ANNOUNCE: Beta 4.25-7 released

Julian Field mailscanner at ecs.soton.ac.uk
Fri Nov 14 17:08:22 GMT 2003


And lo, there was another patch:

--- Message.pm.old 2003-11-10 10:24:33.000000000 +0000
+++ Message.pm  2003-11-14 17:06:29.000000000 +0000
@@ -547,8 +547,8 @@
    # Store it if they want that
    if ($actions{'store'}) {
      my($dir, $dir2, $spamdir, $uid, $gid, $changeowner);
-    $uid = $global::MTA->{quar}->{uid};
-    $gid = $global::MTA->{quar}->{gid};
+    $uid = $global::MS->{quar}->{uid};
+    $gid = $global::MS->{quar}->{gid};
      $changeowner = $global::MS->{quar}->{changeowner};
      $dir = MailScanner::Config::Value('quarantinedir', $this);
      $dir2 = $dir . '/' .  MailScanner::Quarantine::TodayDir();
@@ -566,9 +566,12 @@
      mkdir $spamdir, 0777;
        chown $uid, $gid, $spamdir if $changeowner;
      }
-    #print STDERR "Storing spam to $spamdir/" . $this->{id} . "\n";
+    print STDERR "Storing spam to $spamdir/" . $this->{id} . "\n";
+    print STDERR "uid=$uid gid=$gid changeowner=$changeowner\n";
      umask $global::MS->{quar}->{fileumask};
-    $this->{store}->CopyEntireMessage($this, $spamdir, $this->{id});
+    $this->{store}->CopyEntireMessage($this, $spamdir, $this->{id},
+                                      $uid, $gid, $changeowner);
+    chown $uid, $gid, "$spamdir/" . $this->{id}; # Harmless if this fails
    }
    umask 0077; # Safety net

For everyone else's benefit, I'll release another beta once Steve has found
all my bugs :-)

At 16:53 14/11/2003, you wrote:
>Julian,
>
>It is working for these now:
>
>[root at mailscanner hAEGmvHs002312]# pwd
>/var/spool/MailScanner/quarantine/20031114/hAEGmvHs002312
>[root at mailscanner hAEGmvHs002312]# ls -al
>total 64
>drwxrwx---    2 apache   apache       4096 Nov 14 16:49 .
>drwxrwx---   15 root     apache       4096 Nov 14 16:49 ..
>-rw-rw----    1 apache   apache      31272 Nov 14 16:49 message
>-rw-rw----    1 apache   apache      22175 Nov 14 16:49 message.zip
>
>But not for these:
>
>[root at mailscanner spam]# pwd
>/var/spool/MailScanner/quarantine/20031114/spam
>[root at mailscanner spam]# ls -al
>-rw-rw----    1 root     root         1274 Nov 14 16:48 hAEGmdHs002297
>-rw-rw----    1 root     root        31272 Nov 14 16:49 hAEGmvHs002312
>-rw-rw----    1 root     root         1215 Nov 14 16:50 hAEGohHs002458
>-rw-rw----    1 root     root         1792 Nov 14 16:51 hAEGpIHs002493
>-rw-rw----    1 root     root         3190 Nov 14 16:51 hAEGpiHs002536
>
>And I've double-checked for typo's before posting this time ;-))
>
>Kind regards,
>Steve.
>
>-----Original Message-----
>From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>Sent: 14 November 2003 16:42
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>
>
>Ignore me - I should learn to type properly....
>
> >>> Oh how I love Friday afternoons. Time to go home...
>
>I'll second that!
>
>-----Original Message-----
>From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
>Sent: 14 November 2003 16:41
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>
>
>I've just added the changed the lines by hand (couldn't get patch to work by
>pasting the e-mail) ... I now get:
>
>[root at mailscanner MailScanner]# service MailScanner start Starting
>MailScanner daemons:
>          incoming sendmail:                                [  OK  ]
>          outgoing sendmail:                                [  OK  ]
>          MailScanner:       Global symbol "$changeover" requires explicit
>package name at /usr/lib/MailScanner/MailScanner/Quarantine.pm line 195.
>Compilation failed in require at /usr/sbin/MailScanner line 48. BEGIN
>failed--compilation aborted at /usr/sbin/MailScanner line 48.
>                                                            [  OK  ]
>
>Thanks,
>Steve.
