MailScanner ANNOUNCE: Stable release 4.63.7
Julian Field
MailScanner at ecs.soton.ac.uk
Sat Sep 1 16:11:41 IST 2007
I have just released the latest stable version 4.63.7.
The major new changes this month are
-- Support for F-Prot version 6, usable by specifying "Virus Scanners =
f-prot-6".
-- "Phishing Bad Sites File": this is a file which you are recommended
to update hourly which contains a list of manually tested compromised
web sites being actively used in phishing fraud attacks. This list is
being continually modified.
-- Improvements to the "SpamAssassin Rule Actions" so you can easily
implement as many different levels of spam actions as you want, all in 1
line.
-- "Include Binary Attachments In SpamAssassin" which can be used to
tell SpamAssassin to search all attachments, including binary files such
as Word documents. Off by default as it has a slight speed impact on
SpamAssassin.
-- "Check Filenames In Password-Protected Archives" so that the
filename checks can be suppressed on encrypted archives to allow a few
people to get exe's and other dangerous files for their job, without
them having to suppress filename checks as well as allow
password-protected archives. On by default.
Download as usual from www.mailscanner.info.
The full Change Log is this:
* New Features and Improvements *
1 Improved init.d script, so that 'service MailScanner restart' or
'/etc/init.d/MailScanner restart' runs faster. It pauses for just long
enough for the old MailScanner to die gracefully, and starts up the
new one
as soon as the old one has died. Previously, it just waited for a fixed
length of time which was much longer than needed for most people.
1 Improved tar installer so the directory created for MailScanner
includes the
build revision number as well as the main version number.
1 Improved phishing net logging to log entire real URL not just hostname.
1 Improvement to update_spamassassin to stop cron-generated mail.
1 New setting "Phishing Bad Sites File" which is a live continuously-updated
list of known bad sites that have been reported to various mechanisms
around
the world. Please don't ask me for more information as I can't give it to
you, but every site on the list has been manually tested and the list
can be
relied upon. Your installation should update this file every hour.
NOTE: Run upgrade_languages_conf after installing this upgrade!
2 Reduce default "Restart Every" time to 2 hours so that updates to the
known bad phishing sites list are re-read more frequently.
2 Added *.fdf to the list of dangerous filenames. Opening a .fdf file can
cause the loading of any file on the internet into Adobe Acrobat.
2 Added 2 new variables to the sender reports: $size = size of message
in bytes
and $maxmessagesize = maximum allowed size of this message in bytes.
2 Added new setting "Check Filenames In Password-Protected Archives =
yes" so
that the filename checks can be suppressed on encrypted archives to allow
a few people to get exe's and so on through the mail as part of their
business needs. Normally leave this setting at "yes".
2 Added new setting "Include Binary Attachments In SpamAssassin = no" which
can be used to tell SpamAssassin to look at all attachments, not just the
ones containing text (or HTML, etc) which is its normal behaviour.
Changing this setting to "yes" will have no effect without a patch to the
SpamAssassin code, which you can fetch from
http://www.mailscanner.info/mcp.html#patches
It will slightly slow down SpamAssassin some of the time, and is therefore
disabled by default.
This can be very useful if you want to look for rude or derogatory content
in messages, and do not want the huge speed impact of using MCP. It can
successfully scan the content of Microsoft Word documents, for example. It
won't be effective on PDF files however, as these are compressed
internally
so there is no readable text anywhere in the file.
3 Added a long $PATH to f-prot-autoupdate so we can find wget on most OS-es
including Solaris.
3 Improved Sophos.install to disable the savupdate cron job and switch off
the unwanted Sophos services.
3 Added a feature to the "SpamAssassin Rule Actions". You can now specify
"SpamScore" and a number comparison, instead of just giving a SpamAssassin
rule name. So you can say
SpamAssassin Rule Actions = SpamScore>25=>delete
and this will cause all messages scoring over 25 to be deleted. You
can use
this to set different actions at different spam scores, in addition to the
normal spam actions and high-scoring spam actions. The numerical tests you
can use are ">", ">=", "==", "<=" and "<".
4 The "action" in each "RULE=>action" in "SpamAssassin Rule Actions" can now
be a comma-separated list of actions, so you can easily specify multiple
actions per rule.
6 Added support for F-Prot version 6. Must be specified by
"Virus Scanners = f-prot-6" in MailScanner.conf.
* Fixes *
1 Improvement to phishing net to allow HTML tags with contents split over
multiple lines.
1 Changed options to ClamAVmodule so it doesn't hit false positives with the
phishing and scam email detection signatures.
1-2 Fixed bug where --lint gives "MailScanner.conf file not found" error.
2 Stopped writing a PID file when "MailScanner --lint" is run.
2 update_spamassassin no longer produces any output, so no crond email.
2 Fixed bug where clamavmodule scanner name wouldn't always be logged
correctly.
2 Bugfix in ZMDiskStore.pm ZMailer support from Leonardo Helman.
3 Force installation of perl-Getopt-Long to try to solve the problems with
command-line options producing 'config file not found' errors.
3 Commented out sample rules in max.message.size.rules file.
3 Fixed MailScanner.conf Sophos-specific settings for Sophos 5.
5 Fixed problem where MTA=sendmail would cause ruleset to not be used on
Sendmail2 setting.
Jules
--
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list