total 64
drwxrwx---    2 apache   apache       4096 Nov 14 16:49 .
drwxrwx---   15 root     apache       4096 Nov 14 16:49 ..
-rw-rw----    1 apache   apache      31272 Nov 14 16:49 message
-rw-rw----    1 apache   apache      22175 Nov 14 16:49 message.zip

But not for these:

[root at mailscanner spam]# pwd
/var/spool/MailScanner/quarantine/20031114/spam
[root at mailscanner spam]# ls -al
-rw-rw----    1 root     root         1274 Nov 14 16:48 hAEGmdHs002297
-rw-rw----    1 root     root        31272 Nov 14 16:49 hAEGmvHs002312
-rw-rw----    1 root     root         1215 Nov 14 16:50 hAEGohHs002458
-rw-rw----    1 root     root         1792 Nov 14 16:51 hAEGpIHs002493
-rw-rw----    1 root     root         3190 Nov 14 16:51 hAEGpiHs002536

And I've double-checked for typo's before posting this time ;-))

Kind regards,
Steve.

-----Original Message-----
From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
Sent: 14 November 2003 16:42
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ANNOUNCE: Beta 4.25-7 released


Ignore me - I should learn to type properly....

>>> Oh how I love Friday afternoons. Time to go home...

I'll second that!

-----Original Message-----
From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
Sent: 14 November 2003 16:41
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ANNOUNCE: Beta 4.25-7 released


I've just added the changed the lines by hand (couldn't get patch to work by
pasting the e-mail) ... I now get:

[root at mailscanner MailScanner]# service MailScanner start Starting
MailScanner daemons:
         incoming sendmail:                                [  OK  ]
         outgoing sendmail:                                [  OK  ]
         MailScanner:       Global symbol "$changeover" requires explicit
package name at /usr/lib/MailScanner/MailScanner/Quarantine.pm line 195.
Compilation failed in require at /usr/sbin/MailScanner line 48. BEGIN
failed--compilation aborted at /usr/sbin/MailScanner line 48.
                                                           [  OK  ]

Thanks,
Steve.

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: 14 November 2003 16:34
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: ANNOUNCE: Beta 4.25-7 released


And for good measure, because I screwed up that patch, add this one
afterwards as well:

--- Quarantine.pm.old      2003-11-14 16:28:17.000000000 +0000
+++ Quarantine.pm       2003-11-14 16:31:02.000000000 +0000
@@ -192,7 +192,8 @@
        MailScanner::Config::Value('quarantinewholemessage',$this) =~ /1/) {
      #print STDERR "Saving entire message to $msgdir\n";
      MailScanner::Log::InfoLog("Saved entire message to $msgdir");
-    $message->{store}->CopyEntireMessage($message, $msgdir, 'message');
+    $message->{store}->CopyEntireMessage($message, $msgdir, 'message',
+                                         $uid, $gid, $changeowner);
      push @chownlist, "$msgdir/message" if -f "$msgdir/message";
    }

Should actually work this time!
Oh how I love Friday afternoons. Time to go home...