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: 14 November 2003 16:34
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: Beta 4.25-7 released
>
>
>And for good measure, because I screwed up that patch, add this one
>afterwards as well:
>
>--- Quarantine.pm.old      2003-11-14 16:28:17.000000000 +0000
>+++ Quarantine.pm       2003-11-14 16:31:02.000000000 +0000
>@@ -192,7 +192,8 @@
>         MailScanner::Config::Value('quarantinewholemessage',$this) =~ /1/) {
>       #print STDERR "Saving entire message to $msgdir\n";
>       MailScanner::Log::InfoLog("Saved entire message to $msgdir");
>-    $message->{store}->CopyEntireMessage($message, $msgdir, 'message');
>+    $message->{store}->CopyEntireMessage($message, $msgdir, 'message',
>+                                         $uid, $gid, $changeowner);
>       push @chownlist, "$msgdir/message" if -f "$msgdir/message";
>     }
>
>Should actually work this time!
>Oh how I love Friday afternoons. Time to go home...
>
>At 16:24 14/11/2003, you wrote:
> >Try this patch to Quarantine.pm
> >
> >--- Quarantine.pm.old      2003-11-07 12:30:39.000000000 +0000
> >+++ Quarantine.pm       2003-11-14 16:23:55.000000000 +0000
> >@@ -158,7 +158,7 @@
> >    my $this = shift;
> >    my($message) = @_;
> >
> >-  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner);
> >+  my($qdir, $todaydir, $msgdir, $uid, $gid, $changeowner, @chownlist);
> >
> >    # Create today's directory if necessary
> >    #$todaydir = $this->{dir} . '/' . TodayDir();
> >@@ -193,10 +193,11 @@
> >      #print STDERR "Saving entire message to $msgdir\n";
> >      MailScanner::Log::InfoLog("Saved entire message to $msgdir");
> >      $message->{store}->CopyEntireMessage($message, $msgdir,
> >'message');
> >+    push @chownlist, "$msgdir/message" if -f "$msgdir/message";
> >    }
> >
> >    # Now just quarantine the infected attachment files.
> >-  my($indir, $attachment, $report, @chownlist);
> >+  my($indir, $attachment, $report);
> >    $indir = $global::MS->{work}->{dir} . '/' . $message->{id};
> >    while(($attachment, $report) = each %{$message->{allreports}}) {
> >      # Skip reports pertaining to entire message, we've done those.
> >
> >At 15:36 14/11/2003, you wrote:
> >>Hi Julian,
> >>
> >>Think I've found the problem.
> >>
> >>I've added a InfoLog near the end of the constructor in Quarantine.pm
> >>which displays $this-> uid, gid, fileumask and dirumask, in the logs I
> >>get:
> >>
> >>Nov 14 15:11:24 mailscanner MailScanner[27337]: Quarantine File/Dir
> >>Permissions:  uid=48 gid=48 fileumask=79, dirumask=7
> >>
> >>I sent myself a blocked attachment from home - here is what I get:
> >>
> >>/var/spool/MailScanner/quarantine/20031114
> >>  drwxrwx---    2 apache   apache       4096 Nov 14 15:21 hAEFL1VN028041
> >>
> >>/var/spool/MailScanner/quarantine/20031114/hAEFL1VN028041
> >>  -rw-rw----    1 root     root         1328 Nov 14 15:21 message  <---
> >>Incorrect
> >>  -rw-rw----    1 apache   apache          0 Nov 14 15:21
>test.trap.crap.vbs
> >>
> >>The same thing seems to happen to spam messages as well - I've had a
> >>good look through Message.pm but I really can't work out why it's
> >>isn't working on the message/rfc822 message files.
> >>
> >>Kind regards,
> >>Steve.
> >>
> >>-----Original Message-----
> >>From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> >>Sent: 14 November 2003 14:55
> >>To: MAILSCANNER at JISCMAIL.AC.UK
> >>Subject: Re: ANNOUNCE: Beta 4.25-7 released
> >>
> >>
> >>Hi Julian,
> >>
> >>I've changed 'Quarantine User = apache' and restarted MailScanner, I'm
> >>still
> >>getting:
> >>
> >>-rw-rw----    1 root     root         2108 Nov 14 14:44 hxxxxxxxxxxxxx
> >>
> >>I'll add some debug to see if I can find out what it going on.
> >>
> >>Regards,
> >>Steve.
