ANNOUNCE: Beta 4.25-7 released

Julian Field mailscanner at ecs.soton.ac.uk
Sat Nov 15 11:24:03 GMT 2003 

At 18:25 14/11/2003, you wrote:
>Julian,
>
>I did check the table:
># Allow...Tags    Convert Danger...    Action Taken on HTML Message
># ============    =================    ============================
>#    no              no                Blocked
>#    no              yes               Blocked
>#    disarm          no                Specified HTML tags disarmed
>#    disarm          yes               Specified HTML tags disarmed
>#    yes             no                Nothing, allowed to pass
>#    yes             yes               All HTML tags stripped
>
>As I understand it, if I say disarm for any Allow...Tag it should disarm
>it.  Which is what I have coded.
>
>Still my FORMs get through.  I tried to put them inline (Insert->Inline
>Text file in Evolution)

which will leave it as a text/plain message segment, not text/html.

>  or in an attachment (Insert->Attachment) but

at which point they won't be scanned as they are an attachment.

Use a mail client that is capable of directly creating HTML mail with 
pictures and forms in it.

>they are always delivered to me...




>Denis
>
>Le ven 14/11/2003 à 11:27, Julian Field a écrit :
> > At 16:13 14/11/2003, you wrote:
> > >Julian,
> > >
> > >Just tested it here with clamavmodule.
> > >
> > >Clamavmodule Works fine but it did trap an IFrame tag as a virus
> > >(weird!):
> > >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: INFECTED::
> > >Exploit.IFrame.Gen:: ./hAEFKUao012330/message3
> > >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: Virus Scanning: ClamAV
> > >Module found 1 infections
> >
> > That's a quirk of Clam. It detects IFrames as viruses.
> >
> > >As for disarming tags, it doesn't seem to work:
> > >Allow IFrame Tags = disarm
> > >Log IFrame Tags = yes
> > >Allow Form Tags = disarm
> >
> > Did you check the table at the start of "Convert Dangerous HTML to 
> Plain Text"?
> >
> > >The message contained an attachment with a FORM that passed through MS:
> > >--=-KHlT6txKqQiTOwvM3PMn
> > >Content-Disposition: attachment; filename=message2
> > >Content-Transfer-Encoding: quoted-printable
> > >Content-Type: text/html; name=message2; charset=ISO-8859-15
> > >
> > >=20
> > ><form method=3D'GET' action=3D'nouveautes.php3'>
> > ><input type=3D"hidden" name=3D"recalcul" value=3D"oui">
> > ><input type=3D'submit' class=3D'spip_bouton' name=3D'submit' 
> value=3D'Recal=
> > >culer cette page'></form>
> > >
> > >--=-KHlT6txKqQiTOwvM3PMn--
> >
> > It probably ignored that as it's an attachment, not a piece of the main
> > body. I carefully leave HTML attachments alone.
> >
> >
> >
> > >I also have mixed results with quarantine permissions and users:
> > >Quarantine User = virusck
> > >Quarantine Group = virusck
> > >Quarantine Permissions = 0640
> > >
> > ># ls -l /quarantaine/autres/20031114/hAEFKUao012330
> > >total 8
> > >-rw-r-----    1 root     root         1078 nov 14 10:20 message
> > >-rw-r-----    1 virusck  virusck       162 nov 14 10:20 message3
> >
> > Have just fixed that. See recent post.
> >
> >
> >
> > >Denis
> > >
> > >Le ven 14/11/2003 à 06:49, Julian Field a écrit :
> > > > Morning all,
> > > >
> > > > I've just released the latest beta/unstable version 4.25-7.
> > > >
> > > > Main addition since the last beta is the addition of support for 
> the ClamAV
> > > > perl module, which means no external programs have to be started 
> every time
> > > > ClamAV is invoked. Should be noticeably faster.
> > > >
> > > > There also a whole bunch of other fixes and additions, which are 
> detailed
> > > > in the ChangeLog included below.
> > > >
> > > > Expect a stable release soon, but please do test this version and check
> > > > that it works okay. Thanks!
> > > >
> > > > Download as usual from www.mailscanner.info
> > > >
> > > > ChangeLog for 4.25:
> > > >
> > > > * New Features and Improvements *
> > > > - Panda version 7.0 supported.
> > > > - Added dependency on Net::CIDR module so could add support for more
> > > ways of
> > > >    specifying IP ranges in rulesets. Can now do all of:
> > > >          152.78.
> > > >          /^152\.78/
> > > >          152.78.0.0/16
> > > >          152.78.0.0-152.78.255.255
> > > > - Added support for "disarm" option on all HTML tag detectors, 
> which will
> > > >    disarm those tags while leaving the rest of the HTML intact.
> > > > - Added support for retrieving configuration from LDAP.
> > > > - Changed SpamAssassin timeout handler to kill processes and not
> > > process group.
> > > > - Added support for changing uid, gid and permissions of both 
> Incoming Work
> > > >    Dir and Quarantine Dir.
> > > > - Improved ClamAV parser to handle errors printed when processing 
> viruses
> > > >    containing corrupted zip files.
> > > > - Improved documentation in virus.scanners.conf.
> > > > - Improved documentation of "disarm" configuration settings.
> > > > - Added optimisation to LDAP ruleset compiler that identifies 1-line
> > > rulesets
> > > >    which hold the default value.
> > > > - Added support for Mail::ClamAV perl module, enabling ClamAV to scan
> > > without
> > > >    having to call any external programs at all.
> > > >
> > > > * Fixes*
> > > > - RPM distribution install.sh script now checks and creates pod2text
> > > properly.
> > > > - Fixed bug whereby the same message files could be deleted more 
> than once,
> > > >    which could delete unprocessed messages using MTAs that name 
> files after
> > > >    the inode and not the time.
> > > > - Syslogging should now start successfully on all versions of Solaris
> > > and IRIX.
> > > > - Bug fix in Postfix file handling code from Stefan Baltus which will
> > > >    hopefully patch up the last Solaris Postfix problem.
> > > > - Fixed bug that broke rulesets in earlier betas.
> > > >
> > > >
> > > >
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > MailScanner thanks transtec Computers for their support
> > > >
> > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> > >--
> > >Denis Beauchemin, analyste
> > >Université de Sherbrooke, S.T.I.
> > >T: 819.821.8000x2252 F: 819.821.8045
>--
>Denis Beauchemin, analyste
>Université de Sherbrooke, S.T.I.
>T: 819.821.8000x2252 F: 819.821.8045

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list