ANNOUNCE: Beta 4.25-7 released

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Mon Nov 17 22:04:58 GMT 2003 

Thanks Trever,

That did it.  All I had to do was copy one quarantined email to /tmp,
put my email address in the To: field and use sendmail as you suggested.

Much easier than what I was attempting to do.

And Julian: the disarming code now does its magic!

Thanks again!

Denis
Le lun 17/11/2003 à 16:36, Furnish, Trever G a écrit :
> Hmmm... this isn't really an issue related to the beta though, right, so
> next time you might want to consider doing yourself a favor by starting a
> new thread rather than posting under this one...
> 
> Assuming you mean that you are saving quarantined messages as one file, you
> can probably resend such a file using sendmail -t -oi, so long as you
> remember to whitelist your own server (and assuming it's appropriate for you
> to do that).
> 
> sendmail -t -oi <messagefile
> 
> My apologies in advance if I'm missing some knowledge from your previous
> posts that indicates this won't work for you...
> 
> HTH,
> Trever
> 
> 
> > -----Original Message-----
> > From: Denis Beauchemin [mailto:Denis.Beauchemin at USHERBROOKE.CA]
> > Sent: Monday, November 17, 2003 4:19 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: ANNOUNCE: Beta 4.25-7 released
> > 
> > 
> > Hello everyone,
> > 
> > I guess my test setup is not really OK...
> > 
> > I am trying to send emails directly to my PC (running the latest and
> > greatest MS), bypassing my MX that send everything to my production MS
> > servers (running older versions of MS).
> > 
> > I'm using Evolution on a remote server and I tell Evolution 
> > that my SMTP
> > server (for outgoing mail) is my PC.  This works just fine.
> > 
> > I'm having problems sending quarantined emails that way.  
> > Since I do not
> > quarantine them as queue files, I'm at a loss as to how to 
> > use them from
> > my mail client.  That's why you've seen all my bizarre attempts...
> > 
> > Anyone has a suggestion to improve my setup?
> > 
> > Should I just quarantine mails as queue files instead?  I've 
> > got people
> > sending quarantined stuff to users.  They are accustomed to 
> > the current
> > file format.  I don't know if this will impact their job...
> > 
> > Thanks again for your help.
> > 
> > Denis
> > Le sam 15/11/2003 à 06:24, Julian Field a écrit :
> > > At 18:25 14/11/2003, you wrote:
> > > >Julian,
> > > >
> > > >I did check the table:
> > > ># Allow...Tags    Convert Danger...    Action Taken on HTML Message
> > > ># ============    =================    ============================
> > > >#    no              no                Blocked
> > > >#    no              yes               Blocked
> > > >#    disarm          no                Specified HTML tags disarmed
> > > >#    disarm          yes               Specified HTML tags disarmed
> > > >#    yes             no                Nothing, allowed to pass
> > > >#    yes             yes               All HTML tags stripped
> > > >
> > > >As I understand it, if I say disarm for any Allow...Tag it 
> > should disarm
> > > >it.  Which is what I have coded.
> > > >
> > > >Still my FORMs get through.  I tried to put them inline 
> > (Insert->Inline
> > > >Text file in Evolution)
> > > 
> > > which will leave it as a text/plain message segment, not text/html.
> > > 
> > > >  or in an attachment (Insert->Attachment) but
> > > 
> > > at which point they won't be scanned as they are an attachment.
> > > 
> > > Use a mail client that is capable of directly creating HTML 
> > mail with 
> > > pictures and forms in it.
> > > 
> > > >they are always delivered to me...
> > > 
> > > 
> > > 
> > > 
> > > >Denis
> > > >
> > > >Le ven 14/11/2003 à 11:27, Julian Field a écrit :
> > > > > At 16:13 14/11/2003, you wrote:
> > > > > >Julian,
> > > > > >
> > > > > >Just tested it here with clamavmodule.
> > > > > >
> > > > > >Clamavmodule Works fine but it did trap an IFrame tag 
> > as a virus
> > > > > >(weird!):
> > > > > >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: INFECTED::
> > > > > >Exploit.IFrame.Gen:: ./hAEFKUao012330/message3
> > > > > >Nov 14 10:20:37 dbeauchemin MailScanner[12223]: Virus 
> > Scanning: ClamAV
> > > > > >Module found 1 infections
> > > > >
> > > > > That's a quirk of Clam. It detects IFrames as viruses.
> > > > >
> > > > > >As for disarming tags, it doesn't seem to work:
> > > > > >Allow IFrame Tags = disarm
> > > > > >Log IFrame Tags = yes
> > > > > >Allow Form Tags = disarm
> > > > >
> > > > > Did you check the table at the start of "Convert 
> > Dangerous HTML to 
> > > > Plain Text"?
> > > > >
> > > > > >The message contained an attachment with a FORM that 
> > passed through MS:
> > > > > >--=-KHlT6txKqQiTOwvM3PMn
> > > > > >Content-Disposition: attachment; filename=message2
> > > > > >Content-Transfer-Encoding: quoted-printable
> > > > > >Content-Type: text/html; name=message2; charset=ISO-8859-15
> > > > > >
