Beta release 4.39.4
Rick Cooper
rcooper at DWFORD.COM
Wed Mar 2 14:02:53 GMT 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Adri Koppes
> Sent: Wednesday, March 02, 2005 8:29 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Beta release 4.39.4
>
>
> Rick,
>
> Have you send you patches of to Julian??
> There might be more people interested to have unrar functionality in
> MailScanner.
>
> Adri.
>
Yes, I sent several last year (you will see part of the Unrar code commented
out in Message.pm) and he used a few but did not use (I sent five or six):
Logging the actual recipient(s) in the log (standard does host only), as
well as the subject in a fairly easy
to parse format, all the new stuff is placed at the end of the standard log
line.
UnpackRar code that function does the same as the UnPackZip function does.
Is used if unrar is
somewhere on your path, skipped if it is not. This also allows the
filename/type checks to work
the same as with zip files
Code to handle archives with duplicate file names as the archive (nested
also). I am not sure if Julian
ever worked this out himself or not, I never saw mention of it again after
I pointed out the MS would
skip this condition. For instance if an attachment File.Zip contains a file
named File.Zip MS will skip
it and not unpack it (because it thinks it already did). My work around is
not elegant
(I prepend a time stamp to the file name). The problem with this approach
is it would break some file
name checks, if they are very specific, but it gets the file checked at
least.
I also wrote a patch that allows you to have different file name/type
rules/rulesets for files contained within archives as opposed to just
disabling unpacking and checking archives if you need to pass certain files
in archives that you do not pass raw.
I can understand why he skipped the logging thing, it changes the entire
format of the spam logging line, but with that information I can send myself
reports of what was tagged as spam that include the sender, recipients,
scoring information and subject, and ninety out of a hundred times I don't
have to bother looking at the message to determine if it truly is spam or
not.
I also know he is not in favor of having two sets of file name/type rules,
one for raw and one for archives, because he fears it would be to
complicated for some admins... So I understand that one.
I can understand the code to handle file names that are duplicated within an
archive (the file name/type checks) but it seems a big hole in security to
me.
I never heard why he didn't use the Unpack Rar code, and I never understood
why it wasn't used.
So I just make new patches every time a new release comes out, I apply them
and propagate the patched version to all my mail servers. Kind of sucks when
there are a lot of major changes though. I wish they were all in there so I
didn't have to mess with it, but I think Julian has pretty good vision so I
am sure there is a good reason why they didn't "make the cut", perhaps they
are just to specific to my needs/wants
Rick
> > -----Original Message-----
> > From: Rick Cooper [mailto:rcooper at DWFORD.COM]
> > Sent: 02 March, 2005 14:24
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Beta release 4.39.4
> >
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > Behalf Of Martin Hepworth
> > > Sent: Tuesday, March 01, 2005 4:12 AM
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: Beta release 4.39.4
> > >
> > >
> > > Does it do rar extraction by default???? Looking at the docs I'm not
> > > sure it does.
> > >
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> >
> > It's important to note that ClamAV only supports RAR v2, so
> > the answer is:
> >
> > Uncomment the ScanRar line in the config file
> >
> > but pass the --unrar[=FULLPATH] option (and of course have
> > the latest unrar)
> > if you really want to handle rar files because v2 is quite old and not
> > likely to be used much anymore. If you are using clamavmodule then you
> > cannot use the external unrar (which is why I patch my MS
> > versions with
> > specific unrar code/function every release).
> >
> > Rick
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list