http://qmail-scanner.sourceforge.net/
Big release. Fixes for several small av bugs, plus support for new scanners
such as the Open Source Clam-AV.
Contrary to my earlier statement not to add new features [:-)], there are
new features too:
* fast_spamassassin now has a new option that allows you to alter the
Subject: header - so you don't need to run "verbose_spamassassin" anymore.
* big changes to logging. Now if you have 20 recips, that causes 20 log
records. That'll improve stats no end.
* Envelope headers and the IP address of the SMTP client are now made
available to perlscanner
* Quarantine alert messages now contain ALL headers
* Viruses such as klez no longer cause an alert to be sent to the sender,
as they never sent it in the first place!
Hmm, in fact, here's all the changes:
1.13 5-Jul-2002
* Big change to logging. Now a message to 20 recipients creates 20
log entries. This will dramatically improve the usefulness of the
log entries (the size-limit issues of syslog almost disappear)
* Added new tracking header X-Qmail-Scanner-Message-ID. This is
normally set to Message-ID - but is randomly generated if that
header doesn't exist. It's used in the logging so as to provide
an explicit linkage between different log entries from the same
message. It is used internally, and is only added to actual messages
that don't have a Message-ID header.
* Alerts now refer to the envelope "mail from" address instead of the
address shown in the From: header. There are too many trojans
out there screwing around with these things that it's just too
confusing to try to be smart now.
* New feature! Envelope headers ("mail from" and "rcpt to") and the
IP address of the SMTP client (TCPREMOTEIP) are now
made available to the perlscanner module! You can now use
Virus-MAILFROM,Virus-RCPTTO and Virus-TCPREMOTEIP to match on
those headers. Note that they are uppercased - to separate them
from standard mail headers - which are always lowercased.
* Strip out line breaks from SCANINFO - apparently some virus scanners
have CR in their version ids...
* Changed all occurances of "Illegal" to "Disallowed". Illegal seems
a bit harsh...
* Quarantine alert messages now contain ALL headers.
Will need to keep an eye on this when Q-S introduces
body-scanning. You could get an infinite loop...
* More examples added to quaratine-attachments.txt. Everyone should
read it to see if there's anything they want, as if you are just
upgrading Q-S, your existing quarantine-attachments.txt file is
NOT touched.
* ensure that regenerating the perlscanner DB fails if the TXT
file is unreadable.
* Fixed bug in perlscanner that stopped you having header matches that
contained the same regex.
* Changed sub-avp again (Kaspersky AVPLinux scanner) - sheesh!
* Information Leakage: some people have complained about how Q-S
tells the sender and recips where the unpacked message was. Now
the admin, sender and recips are sent separate messages, and only
the admin address will receive such details. The rest will be told
that their message contains a "XXX" virus - but no file path details.
* Added new feature to limit the damage done by trojans that change
the From address to be someone other than the person actually sending
the trojan. '--silent-viruses="klez,othernastyvirus"' would mean
that *IF* a virus is detected, AND the string "klez" or
"othernastyvirus" appears in the virus description given by the
virus scanner, THEN the quarantine alert message is NOT sent to the
supposed sender - as it won't actually have been them. This
may help limit the confusion people are feeling these days
with such anti-social (more anti-social?) viruses
Thanks to Greg Wildman for the implementation.
* Added new feature to "fast_spamassassin". If you change this to
"fast_spamassassin='*****SPAM*****'", then the faster SA setting
is still used, but the string "*****SPAM*****" is prepended
to the Subject: line. Apparently users find the other methods
of finding the SA tags too difficult :-)
Note: the format is actually "fast_spamassassin=<string>" - so you
can have any single-word marker there that you want. Just make sure
it looks obvious.
* Fixed bug where logging reports quarantine message being sent to
recipients even when Q-S configured to not notify recips! (they
weren't actually sent anything - but it was reported they did...)
* Changed documentation to reflect the fact that setting QMAILQUEUE
within the tcpserver rules file is now the ONLY supported way of
setting Qmail-Scanner. The other methods are too diverse to document
correctly, so let's just stick to the one that works best.
* Document that DB_File has disappeared from Perl 5.6.1
* By default, SpamAssassin is only run on Email that comes from
"non-local" SMTP clients. That is decided on the lack of the
RELAYCLIENT environment variable (see Qmail docs). If that doesn't
do what you want, you can also set
"QS_SPAMASSASSIN=on" in your tcpserver rules file to
force SA to be run.
* More explicit documentation that the SpamAssassin support DOES NOT
QUARANTINE POTENTIAL SPAM!!!! There - I think that's pretty
explicit :-) SpamAssassin has always been designed to "tag" messages
as being spam, and to make the USER (not the Sys Admin!) decide what to
do with it.
* Added support for CLAM AV. An Open Source (yup!) antivirus scanner that
uses the Openantivirus.org ScannerDaemon pattern files.
* Fixed buglet in ravlin detection
* Updated kavscanner subroutine
* Fixed bug in configure script's generating of the CMDLINE
* Updated ./contrib/test_installation.sh to be a bit more descriptive
* Documented quarantine philosphy. Apparently I just expected you all to
work it out for yourselves...
* Documented that SpamAssassin is only run on mail deemed not to be local
via the standard Qmail RELAYCLIENT environment variable. i.e. if
to SMTP client is classified as local, it won't be spam-scanned...
* fixed buglet in how redundant_scanning handled zipped attachments.
Thanks to Brian Johnson.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-announce mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
