ANNOUNCE: Stable 4.24 released

Julian Field mailscanner at
Mon Oct 6 09:41:36 IST 2003

Morning all!

I have just posted 4.24-5 on the website.

Major improvements this time are, for example,

--  Emergency queue-handling mode for rapid processing of very large mail
--  Check of number of attachments on a message to prevent a DoS attack.
--  New rule type in Filename and Filetype checking, so some files can just
be deleted and not quarantined, which saves disk space.
--  Several new example Custom Functions to implement things like per-IP
messages per hour to save you being bombarded with viruses from just a few
IP addresses, high speed implementation of several configuration options
which will work faster when using huge rulesets.

There are loads of other improvements as well.

When upgrading your MailScanner.conf using upgrade_MailScanner_conf, please
read the usage message carefully. By default it will now not copy all the
comments from the old file to the new one, so that you get to see any new
features in the behaviour of configuration options. If you want to use all
the old comments instead of the new ones, you need to add "--keep-comments"
to the command line.

Download it from

The ChangeLog is here:

* New Features and Improvements *
- Added option "SpamScore Number Instead Of Stars" so that the spam stars
   header can be replaced by a number specifying the score instead.
- Added "Max Normal Queue Size" setting so that MailScanner will switch into
   a faster mode when collecting messages. This will stop it processing
   messages in order of date, and just pick them apparently randomly from the
   queue. This may delay some messages considerably, so set it so it is only
   used in emergencies. It should be at least several thousand. After the queue
   has shrunk below the threshold size, it continues to stay in this mode for
   another 40 batches in an attempt to completely clear the queue.
- Added "Maximum Attachments Per Message" setting so that messages which
   accidentally have thousands of attachments are rejected. I have seen this
   happen on 1 MTA when repeatedly bouncing a message between 2 addresses,
   enclosing the headers in a new attachment every time.
- Filename and Filetype allow/deny rules files now have a third option in
   addition to 'deny' and 'allow', you can now do 'deny+delete' (or any word
   containing 'deny' and 'delete'). This will stop the denied attachment
   from being quarantined. Very useful against Sobig worm as you can
   'deny+delete \.pif$' to simply strip all PIF files without quarantining
- Added Custom Function to implement per-IP messages-per-hour rate limiting.
   See for more details (IPBlock).
- Added Custom Function to implement high-speed "spam List" and "Spam Domain
   List" lookups for use with very large rulesets. There are some restrictions
   on the types of rule you are allowed, see the code comments for more
   details (FastSpamList and FastSpamDomainList).
- The subject line text for tagging spam can now include "_SCORE_" which will
   be replaced with the numeric spam score.
- For use with the "attachment" spam action, changed "digest" to "report"
   to encourage MUAs to display the message correctly.
- Improved handling of "Filename Rules" and "Filetype Rules" so they are
   just-in-time compiled, which is needed when using Custom Functions for them.

- Added support for Kaspersky 4.5.0. This is totally different to all
   previous versions, bless them :( It's more sane though.
- Sophos-autoupdate fixed up for Sophos 3.74 and its international swpmess
- Improved sophos-wrapper to handle multi-lingual output of Sophos 3.74.
- Updated F-Secure parser for 4.51.
- Added Solaris check to update_virus_scanners for xpg4 path.
- New update to Tony Finch's mcafee-autoupdate script.
- F-Prot updater improved so downloading happens while MailScanner is running
   normally. Lock out only happens for a fraction of a second.
- Improved rav-autoupdate so it times out after 5 minutes.
- Changed default waiting time in init.d script restart operation to 10 secs.

- Added client IP address logging of infected messages.
- Changed the default values relating to warning senders about what happened
   to their message.
- eTrust added to OS vs virus-scanners grid table.
- Added new Debian package to downloads and news.
- Dutch reports updated with better translations.
- Spanish reports updated with better translations.
- Documentation now includes link to Mail Process Flow Diagram.
- Added "--keep-comments" command-line option to "upgrade_MailScanner_conf"
   command. By default this is off so you get to read about all the new
   whizzy options that can be used with existing configuration options.

* Fixes*
- Opened logging in f-prot-autoupdate so status logging happens.
- Fixed typo in
- changed SA and MCP pre-compilation code so it should now handle the bugs in
   this area of SpamAssassin. Am awaiting response on a fix to SA for this.
- Undone previous fix, SA have fixed their code in RC4.
- Oh no they haven't. Still buggy in their released code too :-(
- Fixed bug in quote replacement in SQL logging in
- Fixed typo in log text in 1 rule in filename.rules.conf.
- Added fix for bug in message handling on busy Postfix systems.
Julian Field
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list