> > > > > >=20
> > > > > ><form method=3D'GET' action=3D'nouveautes.php3'>
> > > > > ><input type=3D"hidden" name=3D"recalcul" value=3D"oui">
> > > > > ><input type=3D'submit' class=3D'spip_bouton' name=3D'submit' 
> > > > value=3D'Recal=
> > > > > >culer cette page'></form>
> > > > > >
> > > > > >--=-KHlT6txKqQiTOwvM3PMn--
> > > > >
> > > > > It probably ignored that as it's an attachment, not a 
> > piece of the main
> > > > > body. I carefully leave HTML attachments alone.
> > > > >
> > > > >
> > > > >
> > > > > >I also have mixed results with quarantine permissions 
> > and users:
> > > > > >Quarantine User = virusck
> > > > > >Quarantine Group = virusck
> > > > > >Quarantine Permissions = 0640
> > > > > >
> > > > > ># ls -l /quarantaine/autres/20031114/hAEFKUao012330
> > > > > >total 8
> > > > > >-rw-r-----    1 root     root         1078 nov 14 10:20 message
> > > > > >-rw-r-----    1 virusck  virusck       162 nov 14 
> > 10:20 message3
> > > > >
> > > > > Have just fixed that. See recent post.
> > > > >
> > > > >
> > > > >
> > > > > >Denis
> > > > > >
> > > > > >Le ven 14/11/2003 à 06:49, Julian Field a écrit :
> > > > > > > Morning all,
> > > > > > >
> > > > > > > I've just released the latest beta/unstable version 4.25-7.
> > > > > > >
> > > > > > > Main addition since the last beta is the addition 
> > of support for 
> > > > the ClamAV
> > > > > > > perl module, which means no external programs have 
> > to be started 
> > > > every time
> > > > > > > ClamAV is invoked. Should be noticeably faster.
> > > > > > >
> > > > > > > There also a whole bunch of other fixes and 
> > additions, which are 
> > > > detailed
> > > > > > > in the ChangeLog included below.
> > > > > > >
> > > > > > > Expect a stable release soon, but please do test 
> > this version and check
> > > > > > > that it works okay. Thanks!
> > > > > > >
> > > > > > > Download as usual from www.mailscanner.info
> > > > > > >
> > > > > > > ChangeLog for 4.25:
> > > > > > >
> > > > > > > * New Features and Improvements *
> > > > > > > - Panda version 7.0 supported.
> > > > > > > - Added dependency on Net::CIDR module so could add 
> > support for more
> > > > > > ways of
> > > > > > >    specifying IP ranges in rulesets. Can now do all of:
> > > > > > >          152.78.
> > > > > > >          /^152\.78/
> > > > > > >          152.78.0.0/16
> > > > > > >          152.78.0.0-152.78.255.255
> > > > > > > - Added support for "disarm" option on all HTML tag 
> > detectors, 
> > > > which will
> > > > > > >    disarm those tags while leaving the rest of the 
> > HTML intact.
> > > > > > > - Added support for retrieving configuration from LDAP.
> > > > > > > - Changed SpamAssassin timeout handler to kill 
> > processes and not
> > > > > > process group.
> > > > > > > - Added support for changing uid, gid and 
> > permissions of both 
> > > > Incoming Work
> > > > > > >    Dir and Quarantine Dir.
> > > > > > > - Improved ClamAV parser to handle errors printed 
> > when processing 
> > > > viruses
> > > > > > >    containing corrupted zip files.
> > > > > > > - Improved documentation in virus.scanners.conf.
> > > > > > > - Improved documentation of "disarm" configuration settings.
> > > > > > > - Added optimisation to LDAP ruleset compiler that 
> > identifies 1-line
> > > > > > rulesets
> > > > > > >    which hold the default value.
> > > > > > > - Added support for Mail::ClamAV perl module, 
> > enabling ClamAV to scan
> > > > > > without
> > > > > > >    having to call any external programs at all.
> > > > > > >
> > > > > > > * Fixes*
> > > > > > > - RPM distribution install.sh script now checks and 
> > creates pod2text
> > > > > > properly.
> > > > > > > - Fixed bug whereby the same message files could be 
> > deleted more 
> > > > than once,
> > > > > > >    which could delete unprocessed messages using 
> > MTAs that name 
> > > > files after
> > > > > > >    the inode and not the time.
> > > > > > > - Syslogging should now start successfully on all 
> > versions of Solaris
> > > > > > and IRIX.
> > > > > > > - Bug fix in Postfix file handling code from Stefan 
> > Baltus which will
> > > > > > >    hopefully patch up the last Solaris Postfix problem.
> > > > > > > - Fixed bug that broke rulesets in earlier betas.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Julian Field
> > > > > > > www.MailScanner.info
> > > > > > > MailScanner thanks transtec Computers for their support
> > > > > > >
> > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 
> > 5947 1415 B654
> > > > > >--
> > > > > >Denis Beauchemin, analyste
> > > > > >Université de Sherbrooke, S.T.I.
> > > > > >T: 819.821.8000x2252 F: 819.821.8045
> > > >--
> > > >Denis Beauchemin, analyste
> > > >Université de Sherbrooke, S.T.I.
> > > >T: 819.821.8000x2252 F: 819.821.8045
> > -- 
> > Denis Beauchemin, analyste
> > Université de Sherbrooke, S.T.I.
> > T: 819.821.8000x2252 F: 819.821.8045
> > 
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list