> >>
> >>
> >>-----Original Message-----
> >>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
> >>Sent: 14 November 2003 14:16
> >>To: MAILSCANNER at JISCMAIL.AC.UK
> >>Subject: Re: ANNOUNCE: Beta 4.25-7 released
> >>
> >>
> >>At 12:58 14/11/2003, you wrote:
> >> >One final thing - I'm trying to get the new Quarantine Permissions
> >> >features to work with MailWatch.
> >> >
> >> >I've set:
> >> >
> >> >Run As User: root
> >> >Run As Group: root
> >> >Quarantine User: root
> >> >Quarantine Group: apache
> >> >Quarantine Permissions: 0660
> >> >
> >> >And I get:
> >> >
> >> >-rw-rw----    1 root     root         2057 Nov 14 12:36 hxxxxxxxxxxxxx
> >> >                                  ^^^^
> >> >
> >> >Bug? - or have I done something wrong?
> >>
> >>I've just tried it here with the same settings and it works fine. Can
> >>you change the Quarantine User at all?
> >>
> >>
> >>
> >> >Kind regards,
> >> >Steve.
> >> >
> >> >-----Original Message-----
> >> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> >> >Sent: 14 November 2003 12:42
> >> >To: MAILSCANNER at JISCMAIL.AC.UK
> >> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
> >> >
> >> >
> >> >Further to this:
> >> >
> >> >I should've mentioned that I upgraded to clamav-0.65 at the same
> >> >time and installed the Mail::ClamAV module as well.
> >> >
> >> >So after upgrading I had:
> >> >
> >> >Virus Scanners = sophossavi clamavmodule
> >> >
> >> >Which is when I started to get the log messages as below - reverting
> >> >back to using the 'clamav' command-line scanner seems to fix the
> >> >problem and get the messages delivered.
> >> >
> >> >Kind regards,
> >> >Steve.
> >> >
> >> >-----Original Message-----
> >> >From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> >> >Sent: 14 November 2003 12:37
> >> >To: MAILSCANNER at JISCMAIL.AC.UK
> >> >Subject: Re: ANNOUNCE: Beta 4.25-7 released
> >> >
> >> >
> >> >Hi Julian,
> >> >
> >> >Just upgraded - bit of a problem now - keep seeing this in the log:
> >> >
> >> >Nov 14 12:33:42 mailscanner MailScanner[14138]: Your
> >> >virus.scanners.conf file does not  have 3 words on each line. See if
> >> >you  have an old one left over by mistake.
> >> >
> >> >/etc/MailScanner/virus.scanners.conf:
> >> >
> >> >antivir         /usr/lib/MailScanner/antivir-wrapper    /usr/lib/AntiVir
> >> >bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /usr/local/bd7
> >> >clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
> >> >command         /usr/lib/MailScanner/command-wrapper    /usr
> >> >etrust          /usr/lib/MailScanner/etrust-wrapper
> >>/opt/eTrustAntivirus
> >> >f-prot          /usr/lib/MailScanner/f-prot-wrapper
>/usr/local/f-prot
> >> >f-secure        /usr/lib/MailScanner/f-secure-wrapper
>/opt/f-secure/fsav
> >> ><<snip>>
> >> >
> >> >And nothing is being delivered!!
> >> >
> >> >Kind regards,
> >> >Steve.
> >> >
> >> >
> >> >-----Original Message-----
> >> >From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
> >> >Sent: 14 November 2003 11:49
> >> >To: MAILSCANNER at JISCMAIL.AC.UK
> >> >Subject: ANNOUNCE: Beta 4.25-7 released
> >> >
> >> >
> >> >Morning all,
> >> >
> >> >I've just released the latest beta/unstable version 4.25-7.
> >> >
> >> >Main addition since the last beta is the addition of support for the
> >> >ClamAV perl module, which means no external programs have to be
> >> >started every time ClamAV is invoked. Should be noticeably faster.
> >> >
> >> >There also a whole bunch of other fixes and additions, which are
> >> >detailed in the ChangeLog included below.
> >> >
> >> >Expect a stable release soon, but please do test this version and
> >> >check that it works okay. Thanks!
> >> >
> >> >Download as usual from www.mailscanner.info
> >> >
> >> >ChangeLog for 4.25:
> >> >
> >> >* New Features and Improvements *
> >> >- Panda version 7.0 supported.
