The Book -- new edition

Thu Jun 23 14:26:35 IST 2005

Oh, here is the list of changes documented in the new version, to  
save you all asking later :-)

.- "Allowed Sophos Error Messages" now works for SophosSAVI scanner  
as well
.  as the command-line Sophos scanner.
.- "\n" can be used to insert line breaks in just about any  
configuration
.  setting or languages.conf string.
.- Optimised scanning of messages when spam/mcp archive is not kept  
clean.
.- Updated Clam+SpamAssassin package for SpamAssassin 3.0.4.

.- Now automatically detects and warns if the "Incoming Work Directory"
.  setting contains any links. It also corrects the path (but not in the
.  MailScanner.conf file) and continues to work properly.
.- SophosSAVI errors are detected as if they were viruses, and are not
.  ignored.
.- New options "Disarmed Modify Subject" and "Disarmed Subject Text" now
.  provide the ability to alter the Subject: line if any HTML tags in  
the
.  body of the message were disarmed (by having their "Allow ....  
Tags" set
.  to "disarm". This is switched on by default.
.- New option "Spam Lists To Be Spam" now provides the ability to set  
how
.  many Spam Lists a message must appear in before it is considered  
to be
.  spam. The default is 1 as that mimics the previous behaviour.
.- Reversed spam and disarm tags to leave spam tag at start of Subject:.

.- Improved install.sh to work on AMD64 Fedora Core 3 systems.
.- Added * wildcard support to phishing.safe.sites.conf, so you can list
.  *.safedomain.com instead of having to list subdomains and other  
servers
.  individually. Useful for listing your own domain.
.- Improved phishing net by adding detector for numeric IPs which do  
match
.  but warn as they might be part of a fraud.

.- The "clamavmodule" scanner cannot unpack archives of RAR version 3.
.  2 new configuration settings allow you to unpack the latest RAR  
archives
.  for testing by the "clamavmodule" scanner.
.  It also enables the contents of the RAR archive to be checked for  
illegal
.  filenames and filetypes, and also to see if they are password- 
protected.
.  Unrar Command = /usr/bin/unrar
.  Unrar Timeout = 50
.- "Allow Password-protected Archives" can now be a ruleset when  
using the
.  clamavmodule virus scanner.
.- Multiple "Subject:" lines are removed. The 1st one is kept.
.- If the "Unrar Command" is defined and points to an executable  
program,
.  it will automatically be used by the "clamav" scanner. No -wrapper
.  tweaking is needed to do this any more.
.- You can now use shell environment variables such as $HOSTNAME or
.  ${HOSTNAME} in MailScanner.conf and its relatives.
.- Changed the "Envelope-From" and "Envelope-To" headers to include your
.  organisation's name.
.- Changed default supplied values for "Allow xxxxx Tags" to disarm  
all of
.  these tags.

.- Added feature when IP address in a ruleset has all 4 numbers, so  
that a
.  full string match is done against the client IP, not a substring  
match.
.- Added 4 new configuration options for setting all ClamAV settings  
when
.  using the "clamavmodule" scanner:
.  ClamAVmodule Maximum Recursion Level
.  ClamAVmodule Maximum Files
.  ClamAVmodule Maximum File Size
.  ClamAVmodule Maximum Compression Ratio

.- Can now use $from, $id and $subject in inline signature for  
signing clean
.  messages.
.- Any entry in the "Archive Mail" setting can contain _DATE_ which  
will be
.  replaced with the current date in yyyymmdd form, so you can backup  
or move
.  yesterday's archive safely knowing that it won't be written to today.
.- Added "Also Find Numeric Phishing" setting (on by default) so that  
all
.  numeric IP addresses in links are flagged as being dangerous.
- Added "$postmastername" to the list of variables available in many  
reports.
- Postfix support added to "IPBlock" functionality for SMTP connection
   throttling. Many thanks to Rakesh for writing this.
.- Added "Log Dangerous HTML Tags" configuration setting, and removed  
old
.  "Log IFrame Tags" configuration setting, so that all potentially  
dangerous
.  HTML tags are now logged. This helps when you are developing your  
white-
.  list of safe sources of HTML tags, such as newsletters and daily  
cartoons.
.- Added "Phishing Safe Sites File" configuration setting to point to  
a file
.  containing a list of fully-qualified hostnames which are ignored  
in the
.  phishing detection tests. Any links to any of these hostnames are  
ignored
.  in the phishing tests.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!