ANNOUNCE: Beta 4.38.3 released

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Thu Jan 20 10:46:46 GMT 2005 

Julian

Have installed HTML-Parser-3.45 and the Message.pm you sent me. Hope
that it fixes a curious set of "phishing" log entries I have seen this
morning similar to:

Jan 20 09:08:56 cheviot7 MailScanner[2891]: Found phishing fraud from #6
claiming to be www.northernireland in j0K98THm023525.

Even with 4.38.3-1 with all the latest fixes, etc, am still getting what
I think are spurious "Content Checks: Detected and will diasrm..."
messages. Will send you off-line a 32 line Sendmail log extract with
just the MailScanner records for a small batch of messages exbibiting
this behaviour.  

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."  

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>Sent: 20 January 2005 10:07
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: ANNOUNCE: Beta 4.38.3 released
>
>Quentin,
>
>I have a new Message.pm file for you. I have found a couple of problems
>and corrected them. I will be interested to hear if this helps.
>
>
>
>Quentin Campbell wrote:
>
>>Julian
>>
>>So far, so good.
>>
>>Installed 4.38.3-1 on one of our 8 production mail gateways this
>>afternoon.
>>
>>Running OK and as expected.
>>
>>System is RH AS 3 running on a Compaq DL380.
>>
>>Quentin
>>---
>>PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>>                           University of Newcastle,
>>                           Newcastle upon Tyne,
>>FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>>--------------------------------------------------------------
>----------
>>"Any opinion expressed above is mine. The University can get its own."
>>
>>
>>
>>>-----Original Message-----
>>>From: MailScanner mailing list
>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>>Sent: 18 January 2005 19:40
>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>Subject: ANNOUNCE: Beta 4.38.3 released
>>>
>>>Evening all!
>>>
>>>I have just released beta version 4.38.3.
>>>
>>>Please don't run it on production systems for the next 24 
>hours or so,
>>>unless you know what you are doing and can retreat to your previous
>>>version easily. Any problems will probably appear in the 
>first 24 hours
>>>of the release, due to the very kind testing done by many of 
>you which
>>>all helps.
>>>
>>>The main new features are
>>>
>>>- Added "Phishing Safe Sites File" configuration setting to
>>>point to a file
>>> containing a list of fully-qualified hostnames which are
>>>ignored in the
>>> phishing detection tests. Any links to any of these
>>>hostnames are ignored
>>> in the phishing tests.
>>>- Added "Also Find Numeric Phishing" setting (on by default)
>>>so that all
>>> numeric IP addresses in links are flagged as being dangerous.
>>>
>>>- Any entry in the "Archive Mail" setting can contain _DATE_
>>>which will be
>>> replaced with the current date in yyyymmdd form, so you can
>>>backup or move
>>> yesterday's archive safely knowing that it won't be written 
>to today.
>>>- Postfix support added to "IPBlock" functionality for SMTP 
>connection
>>> throttling. Many thanks to Rakesh for writing this.
>>>
>>>Download as usual from www.mailscanner.info
>>>
>>>The full Change Log is:
>>>
>>>* New Features and Improvements *
>>>- Upgraded to MIME-tools 5.416.
>>>- Added new filename restrictions using Microsoft 
>vulnerability report
>>>
>>>
>>>from AUScert.
>>
>>
>>>- Improved /etc/sysconfig/MailScanner so that it finds
>>>Incoming Work Dir and
>>> Incoming Queue Dir automatically from MailScanner.conf file.
>>>- Can now use $from, $id and $subject in inline signature for
>>>signing clean
>>> messages.
>>>- Any entry in the "Archive Mail" setting can contain _DATE_
>>>which will be
>>> replaced with the current date in yyyymmdd form, so you can
>>>backup or move
>>> yesterday's archive safely knowing that it won't be written 
>to today.
>>>- Added zero score for ALL_TRUSTED rule in SpamAssassin as it
>>>is known to
>>> cause problems.
>>>- Added "Also Find Numeric Phishing" setting (on by default)
>>>so that all
>>> numeric IP addresses in links are flagged as being dangerous.
>>>- Added "$postmastername" to the list of variables available in many
>>>reports.
>>>- ClamAV -autoupdate script now logs all warnings and errors
>>>
>>>
>>>from freshclam.
>>
>>
>>>- Postfix support added to "IPBlock" functionality for SMTP 
>connection
>>> throttling. Many thanks to Rakesh for writing this.
>>>- Updated German translations. Many thanks to Felix for doing this.
>>>- Added PDF version of new MailScanner advertising "flyer".
>>>- Added "Log Dangerous HTML Tags" configuration setting, and
>>>removed old
>>> "Log IFrame Tags" configuration setting, so that all
>>>potentially dangerous
>>> HTML tags are now logged. This helps when you are developing
>>>your white-
>>> list of safe sources of HTML tags, such as newsletters and
>>>daily cartoons.
>>>- Added "Phishing Safe Sites File" configuration setting to
>>>point to a file
>>> containing a list of fully-qualified hostnames which are
>>>ignored in the
>>> phishing detection tests. Any links to any of these
>>>hostnames are ignored
>>> in the phishing tests.
>>>
>>>* Fixes *
>>>- Fixed problem where some spam was delivered even if the 
>Spam Actions
>>>was set
>>> to "store delete" if the messages were not to be virus-scanned.
>>>- Fixed harmless uninitialised variables in HTML disarming.
>>>- Removed 2nd copy of tnef sources from tar distribution.
>>>
>>>--
>>>Julian Field
>>>www.MailScanner.info
>>>Buy the MailScanner book at www.MailScanner.info/store
>>>Professional Support Services at www.MailScanner.biz
>>>MailScanner thanks transtec Computers for their support
>>>
>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>
>>
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list