> >> >- Added dependency on Net::CIDR module so could add support for more
> >> >ways
> >>of
> >> >    specifying IP ranges in rulesets. Can now do all of:
> >> >          152.78.
> >> >          /^152\.78/
> >> >          152.78.0.0/16
> >> >          152.78.0.0-152.78.255.255
> >> >- Added support for "disarm" option on all HTML tag detectors, which
>will
> >> >    disarm those tags while leaving the rest of the HTML intact.
> >> >- Added support for retrieving configuration from LDAP.
> >> >- Changed SpamAssassin timeout handler to kill processes and not
> >> >process group.
> >> >- Added support for changing uid, gid and permissions of both
> >> >Incoming
>Work
> >> >    Dir and Quarantine Dir.
> >> >- Improved ClamAV parser to handle errors printed when processing
>viruses
> >> >    containing corrupted zip files.
> >> >- Improved documentation in virus.scanners.conf.
> >> >- Improved documentation of "disarm" configuration settings.
> >> >- Added optimisation to LDAP ruleset compiler that identifies 1-line
> >> >rulesets
> >> >    which hold the default value.
> >> >- Added support for Mail::ClamAV perl module, enabling ClamAV to
> >> >scan without
> >> >    having to call any external programs at all.
> >> >
> >> >* Fixes*
> >> >- RPM distribution install.sh script now checks and creates pod2text
> >> >properly.
> >> >- Fixed bug whereby the same message files could be deleted more
> >> >than
>once,
> >> >    which could delete unprocessed messages using MTAs that name
> >> >files
> >>after
> >> >    the inode and not the time.
> >> >- Syslogging should now start successfully on all versions of
> >> >Solaris and IRIX.
> >> >- Bug fix in Postfix file handling code from Stefan Baltus which will
> >> >    hopefully patch up the last Solaris Postfix problem.
> >> >- Fixed bug that broke rulesets in earlier betas.
> >> >
> >> >
> >> >
> >> >--
> >> >Julian Field
> >> >www.MailScanner.info
> >> >MailScanner thanks transtec Computers for their support
> >> >
> >> >PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> >> >
> >> >--
> >> >This email and any files transmitted with it are confidential and
> >> >intended solely for the use of the individual or entity to whom they
> >> >are addressed. If you have received this email in error please
> >> >notify the sender and delete the message from your mailbox.
> >> >
> >> >This footnote also confirms that this email message has been swept
> >> >by MailScanner (www.mailscanner.info) for the presence of computer
> >> >viruses.
> >> >
> >> >--
> >> >This email and any files transmitted with it are confidential and
> >> >intended solely for the use of the individual or entity to whom they
> >> >are addressed. If you have received this email in error please
> >> >notify the sender and delete the message from your mailbox.
> >> >
> >> >This footnote also confirms that this email message has been swept
> >> >by MailScanner (www.mailscanner.info) for the presence of computer
> >> >viruses.
> >> >
> >> >--
> >> >This email and any files transmitted with it are confidential and
> >> >intended solely for the use of the individual or entity to whom they
> >> >are addressed. If you have received this email in error please
> >> >notify the sender and delete the message from your mailbox.
> >> >
> >> >This footnote also confirms that this email message has been swept
> >> >by MailScanner (www.mailscanner.info) for the presence of computer
> >> >viruses.
> >>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> >>
> >>--
> >>This email and any files transmitted with it are confidential and
> >>intended solely for the use of the individual or entity to whom they
> >>are addressed. If you have received this email in error please notify
> >>the sender and delete the message from your mailbox.
> >>
> >>This footnote also confirms that this email message has been swept by
> >>MailScanner (www.mailscanner.info) for the presence of computer
> >>viruses.
> >>
> >>--
> >>This email and any files transmitted with it are confidential and
> >>intended solely for the use of the individual or entity to whom they
> >>are addressed. If you have received this email in error please notify
> >>the sender and delete the message from your mailbox.
> >>
> >>This footnote also confirms that this email message has been swept by
> >>MailScanner (www.mailscanner.info) for the presence of computer
> >>viruses.
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>
>--
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the sender and delete
>the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>--
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the sender and delete
>the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.
>
>--
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the sender and delete the message from your mailbox.
>
>This footnote also confirms that this email message has been swept by
>MailScanner (www.mailscanner.info) for the presence of computer viruses.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654



More information about the MailScanner mailing list