Beta release 4.39.4

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 2 14:18:04 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I always try to at least reply, but good ideas do get lost sometimes.
The unrar code would require another timeout wrapper round it, which I
would have to copy from elsewhere, so it isn't trivial.
I can't remember if I came up with a solution to the duplicated
filenames problem or not, it was quite a long time ago.

Rick Cooper wrote:

>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>>Behalf Of Adri Koppes
>>Sent: Wednesday, March 02, 2005 8:29 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Beta release 4.39.4
>>
>>
>>Rick,
>>
>>Have you send you patches of to Julian??
>>There might be more people interested to have unrar functionality in
>>MailScanner.
>>
>>Adri.
>>
>>
>>
>
>Yes, I sent several last year (you will see part of the Unrar code commented
>out in Message.pm) and he used a few but did not use (I sent five or six):
>
>        Logging the actual recipient(s) in the log (standard does host only), as
>well as the subject in a fairly easy
>        to parse format, all the new stuff is placed at the end of the standard log
>line.
>
>        UnpackRar code that function does the same as the UnPackZip function does.
>Is used if unrar is
>        somewhere on your path, skipped if it is not. This also allows the
>filename/type checks to work
>        the same as with zip files
>
>        Code to handle archives with duplicate file names as the archive (nested
>also). I am not sure if Julian
>        ever worked this out himself or not, I never saw mention of it again after
>I pointed out the MS would
>        skip this condition. For instance if an attachment File.Zip contains a file
>named File.Zip MS will skip
>        it and not unpack it (because it thinks it already did). My work around is
>not elegant
>        (I prepend a time stamp to the file name). The problem with this approach
>is it would break some file
>        name checks, if they are very specific, but it gets the file checked at
>least.
>
>I also wrote a patch that allows you to have different file name/type
>rules/rulesets for files contained within archives as opposed to just
>disabling unpacking and checking archives if you need to pass certain files
>in archives that you do not pass raw.
>
>I can understand why he skipped the logging thing, it changes the entire
>format of the spam logging line, but with that information I can send myself
>reports of what was tagged as spam that include the sender, recipients,
>scoring information and subject, and ninety out of a hundred times I don't
>have to bother looking at the message to determine if it truly is spam or
>not.
>
>I also know he is not in favor of having two sets of file name/type rules,
>one for raw and one for archives, because he fears it would be to
>complicated for some admins... So I understand that one.
>
>I can understand the code to handle file names that are duplicated within an
>archive (the file name/type checks) but it seems a big hole in security to
>me.
>
>I never heard why he didn't use the Unpack Rar code, and I never understood
>why it wasn't used.
>
>So I just make new patches every time a new release comes out, I apply them
>and propagate the patched version to all my mail servers. Kind of sucks when
>there are a lot of major changes though. I wish they were all in there so I
>didn't have to mess with it, but I think Julian has pretty good vision so I
>am sure there is a good reason why they didn't "make the cut", perhaps they
>are just to specific to my needs/wants
>
>Rick
>
>
>
>>>-----Original Message-----
>>>From: Rick Cooper [mailto:rcooper at DWFORD.COM]
>>>Sent: 02 March, 2005 14:24
>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>Subject: Re: Beta release 4.39.4
>>>
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>>>>Behalf Of Martin Hepworth
>>>>Sent: Tuesday, March 01, 2005 4:12 AM
>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>Subject: Re: Beta release 4.39.4
>>>>
>>>>
>>>>Does it do rar extraction by default???? Looking at the docs I'm not
>>>>sure it does.
>>>>
>>>>
>>>>--
>>>>Martin Hepworth
>>>>Snr Systems Administrator
>>>>Solid State Logic
>>>>Tel: +44 (0)1865 842300
>>>>
>>>>
>>>>
>>>It's important to note that ClamAV only supports RAR v2, so
>>>the answer is:
>>>
>>>        Uncomment the ScanRar line in the config file
>>>
>>>but pass the --unrar[=FULLPATH] option (and of course have
>>>the latest unrar)
>>>if you really want to handle rar files because v2 is quite old and not
>>>likely to be used much anymore. If you are using clamavmodule then you
>>>cannot use the external unrar (which is why I patch my MS
>>>versions with
>>>specific unrar code/function every release).
>>>
>>>Rick
>>>
>>>
>>>--
>>>This message has been scanned for viruses and
>>>dangerous content by MailScanner, and is
>>>believed to be clean.
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
>>
>>
>>
>>
>>
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list