Announcement: New beta 4.59.2 released
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Apr 27 18:11:02 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Juan Pablo Salazar Bertín wrote:
> Julian Field <MailScanner <at> ecs.soton.ac.uk> writes:
>
>
>> Hi folks,
>>
>> I have just released a new beta 4.59.2 which includes the support for
>> clamd, using the patches provided earlier on this list.
>>
>> If you use clamd and are running MailScanner as root (or have not
>> specified the Run As User at all), then it is vital that you read the
>> notes just above the "Incoming Work Group" setting in order to get the
>> ownership and permissions correct so that clamd can read them.
>>
>> Download as usual from www.mailscanner.info.
>>
>> Please test this release for me!
>>
>> The Change Log for 4.59 so far is this:
>>
>> * New Features and Improvements *
>> 2 Changed locations monitored for ClamAV updates to fit new ClamAV 0.9
>> layout.
>> 2 Added support for clamdscan and clamd. Use "Virus Scanners = clamd".
>>
>> * Fixes *
>> 1 Exim fix by Debian Maintainer: Simon Walter.
>> 1 Incoming Work Group not honoured for files with a leading dot in their
>> filename. Again, fix by Simon Walter.
>>
>> Jules
>>
>>
>
>
> Hi Julian, I've been trying to find out why some phishing is being undetected by
> MailScanner. I think it's due to line 5581 in Message.pm. I'm receiving phishing
> like this:
>
> <a href=http://santandersantiago.cl.camufa.com/canales/empresas/><font
> color=blue font size=4><u>
> http://www.santandersantiago.cl/canales/empresas/index.asp</font></font></u></a>
>
> So, as they're not using double quotes, MailScanner thinks it's an empty A tag.
> I think a better way of guessing if it's an empty A tag would be to check if
> href is empty, something like replacing:
>
> $DisarmInsideLink = 0 if $text =~ /\/\>$/; # JKF Catch /> empty A tags
>
> with:
>
> $DisarmInsideLink = 0 if $DisarmLinkURL eq ''; # JPSB empty A tags
>
> I've tested this in a development box against some phishing and it works. I'd
> like you to tell us if this change doesn't have any drawback, so we can safely
> patch production servers, and may be it's included in this new version. Thanks.
>
> PS: You can get a sample phishing message at
> http://www.divshare.com/download/498395-7da
>
>
I have added your patch and it will be in the next release.
I would be most grateful if other people could test this patch as well!
Thanks.
Jules
- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)
Charset: ISO-8859-1
wj8DBQFGMi8fEfZZRxQVtlQRAgfuAJoCEDiE10WdNEqfkWdv6/YxS/EI8ACgl5H5
Nq8SwrZD6kQUz+wQwTN1eQI=
=UOI9
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list