I like the adjustment of Bayes and HMM scoring. Thanks! I've checked my Net::DNS version and found that (oddly) it is 0.75. Would this version also be a problem? Where would I find the 0.74 version of the module?
Thanks, Peter Hinman International Bridge / ParcelPool.com On 5/30/2014 9:20 AM, Thomas Eckardt wrote: > Hi all, > > fixed in assp 2.4.2 build 14150: > > **** ATTENTION **** > > this version will make changes to the assp.cfg file, > which are incompatible to all previouse versions > ASSP will make a backup copy of the assp.cfg file at startup, > the backup file will be named as: > assp_version.build.cfg.bak for example assp_2.4.2.14145.cfg.bak > > it is recommended to make a manual backup of the assp.cfg file before > starting this version > > ******************* > > - under certain conditions it was possible that the DNS-server check was > doing strange things if > Net::DNS version 0.76 is installed - if you see DNS problems downgrade > to version 0.74 > > - The different setup of the MessageScore and IPScore (eg '20,30') in > several *Valence values was not working > if weights were used. If weights are used, the IPScore is now calculated > base on (weight * IPScore / MessageScore) > > - This release fixes several security vulnerables. It was possible that an > AdminUser could take over system > control by adapting the rights of the assp process user, with simple > configuration changes. > > 1. it was possible to define regular expression that executes embedded > perl code > 2. several parameters (like for example FileScanCmd and AutoRestartCmd) > could be set to run any system code > > All configuaration parameters that are related to system calls or > commands are now stored encrypted and could > only be changed by the 'root' user. > If a defined regular expression tries to execute any perl code, the > complete configuration value will be ignored. > Several other security related configuration parameters are now stored > encrypted. > > An AdminUser was able to get login information for other accounts by > accessing the file notes/configdefaults.txt > AdminUsers are no longer able to access the file > notes/configdefaults.txt (only root access) > > - a wrong warning "the system select->() call of your operating system > does not support milliseconds > as timeout value - USE ANOTHER OPERATING SYSTEM !!!" was logged at > startup > > > > changes: > > - the SMTP 'AUTH=' extension for the 'MAIL FROM:' command is now processed > > - the IPinHelo missmatch code is improved to prevent wrong 'failed' > detections > > - if an user or server is authenticated, assp appends now the 'A' to the > received mode in our received header line > SMTPA,ESMTPA,SMTPSA,ESMTPSA > > - the used SSL-version is now shown in our received header in addition to > the still shown SSL-cipher > > - if the information is available in an analyzed mail, the analyzer now > shows, if the sender was authenticated > to any server in the mail transport chain > > - if any entry in the PTRCache has a state of '0' (unchecked), this entry > will be validated with the > cache maintenance routine. > > > added: > > - It is now possible to reduce the MessageScore and IPScore in case the > Bayesian and/or HMM check detected HAM, > to prevent false positives > > 'bayshamValencePB','Bayesian HAM Bonus, default=0 +' > 'Message/IP scoring bonus (zero or negative value only) > > 'HMMhamValencePB','Hidden-Makov-Model HAM Bonus, default=0 +', > 'Message/IP scoring bonus (zero or negative value only) > > !! scoring stats are updated - a new ASSP_MIB and assp-mrtg.cfg file is > released !! > > Thomas > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > > ------------------------------------------------------------------------------ > Time is money. Stop wasting it! Get your web API in 5 minutes. > www.restlet.com/download > http://p.sf.net/sfu/restlet > > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
