Release 4.63.2 beta

Julian Field MailScanner at ecs.soton.ac.uk
Wed Aug 15 22:33:58 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:
> -- New setting "Check Filenames In Password-Protected Archives = yes". 
> Useful if you allow password-protected archives to a few of your 
> developers, and they need to exchange executables in them.
That was easy to add, once I found the right place to put it, so was 
feasible even if only 1 person wanted it, so far. Hopefully others will 
find it useful given time to think about it.
> -- New setting "Include Binary Attachments In SpamAssassin = no". You 
> can use this option, in conjunction with the small SpamAssassin patch 
> applied for MCP to work, to add to the spam checking the feature that 
> MCP has over it, in that it will process all attachments for spam 
> content, not just the text and HTML.
This is particularly useful if you use MCP to detect certain strings 
such as rude language (if you have children among your users) or the 
names of your company's projects or competitors, when these strings 
might appear in Word documents. Obviously there isn't much point 
scanning images for strings like this, but who's to say that 
my_industrial_espionage_notes.jpg is actually an image and not a renamed 
Word document? So safer to scan everything.

You can then use SpamAssassin Rule Actions to detect these rules firing 
and send the mail to the boss/teacher instead.

And all this without the huge speed impact of actually running MCP. 
Which has to be a good thing, as anyone with MCP running in a large site 
will probably tell you.
> * New Features and Improvements *
> 1 Improved init.d script, so that 'service MailScanner restart' or
>  '/etc/init.d/MailScanner restart' runs faster. It pauses for just long
>  enough for the old MailScanner to die gracefully, and starts up the 
> new one
>  as soon as the old one has died. Previously, it just waited for a fixed
>  length of time which was much longer than needed for most people.
On busy servers you might find it can take quite a while for the 
children to all die. But they will, eventually.

> 1 New setting "Phishing Bad Sites File" which is a live 
> continuously-updated
>  list of known bad sites that have been reported to various mechanisms 
> around
>  the world. Please don't ask me for more information as I can't give 
> it to
>  you, but every site on the list has been manually tested and the list 
> can be
>  relied upon. Your installation should update this file every hour.
>  NOTE: Run upgrade_languages_conf after installing this upgrade!
This file is developing nicely and currently lists over 900 sites, all 
reported within the last week or so. It will continue to grow. Sites are 
eventually expired out of this file, it won't grow indefinitely.
> 2 Added *.fdf to the list of dangerous filenames. Opening a .fdf file can
>  cause the loading of any file on the internet into Adobe Acrobat.
Can someone with one of these fdf files run it through the "file" 
command and tell me what it says please?
> 2 Added new setting "Check Filenames In Password-Protected Archives = 
> yes" so
>  that the filename checks can be suppressed on encrypted archives to 
> allow
>  a few people to get exe's and so on through the mail as part of their
>  business needs. Normally leave this setting at "yes".
This effectively sets Max Archive Depth = 0 for password-protected archives.

> 2 Stopped writing a PID file when "MailScanner --lint" is run.
That was a real brain failure on my part! :-)

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGw3FIEfZZRxQVtlQRAm97AJ9VpW3xv26NcFSIu51GXRst3U90rgCfcZ1w
GEVnfLduxRF5EmmXfuO3L8M=
=ultL
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list