Just want to say thanks to Jason for the great work. Lu
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On > Behalf Of Jason Haar > Sent: Sunday, July 21, 2002 7:09 PM > To: [EMAIL PROTECTED] > Subject: [Qmail-scanner-general][Qmail-scanner-announce] > Qmail-Scanner 1.13 released > > > http://qmail-scanner.sourceforge.net/ > > Big release. Fixes for several small av bugs, plus support > for new scanners such as the Open Source Clam-AV. > > Contrary to my earlier statement not to add new features > [:-)], there are new features too: > > * fast_spamassassin now has a new option that allows you to alter the > Subject: header - so you don't need to run > "verbose_spamassassin" anymore. > > * big changes to logging. Now if you have 20 recips, that > causes 20 log > records. That'll improve stats no end. > > * Envelope headers and the IP address of the SMTP client are now made > available to perlscanner > > * Quarantine alert messages now contain ALL headers > > * Viruses such as klez no longer cause an alert to be sent to > the sender, > as they never sent it in the first place! > > > > Hmm, in fact, here's all the changes: > > 1.13 5-Jul-2002 > > * Big change to logging. Now a message to 20 recipients creates 20 > log entries. This will dramatically improve the > usefulness of the > log entries (the size-limit issues of syslog almost disappear) > > * Added new tracking header X-Qmail-Scanner-Message-ID. This is > normally set to Message-ID - but is randomly generated if that > header doesn't exist. It's used in the logging so as to provide > an explicit linkage between different log entries from the same > message. It is used internally, and is only added to > actual messages > that don't have a Message-ID header. > > * Alerts now refer to the envelope "mail from" address > instead of the > address shown in the From: header. There are too many trojans > out there screwing around with these things that it's just too > confusing to try to be smart now. > > * New feature! Envelope headers ("mail from" and "rcpt > to") and the > IP address of the SMTP client (TCPREMOTEIP) are now > made available to the perlscanner module! You can now use > Virus-MAILFROM,Virus-RCPTTO and Virus-TCPREMOTEIP to match on > those headers. Note that they are uppercased - to separate them > from standard mail headers - which are always lowercased. > > * Strip out line breaks from SCANINFO - apparently some > virus scanners > have CR in their version ids... > > * Changed all occurances of "Illegal" to "Disallowed". > Illegal seems > a bit harsh... > > * Quarantine alert messages now contain ALL headers. > Will need to keep an eye on this when Q-S introduces > body-scanning. You could get an infinite loop... > > * More examples added to quaratine-attachments.txt. > Everyone should > read it to see if there's anything they want, as if you > are just > upgrading Q-S, your existing quarantine-attachments.txt file is > NOT touched. > > * ensure that regenerating the perlscanner DB fails if the TXT > file is unreadable. > > * Fixed bug in perlscanner that stopped you having header > matches that > contained the same regex. > > * Changed sub-avp again (Kaspersky AVPLinux scanner) - sheesh! > > * Information Leakage: some people have complained about how Q-S > tells the sender and recips where the unpacked message was. Now > the admin, sender and recips are sent separate > messages, and only > the admin address will receive such details. The rest > will be told > that their message contains a "XXX" virus - but no file > path details. > > * Added new feature to limit the damage done by trojans > that change > the From address to be someone other than the person > actually sending > the trojan. '--silent-viruses="klez,othernastyvirus"' would mean > that *IF* a virus is detected, AND the string "klez" or > "othernastyvirus" appears in the virus description given by the > virus scanner, THEN the quarantine alert message is NOT > sent to the > supposed sender - as it won't actually have been them. This > may help limit the confusion people are feeling these days > with such anti-social (more anti-social?) viruses > Thanks to Greg Wildman for the implementation. > > * Added new feature to "fast_spamassassin". If you change this to > "fast_spamassassin='*****SPAM*****'", then the faster SA setting > is still used, but the string "*****SPAM*****" is prepended > to the Subject: line. Apparently users find the other methods > of finding the SA tags too difficult :-) > Note: the format is actually > "fast_spamassassin=<string>" - so you > can have any single-word marker there that you want. > Just make sure > it looks obvious. > > * Fixed bug where logging reports quarantine message > being sent to > recipients even when Q-S configured to not notify recips! (they > weren't actually sent anything - but it was reported > they did...) > > * Changed documentation to reflect the fact that setting > QMAILQUEUE > within the tcpserver rules file is now the ONLY supported way of > setting Qmail-Scanner. The other methods are too > diverse to document > correctly, so let's just stick to the one that works best. > > * Document that DB_File has disappeared from Perl 5.6.1 > > * By default, SpamAssassin is only run on Email that comes from > "non-local" SMTP clients. That is decided on the lack of the > RELAYCLIENT environment variable (see Qmail docs). If > that doesn't > do what you want, you can also set > "QS_SPAMASSASSIN=on" in your tcpserver rules file to > force SA to be run. > > * More explicit documentation that the SpamAssassin > support DOES NOT > QUARANTINE POTENTIAL SPAM!!!! There - I think that's pretty > explicit :-) SpamAssassin has always been designed to > "tag" messages > as being spam, and to make the USER (not the Sys > Admin!) decide what to > do with it. > > * Added support for CLAM AV. An Open Source (yup!) > antivirus scanner that > uses the Openantivirus.org ScannerDaemon pattern files. > > * Fixed buglet in ravlin detection > > * Updated kavscanner subroutine > > * Fixed bug in configure script's generating of the CMDLINE > > * Updated ./contrib/test_installation.sh to be a bit more > descriptive > > * Documented quarantine philosphy. Apparently I just > expected you all to > work it out for yourselves... > > * Documented that SpamAssassin is only run on mail deemed > not to be local > via the standard Qmail RELAYCLIENT environment variable. i.e. if > to SMTP client is classified as local, it won't be > spam-scanned... > > * fixed buglet in how redundant_scanning handled zipped > attachments. > Thanks to Brian Johnson. > > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Qmail-scanner-announce mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Qmail-scanner-general mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
