Beta release 4.39.4 - it is working BUT...

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Mon Feb 28 11:50:04 GMT 2005 

Julian

Looked a bit further in to the EOCD signature message. It reflects what
you found with the same message when you ran it through 4.39.3 - is has
an incorrrectly formatted ZIP archive attachment. The message is still
processed though which is a step forward.

Thus 4.39.3 works when unmodified. I now need to find out which of our
local changes to the MS configuration causes the problems. 
 
Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."  

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Quentin Campbell
>Sent: 28 February 2005 10:06
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Beta release 4.39.4
>
>Julian
>
>Have installed 4.39.4 on cheviot7, the system on which there were
>problems with the 4.39.3 MailScanner.
>
>This time the ONLY changes to the installed MailScanner are:
>
>1. set "Virus Scanners = sophos mcafee"
>2. set "Debug = yes"
>
>in MailScanner.conf. Nothing else has been changed anywhere in the
>installed MS.
>
>With just the problematic message in mqueue.in, when I run
>"check_mailscanner" I get:
>
>[root at cheviot7 MailScanner]# check_mailscanner
>Starting MailScanner...
>In Debugging mode, not forking...
>format error: can't find EOCD signature 
> at /usr/sbin/MailScanner line 563
>Stopping now as you are debugging me.
>[root at cheviot7 MailScanner]#
>
>Is this of some help with the earlier problem or have I missed an
>important change in the new MailScanner.conf?
>
>What version of MIME-Tools should we be running with this latest MS?
>
>Quentin 
>---
>PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>                           University of Newcastle,
>                           Newcastle upon Tyne,
>FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>---------------------------------------------------------------
>---------
>"Any opinion expressed above is mine. The University can get 
>its own."  
>
>>-----Original Message-----
>>From: MailScanner mailing list 
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: 28 February 2005 08:59
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Beta release 4.39.4
>>
>>This will mature into the stable version tomorrow unless 
>anyone has any
>>problems with it.
>>Mostly some more bug-fixes for people.
>>Full Change Log is below.
>>
>>I would be very grateful if you could test out this version 
>and check I
>>haven't made any dumb mistakes :-)
>>
>>Download as usual from www.mailscanner.info
>>
>>* New Features and Improvements *
>>- If the AttachmentWarning message put into a message is empty 
>>(zero-length)
>>  then the empty attachment won't be added to the message at all.
>>- Added scanning of PE's by default to clamavmodule scanner.
>>- Added feature when IP address in a ruleset has all 4 
>>numbers, so that a
>>  full string match is done against the client IP, not a 
>>substring match.
>>- Added support for output from latest F-Prot and archive bomb 
>>detection.
>>- Set all virus scanners to SUPPORTED so no tweaking needed by users.
>>- Added 4 new configuration options for setting all ClamAV 
>>settings when
>>  using the "clamavmodule" scanner:
>>  ClamAVmodule Maximum Recursion Level
>>  ClamAVmodule Maximum Files
>>  ClamAVmodule Maximum File Size
>>  ClamAVmodule Maximum Compression Ratio
>>- Phishing net now traps website names containing unicode characters.
>>
>>* Fixes *
>>- Corrected problem with <a> tags that have no text contents 
>>and no </a>.
>>- 2 minor typos in the Swedish reports.
>>- Changed check_MailScanner to check_mailscanner in cron job.
>>- Fixed problem where files with no extension, inside a zip file, were
>>  extracted with ".dat" added onto the end of them.
>>- Fixed problem with phishing net being confused by some 
>>malformed URLs.
>>- Syslog calls are forced to 8-bit characters.
>>- Fixed problems with nested input queues not being used consistently.
>>- Custom Function reader no longer includes Debian dpkg files 
>it should
>>ignore.
>>- Fixed problems with messages being rebuilt just because they 
>>contain <A>
>>  or <IMG>.
>>- Fixed problems with some messages with sendmail nested input 
>>queue but
>>  flat output queue.
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Buy the MailScanner book at www.MailScanner.info/store
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list