ANNOUNCE: Stable 4.28.5 released

Julian Field mailscanner at ecs.soton.ac.uk
Fri Mar 5 10:04:31 GMT 2004


Well, the problems have settled down, and most of the AV vendors can now
spot the password-protected zip files, though it has taken them so
considerable time to do so.

However, the next time around this is all going to be a problem again.

So here is the stable release that will detect and block password-protected
zip files for you. It also unpacks them (down to a configurable maximum
nesting depth) and allows you to run filename and file content checks on
the files in the archive, so the old "put it in a zip and it won't be
checked" is no longer true. Also, renaming executables won't get round it
either, if you are using the file content checking abilities.

Download it as usual from www.mailscanner.info.

Note for people upgrading:
=====================
you will need to run the "./install.sh" script as 2 new Perl modules need
to be installed (Compress::Zlib and Archive::Zip for those interested in
such things).

The full Changelog is here:

* New Features and Improvements *
- It will now unpack zip archives up to the nesting depth set by the
   "Maximum Zip Archive Depth" setting so that virus scanning and filename
   checking can be done on files within zip archives.
   NOTE: This has not been very well tested yet, I hope to do something rather
   better in future.
   NOTE: You will need to install the "Archive::Zip" Perl module yourself
   before this version will run.
- It will now detect password-protected zip files, which is controlled by
   the option "Allow Password-Protected Archives". The default is to block
them.
- Have now rewritten most of the password-protected zip handling code. There
   is a new keyword allowed in the Silent-Viruses list which is "Zip-Password".
   This will stop password-protected zip files being notified to the senders.
   Please add this to your Silent Viruses list.
   Now should only remove the infected part of the message and leave the rest
   intact when it sees a zip file it doesn't like.
- Setting the maximum archive nesting depth to 0 while banning password-
   protected zip files will result in the attachments being checked to ensure
   they are not password-protected, while not enforcing any other file rules
   on the contents.
- Improved the MIME decoder speed a little bit.
- The keyword "Zip-Password" can be added to the list of Non-Forging Viruses
   so that it over-rides the "All-Viruses" setting in the list of Silent
   Viruses.
- The Compress::Zlib and Archive::Zip Perl modules are now installed as part
   of the RPM distributions.
- Reports about password-protected archives and unreadable archives can now
   be customised and translated.
- More logging added to ClamAV autoupdate script.
- Timeout protection added to Symantec CSS autoupdate script.
- Sophos.install script now has a much better try at uncompressing the .Z
   archive you download from Sophos.

* Fixes *
- Fixed problems with messages containing both password-protected zip files
   and unprotected zip files.
- Won't reject .tar.gz and .tgz files it can't unpack.
- Password-protected zip files can no longer be "disinfected", just "cleaned".
- Password-protected zip files now tagged as dangerous content and not a virus.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list