ANNOUNCE: Beta 4.25-7 released

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Mon Nov 17 21:19:04 GMT 2003


Hello everyone,

I guess my test setup is not really OK...

I am trying to send emails directly to my PC (running the latest and
greatest MS), bypassing my MX that send everything to my production MS
servers (running older versions of MS).

I'm using Evolution on a remote server and I tell Evolution that my SMTP
server (for outgoing mail) is my PC.  This works just fine.

I'm having problems sending quarantined emails that way.  Since I do not
quarantine them as queue files, I'm at a loss as to how to use them from
my mail client.  That's why you've seen all my bizarre attempts...

Anyone has a suggestion to improve my setup?

Should I just quarantine mails as queue files instead?  I've got people
sending quarantined stuff to users.  They are accustomed to the current
file format.  I don't know if this will impact their job...

Thanks again for your help.

Denis
Le sam 15/11/2003 à 06:24, Julian Field a écrit :
> At 18:25 14/11/2003, you wrote:
> >Julian,
> >
> >I did check the table:
> ># Allow...Tags    Convert Danger...    Action Taken on HTML Message
> ># ============    =================    ============================
> >#    no              no                Blocked
> >#    no              yes               Blocked
> >#    disarm          no                Specified HTML tags disarmed
> >#    disarm          yes               Specified HTML tags disarmed
> >#    yes             no                Nothing, allowed to pass
> >#    yes             yes               All HTML tags stripped
> >
> >As I understand it, if I say disarm for any Allow...Tag it should disarm
> >it.  Which is what I have coded.
> >
> >Still my FORMs get through.  I tried to put them inline (Insert->Inline
> >Text file in Evolution)
> 
> which will leave it as a text/plain message segment, not text/html.
> 
> >  or in an attachment (Insert->Attachment) but
> 
> at which point they won't be scanned as they are an attachment.
> 
> Use a mail client that is capable of directly creating HTML mail with 
> pictures and forms in it.
> 
> >they are always delivered to me...
> 
> 
> 
> 
> >Denis
> >
> >Le ven 14/11/2003 à 11:27, Julian Field a écrit :
> > > At 16:13 14/11/2003, you wrote:
> > > >Julian,
> > > >
> > > >Just tested it here with clamavmodule.
> > > >
> > > >Clamavmodule Works fine but it did trap an IFrame tag as a virus
> > > >(weird!):
> > > >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: INFECTED::
> > > >Exploit.IFrame.Gen:: ./hAEFKUao012330/message3
> > > >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: Virus Scanning: ClamAV
> > > >Module found 1 infections
> > >
> > > That's a quirk of Clam. It detects IFrames as viruses.
> > >
> > > >As for disarming tags, it doesn't seem to work:
> > > >Allow IFrame Tags = disarm
> > > >Log IFrame Tags = yes
> > > >Allow Form Tags = disarm
> > >
> > > Did you check the table at the start of "Convert Dangerous HTML to 
> > Plain Text"?
> > >
> > > >The message contained an attachment with a FORM that passed through MS:
> > > >--=-KHlT6txKqQiTOwvM3PMn
> > > >Content-Disposition: attachment; filename=message2
> > > >Content-Transfer-Encoding: quoted-printable
> > > >Content-Type: text/html; name=message2; charset=ISO-8859-15
> > > >
> > > >=20
> > > ><form method=3D'GET' action=3D'nouveautes.php3'>
> > > ><input type=3D"hidden" name=3D"recalcul" value=3D"oui">
> > > ><input type=3D'submit' class=3D'spip_bouton' name=3D'submit' 
> > value=3D'Recal=
> > > >culer cette page'></form>
> > > >
> > > >--=-KHlT6txKqQiTOwvM3PMn--
> > >
> > > It probably ignored that as it's an attachment, not a piece of the main
> > > body. I carefully leave HTML attachments alone.
> > >
> > >
> > >
> > > >I also have mixed results with quarantine permissions and users:
> > > >Quarantine User = virusck
> > > >Quarantine Group = virusck
> > > >Quarantine Permissions = 0640
> > > >
> > > ># ls -l /quarantaine/autres/20031114/hAEFKUao012330
> > > >total 8
> > > >-rw-r-----    1 root     root         1078 nov 14 10:20 message
> > > >-rw-r-----    1 virusck  virusck       162 nov 14 10:20 message3
> > >
> > > Have just fixed that. See recent post.
> > >
> > >
> > >
> > > >Denis
> > > >
> > > >Le ven 14/11/2003 à 06:49, Julian Field a écrit :
> > > > > Morning all,
> > > > >
> > > > > I've just released the latest beta/unstable version 4.25-7.
> > > > >
> > > > > Main addition since the last beta is the addition of support for 
> > the ClamAV
> > > > > perl module, which means no external programs have to be started 
> > every time
> > > > > ClamAV is invoked. Should be noticeably faster.
> > > > >
> > > > > There also a whole bunch of other fixes and additions, which are 
> > detailed
> > > > > in the ChangeLog included below.
> > > > >
> > > > > Expect a stable release soon, but please do test this version and check
> > > > > that it works okay. Thanks!
> > > > >
> > > > > Download as usual from www.mailscanner.info
> > > > >
> > > > > ChangeLog for 4.25:
> > > > >
> > > > > * New Features and Improvements *
> > > > > - Panda version 7.0 supported.
> > > > > - Added dependency on Net::CIDR module so could add support for more
> > > > ways of
> > > > >    specifying IP ranges in rulesets. Can now do all of:
> > > > >          152.78.
> > > > >          /^152\.78/
> > > > >          152.78.0.0/16
> > > > >          152.78.0.0-152.78.255.255
> > > > > - Added support for "disarm" option on all HTML tag detectors, 
> > which will
> > > > >    disarm those tags while leaving the rest of the HTML intact.
> > > > > - Added support for retrieving configuration from LDAP.
> > > > > - Changed SpamAssassin timeout handler to kill processes and not
> > > > process group.
> > > > > - Added support for changing uid, gid and permissions of both 
> > Incoming Work
> > > > >    Dir and Quarantine Dir.
> > > > > - Improved ClamAV parser to handle errors printed when processing 
> > viruses
> > > > >    containing corrupted zip files.
> > > > > - Improved documentation in virus.scanners.conf.
> > > > > - Improved documentation of "disarm" configuration settings.
> > > > > - Added optimisation to LDAP ruleset compiler that identifies 1-line
> > > > rulesets
> > > > >    which hold the default value.
> > > > > - Added support for Mail::ClamAV perl module, enabling ClamAV to scan
> > > > without
> > > > >    having to call any external programs at all.
> > > > >
> > > > > * Fixes*
> > > > > - RPM distribution install.sh script now checks and creates pod2text
> > > > properly.
> > > > > - Fixed bug whereby the same message files could be deleted more 
> > than once,
> > > > >    which could delete unprocessed messages using MTAs that name 
> > files after
> > > > >    the inode and not the time.
> > > > > - Syslogging should now start successfully on all versions of Solaris
> > > > and IRIX.
> > > > > - Bug fix in Postfix file handling code from Stefan Baltus which will
> > > > >    hopefully patch up the last Solaris Postfix problem.
> > > > > - Fixed bug that broke rulesets in earlier betas.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Julian Field
> > > > > www.MailScanner.info
> > > > > MailScanner thanks transtec Computers for their support
> > > > >
> > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> > > >--
> > > >Denis Beauchemin, analyste
> > > >Université de Sherbrooke, S.T.I.
> > > >T: 819.821.8000x2252 F: 819.821.8045
> >--
> >Denis Beauchemin, analyste
> >Université de Sherbrooke, S.T.I.
> >T: 819.821.8000x2252 F: 819.821.8045
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045




More information about the MailScanner mailing list