At 16:24 14/11/2003, you wrote:
>Try this patch to Quarantine.pm
>
>--- Quarantine.pm.old      2003-11-07 12:30:39.000000000 +0000
>+++ Quarantine.pm       2003-11-14 16:23:55.000000000 +0000
>@@ -158,7 +158,7 @@
>    my $this = shift;
>    my($message) = @_;
>
>-  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner);
>+  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner, @chownlist);
>
>    # Create today's directory if necessary
>    #$todaydir = $this->{dir} . '/' . TodayDir();
>@@ -193,10 +193,11 @@
>      #print STDERR "Saving entire message to $msgdir\n";
>      MailScanner::Log::InfoLog("Saved entire message to $msgdir");
>      $message->{store}->CopyEntireMessage($message, $msgdir,
>'message');
>+    push @chownlist, "$msgdir/message" if -f "$msgdir/message";
>    }
>
>    # Now just quarantine the infected attachment files.
>-  my($indir, $attachment, $report, @chownlist);
>+  my($indir, $attachment, $report);
>    $indir = $global::MS->{work}->{dir} . '/' . $message->{id};
>    while(($attachment, $report) = each %{$message->{allreports}}) {
>      # Skip reports pertaining to entire message, we've done those.
>
>At 15:36 14/11/2003, you wrote:
>>Hi Julian,
>>
>>Think I've found the problem.
>>
>>I've added a InfoLog near the end of the constructor in Quarantine.pm
>>which displays $this-> uid, gid, fileumask and dirumask, in the logs I
>>get:
>>
>>Nov 14 15:11:24 mailscanner MailScanner[27337]: Quarantine File/Dir
>>Permissions:  uid=48 gid=48 fileumask=79, dirumask=7
>>
>>I sent myself a blocked attachment from home - here is what I get:
>>
>>/var/spool/MailScanner/quarantine/20031114
>>  drwxrwx---    2 apache   apache       4096 Nov 14 15:21 hAEFL1VN028041
>>
>>/var/spool/MailScanner/quarantine/20031114/hAEFL1VN028041
>>  -rw-rw----    1 root     root         1328 Nov 14 15:21 message  <---
>>Incorrect
>>  -rw-rw----    1 apache   apache          0 Nov 14 15:21
test.trap.crap.vbs
>>
>>The same thing seems to happen to spam messages as well - I've had a
>>good look through Message.pm but I really can't work out why it's
>>isn't working on the message/rfc822 message files.
>>
>>Kind regards,
>>Steve.
>>
>>-----Original Message-----
>>From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>>Sent: 14 November 2003 14:55
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>>
>>
>>Hi Julian,
>>
>>I've changed 'Quarantine User = apache' and restarted MailScanner, I'm
>>still
>>getting:
>>
>>-rw-rw----    1 root     root         2108 Nov 14 14:44 hxxxxxxxxxxxxx
>>
>>I'll add some debug to see if I can find out what it going on.
>>
>>Regards,
>>Steve.
>>
>>
>>-----Original Message-----
>>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>>Sent: 14 November 2003 14:16
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>>
>>
>>At 12:58 14/11/2003, you wrote:
>> >One final thing - I'm trying to get the new Quarantine Permissions
>> >features to work with MailWatch.
>> >
>> >I've set:
>> >
>> >Run As User: root
>> >Run As Group: root
>> >Quarantine User: root
>> >Quarantine Group: apache
>> >Quarantine Permissions: 0660
>> >
>> >And I get:
>> >
>> >-rw-rw----    1 root     root         2057 Nov 14 12:36 hxxxxxxxxxxxxx
>> >                                  ^^^^
>> >
>> >Bug? - or have I done something wrong?
>>
>>I've just tried it here with the same settings and it works fine. Can
>>you change the Quarantine User at all?
>>
>>
>>
>> >Kind regards,
>> >Steve.
>> >
>> >-----Original Message-----
>> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>> >Sent: 14 November 2003 12:42
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
>> >
>> >
>> >Further to this:
>> >
>> >I should've mentioned that I upgraded to clamav-0.65 at the same
>> >time and installed the Mail::ClamAV module as well.
>> >
>> >So after upgrading I had:
>> >
>> >Virus Scanners = sophossavi clamavmodule
>> >
>> >Which is when I started to get the log messages as below - reverting
>> >back to using the 'clamav' command-line scanner seems to fix the
>> >problem and get the messages delivered.
>> >
>> >Kind regards,
>> >Steve.
>> >
>> >-----Original Message-----
>> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>> >Sent: 14 November 2003 12:37
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
>> >
>> >
>> >Hi Julian,
>> >
>> >Just upgraded - bit of a problem now - keep seeing this in the log:
>> >
>> >Nov 14 12:33:42 mailscanner MailScanner[14138]: Your
>> >virus.scanners.conf file does not  have 3 words on each line. See if
>> >you  have an old one left over by mistake.
>> >
>> >/etc/MailScanner/virus.scanners.conf:
>> >
>> >antivir         /usr/lib/MailScanner/antivir-wrapper    /usr/lib/AntiVir
>> >bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
>> >clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
>> >command         /usr/lib/MailScanner/command-wrapper    /usr
>> >etrust          /usr/lib/MailScanner/etrust-wrapper
>>/opt/eTrustAntivirus
>> >f-prot          /usr/lib/MailScanner/f-prot-wrapper
/usr/local/f-prot
>> >f-secure        /usr/lib/MailScanner/f-secure-wrapper
/opt/f-secure/fsav
>> ><<snip>>
>> >
>> >And nothing is being delivered!!
>> >
>> >Kind regards,
>> >Steve.
>> >
>> >
>> >-----Original Message-----
>> >From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>> >Sent: 14 November 2003 11:49
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: ANNOUNCE: Beta 4.25-7 released
>> >
>> >
>> >Morning all,
>> >
