last months patches
Rick Cooper
rcooper at DWFORD.COM
Sun Jul 4 16:13:19 IST 2004
If you are still considering patches I have included a few with a note of
explanation for each (in MSPatchesInfo.txt). I have been running all of
these (some for several versions) on all of our servers without problem. The
item dealing with AVG should be used regardless of the others since I
mistakenly used the wrong value for supportdisinfect, which should be
$S_NONE. (sorry, I meant to have you fix this for a while)
All of the patches apply to version 4.31.6-1
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Sunday, July 04, 2004 8:28 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: last months patches
>
>
> The only one from the original batch that I think I included was
> the Run In
> Foreground patch.
> I have also included the anti-starving patch for all MTA's.
>
> At 14:06 04/07/2004, you wrote:
> >Hi Julian,
> >
> >I wasn't able to pack this before (or to add a couple of patches I wanted
> >to, cause I still couldn't finish/try them).
> >
> >In http://tinyurl.com/2qalx I packed you most of what I'd done by then.
> >
> >The only patch I've finished and tested after that is the one I sent in
> >http://tinyurl.com/3cm64 (I only tested with ZMailer, but it is trivial
> >enough to work alright with any MTA).
> >
> >The affected files by this last one are:
> >lib/MailScanner/Exim.pm
> >lib/MailScanner/Postfix.pm
> >lib/MailScanner/Qmail.pm
> >lib/MailScanner/Sendmail.pm
> >(this is the only patch that touched anything in the above 4 files)
> >lib/MailScanner/ZMailer.pm
> >
> >For your convinience, I also applied this latest patch to the complete
> >files in http://baby.com.ar/MailScanner/MS-new where you get all modified
> >files complete.
> >
> >Everything is against the latest 4.31.6 release.
> >
> >Maybe I'll have time to add a couple more next week (please let me know
> >what you accept/reject from these patches so I work on current files and
> >you don't have to review 3 times the same thing).
> >
> >I'm working on 2 new things:
> >*) What I already mentioned in http://tinyurl.com/2f45l
> >*) A new signal handler (probably for SIGCONT or SIGUSR1 or
> something like
> >that) that allows me to ask the parent to ask its children to finish, but
> >only after having processed the current batch. The parent would then
> >restart its children.
>
> Continuing to run the previous code after receiving a signal
> isn't reliable
> on all OS's, I am very wary of doing this.
>
> I'll probably post a new beta early this week so you can see what
> I have done.
>
> P.S. Just done a count, MailScanner now stands at about 33,000 lines of
> perl and sh. It just keeps growing while I'm not looking :-)
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Message.patch
Type: application/octet-stream
Size: 16553 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040704/d1bc63c0/Message.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MessageBatchDiff.patch
Type: application/octet-stream
Size: 3639 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040704/d1bc63c0/MessageBatchDiff.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SweepViruses.pm.diff
Type: application/octet-stream
Size: 3780 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040704/d1bc63c0/SweepViruses.pm.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: languages.patch
Type: application/octet-stream
Size: 647 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040704/d1bc63c0/languages.obj
-------------- next part --------------
================================
Message.patch:
================================
Modifies the "is spam" logging to out put as: (one line no wrap)
Jun 21 16:35:09 srv2 MailScanner[15180]: Message 1BcWRW-0004FN-6d
from 66.161.21.120 (news at email.americangirl.com)
to cooper-home.com is spam,
SpamAssassin (score=12.858, required 6, BAYES_99 5.40, CLICK_BELOW 0.10,
HTML_70_80 1.50, HTML_FONTCOLOR_RED 0.10, HTML_IMAGE_RATIO_10 1.50,
HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.10, HTML_WEB_BUGS 0.34,
MIME_HTML_NO_CHARSET 0.56, MIME_HTML_ONLY 1.50, SUB_FREE_OFFER 1.66
Report Len is 281)
:rick at cooper-home.com : Free Shipping on Girls of Many Lands
Outputs normal log line plus recipient information and subject. SA report len
is shown because it's truncated to 500 characters maximum and the
entire line is truncated to 800 characters. the to and subject
are delimited with colons to make extraction simpler multiple recipients
are delimited by a semi-colon ";", again for easy extraction. With
this logging it was easy to create a php script that periodically sends
me spam information that includes the recipient, the from address, the
subject and the SA score and I can generally look at that and dismiss
most of the spam,or get a hold of the recipient and ask if they want the
message... saves me a LOT of time.
Temporary fix for the duplicate file name problem within MailScanner
if two separate archives contain the same file name MS will
catch and handle the first but ignore the second, completely.
this patch will note that a file name has already been unpacked
and will extract the second name with the orignal file name
prefixed with the current time stamp. Not perfect as this will
break exact file name checks, but general checks such as /\.exe/ and
file type checks (provided the archive is not password protected) will
still work. This is the best I can do without a huge change in the
current explodeinto code, Julian is working on a better solution
at this time.
Adds UnPackRar function.
Is functionally the same as UnPackZip. If there is no unrar in the path
returns gracefully, otherwise follows the same logic as unpacking a zip
file including catching password protected archives and handling as
configured, if file is password protected or there is an extract error but
the directory listing can be read will create 0 byte files to match
the rar contents for file name rule matching
Slightly modifies the regex escaping for reports to include more
possible matches
================================
MessagebatchDiff.patch
================================
Modifies the "infected" reporting so the actual reason a message was flagged
as bad is in the subject and reports. If a message triggers more than one
action all actions will be listed in the reports. No more "virus detected"
when the real problem was a bad file name. Multiple problems are colon
speparated like : Virus Detected : Password Protected Archive Detected
(note this patch requires the languages.conf patch as well as there are
new strings to denote the actual problem encountered)
================================
SweepViruses.pm.diff
================================
Modifies the avg information to set supportdisinfect to $S_NONE, this
was an error on my part because avg does not disinfect anything
Modifies the clamavmodule code in two ways:
adds detection for ole problems
if allow password protected is false and there is no unrar
installed it will modify the clam call to trigger on password
protected archives. If allow password protected is true or
unrar is installed it only adds the ole portion. The reason for
this logic is if you have unrar installed the passworded archive
will be caught during the UnpackRar (which checks the value of
allow password protected archives) function and it will be properly
identified and reported as a password protected archive, however
if you do not have unrar installed then clamav will enforce the
password protected setting but the passworded archive will be
incorrectly identified as a virus, at least it will be stopped, and
eliminates the need to block all rar files.
================================
languages.patch
================================
adds the strings required for denoting the actual reason a message
has been flagged as bad.
NoticeVirus = Virus Detected
NoticeFileName = Bad File Name Detected
NoticeOther = Other Bad Content Detected
NoticePasswordProtected = Password Protected Archive Detected
these could/should be translated for languages other than english
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list