ANNOUNCE: Beta 4.25-7 released

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Fri Nov 14 18:25:22 GMT 2003


Julian,

I did check the table:
# Allow...Tags    Convert Danger...    Action Taken on HTML Message
# ============    =================    ============================
#    no              no                Blocked
#    no              yes               Blocked
#    disarm          no                Specified HTML tags disarmed
#    disarm          yes               Specified HTML tags disarmed
#    yes             no                Nothing, allowed to pass
#    yes             yes               All HTML tags stripped

As I understand it, if I say disarm for any Allow...Tag it should disarm
it.  Which is what I have coded.

Still my FORMs get through.  I tried to put them inline (Insert->Inline
Text file in Evolution) or in an attachment (Insert->Attachment) but
they are always delivered to me...

Denis

Le ven 14/11/2003 à 11:27, Julian Field a écrit :
> At 16:13 14/11/2003, you wrote:
> >Julian,
> >
> >Just tested it here with clamavmodule.
> >
> >Clamavmodule Works fine but it did trap an IFrame tag as a virus
> >(weird!):
> >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: INFECTED:: 
> >Exploit.IFrame.Gen:: ./hAEFKUao012330/message3
> >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: Virus Scanning: ClamAV 
> >Module found 1 infections
> 
> That's a quirk of Clam. It detects IFrames as viruses.
> 
> >As for disarming tags, it doesn't seem to work:
> >Allow IFrame Tags = disarm
> >Log IFrame Tags = yes
> >Allow Form Tags = disarm
> 
> Did you check the table at the start of "Convert Dangerous HTML to Plain Text"?
> 
> >The message contained an attachment with a FORM that passed through MS:
> >--=-KHlT6txKqQiTOwvM3PMn
> >Content-Disposition: attachment; filename=message2
> >Content-Transfer-Encoding: quoted-printable
> >Content-Type: text/html; name=message2; charset=ISO-8859-15
> >
> >=20
> ><form method=3D'GET' action=3D'nouveautes.php3'>
> ><input type=3D"hidden" name=3D"recalcul" value=3D"oui">
> ><input type=3D'submit' class=3D'spip_bouton' name=3D'submit' value=3D'Recal=
> >culer cette page'></form>
> >
> >--=-KHlT6txKqQiTOwvM3PMn--
> 
> It probably ignored that as it's an attachment, not a piece of the main 
> body. I carefully leave HTML attachments alone.
> 
> 
> 
> >I also have mixed results with quarantine permissions and users:
> >Quarantine User = virusck
> >Quarantine Group = virusck
> >Quarantine Permissions = 0640
> >
> ># ls -l /quarantaine/autres/20031114/hAEFKUao012330
> >total 8
> >-rw-r-----    1 root     root         1078 nov 14 10:20 message
> >-rw-r-----    1 virusck  virusck       162 nov 14 10:20 message3
> 
> Have just fixed that. See recent post.
> 
> 
> 
> >Denis
> >
> >Le ven 14/11/2003 à 06:49, Julian Field a écrit :
> > > Morning all,
> > >
> > > I've just released the latest beta/unstable version 4.25-7.
> > >
> > > Main addition since the last beta is the addition of support for the ClamAV
> > > perl module, which means no external programs have to be started every time
> > > ClamAV is invoked. Should be noticeably faster.
> > >
> > > There also a whole bunch of other fixes and additions, which are detailed
> > > in the ChangeLog included below.
> > >
> > > Expect a stable release soon, but please do test this version and check
> > > that it works okay. Thanks!
> > >
> > > Download as usual from www.mailscanner.info
> > >
> > > ChangeLog for 4.25:
> > >
> > > * New Features and Improvements *
> > > - Panda version 7.0 supported.
> > > - Added dependency on Net::CIDR module so could add support for more 
> > ways of
> > >    specifying IP ranges in rulesets. Can now do all of:
> > >          152.78.
> > >          /^152\.78/
> > >          152.78.0.0/16
> > >          152.78.0.0-152.78.255.255
> > > - Added support for "disarm" option on all HTML tag detectors, which will
> > >    disarm those tags while leaving the rest of the HTML intact.
> > > - Added support for retrieving configuration from LDAP.
> > > - Changed SpamAssassin timeout handler to kill processes and not 
> > process group.
> > > - Added support for changing uid, gid and permissions of both Incoming Work
> > >    Dir and Quarantine Dir.
> > > - Improved ClamAV parser to handle errors printed when processing viruses
> > >    containing corrupted zip files.
> > > - Improved documentation in virus.scanners.conf.
> > > - Improved documentation of "disarm" configuration settings.
> > > - Added optimisation to LDAP ruleset compiler that identifies 1-line 
> > rulesets
> > >    which hold the default value.
> > > - Added support for Mail::ClamAV perl module, enabling ClamAV to scan 
> > without
> > >    having to call any external programs at all.
> > >
> > > * Fixes*
> > > - RPM distribution install.sh script now checks and creates pod2text 
> > properly.
> > > - Fixed bug whereby the same message files could be deleted more than once,
> > >    which could delete unprocessed messages using MTAs that name files after
> > >    the inode and not the time.
> > > - Syslogging should now start successfully on all versions of Solaris 
> > and IRIX.
> > > - Bug fix in Postfix file handling code from Stefan Baltus which will
> > >    hopefully patch up the last Solaris Postfix problem.
> > > - Fixed bug that broke rulesets in earlier betas.
> > >
> > >
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> >--
> >Denis Beauchemin, analyste
> >Université de Sherbrooke, S.T.I.
> >T: 819.821.8000x2252 F: 819.821.8045
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045




More information about the MailScanner mailing list