>> >I've just released the latest beta/unstable version 4.25-7.
>> >
>> >Main addition since the last beta is the addition of support for the
>> >ClamAV perl module, which means no external programs have to be
>> >started every time ClamAV is invoked. Should be noticeably faster.
>> >
>> >There also a whole bunch of other fixes and additions, which are
>> >detailed in the ChangeLog included below.
>> >
>> >Expect a stable release soon, but please do test this version and
>> >check that it works okay. Thanks!
>> >
>> >Download as usual from www.mailscanner.info
>> >
>> >ChangeLog for 4.25:
>> >
>> >* New Features and Improvements *
>> >- Panda version 7.0 supported.
>> >- Added dependency on Net::CIDR module so could add support for more
>> >ways
>>of
>> >    specifying IP ranges in rulesets. Can now do all of:
>> >          152.78.
>> >          /^152\.78/
>> >          152.78.0.0/16
>> >          152.78.0.0-152.78.255.255
>> >- Added support for "disarm" option on all HTML tag detectors, which
will
>> >    disarm those tags while leaving the rest of the HTML intact.
>> >- Added support for retrieving configuration from LDAP.
>> >- Changed SpamAssassin timeout handler to kill processes and not
>> >process group.
>> >- Added support for changing uid, gid and permissions of both
>> >Incoming
Work
>> >    Dir and Quarantine Dir.
>> >- Improved ClamAV parser to handle errors printed when processing
viruses
>> >    containing corrupted zip files.
>> >- Improved documentation in virus.scanners.conf.
>> >- Improved documentation of "disarm" configuration settings.
>> >- Added optimisation to LDAP ruleset compiler that identifies 1-line
>> >rulesets
>> >    which hold the default value.
>> >- Added support for Mail::ClamAV perl module, enabling ClamAV to
>> >scan without
>> >    having to call any external programs at all.
>> >
>> >* Fixes*
>> >- RPM distribution install.sh script now checks and creates pod2text
>> >properly.
>> >- Fixed bug whereby the same message files could be deleted more
>> >than
once,
>> >    which could delete unprocessed messages using MTAs that name
>> >files
>>after
>> >    the inode and not the time.
>> >- Syslogging should now start successfully on all versions of
>> >Solaris and IRIX.
>> >- Bug fix in Postfix file handling code from Stefan Baltus which will
>> >    hopefully patch up the last Solaris Postfix problem.
>> >- Fixed bug that broke rulesets in earlier betas.
>> >
>> >
>> >
>> >--
>> >Julian Field
>> >www.MailScanner.info
>> >MailScanner thanks transtec Computers for their support
>> >
>> >PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>> >
>> >--
>> >This email and any files transmitted with it are confidential and
>> >intended solely for the use of the individual or entity to whom they
>> >are addressed. If you have received this email in error please
>> >notify the sender and delete the message from your mailbox.
>> >
>> >This footnote also confirms that this email message has been swept
>> >by MailScanner (www.mailscanner.info) for the presence of computer
>> >viruses.
>> >
>> >--
>> >This email and any files transmitted with it are confidential and
>> >intended solely for the use of the individual or entity to whom they
>> >are addressed. If you have received this email in error please
>> >notify the sender and delete the message from your mailbox.
>> >
>> >This footnote also confirms that this email message has been swept
>> >by MailScanner (www.mailscanner.info) for the presence of computer
>> >viruses.
>> >
>> >--
>> >This email and any files transmitted with it are confidential and
>> >intended solely for the use of the individual or entity to whom they
>> >are addressed. If you have received this email in error please
>> >notify the sender and delete the message from your mailbox.
>> >
>> >This footnote also confirms that this email message has been swept
>> >by MailScanner (www.mailscanner.info) for the presence of computer
>> >viruses.
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>>
>>--
>>This email and any files transmitted with it are confidential and
>>intended solely for the use of the individual or entity to whom they
>>are addressed. If you have received this email in error please notify
>>the sender and delete the message from your mailbox.
>>
>>This footnote also confirms that this email message has been swept by
>>MailScanner (www.mailscanner.info) for the presence of computer
>>viruses.
>>
>>--
>>This email and any files transmitted with it are confidential and
>>intended solely for the use of the individual or entity to whom they
>>are addressed. If you have received this email in error please notify
>>the sender and delete the message from your mailbox.
>>
>>This footnote also confirms that this email message has been swept by
>>MailScanner (www.mailscanner.info) for the presence of computer
>>viruses.
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender and delete
the message from your mailbox.

This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.

--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender and delete
the message from your mailbox.

This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.

--
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender and delete the message from your mailbox.

This footnote also confirms that this email message has been swept by
MailScanner (www.mailscanner.info) for the presence of computer viruses.



More information about the MailScanner mailing list