MailScanner 4.59-4.2 - Почтовый вирусный сканер, защитная программа и маркировщик спама. Совместим с Postfix, Sendmail, Exim, Qmail, ZMailer MTAs и практически любыми антивирусными программами - Sophos, McAfee, F-Prot, F-Secure, CommandAV, InoculateIT, Inoculan, eTrust, Kaspersky, Nod32, AntiVir, BitDefender, RAV, Panda, DrWeb, ClamAV и т.д. MailScanner использует SpamAssassin для высокоэффективной идентификации спама и обработки атак типа "отказ в обслуживании". MailScanner определяет защищенные паролем файлы архивов и выполняет проверку имен файлов для их содержимого. Практика показала, что MailScanner может быть легко встроен в любую почтовую систему. Cсылка "скачать" - страница загрузки. Home_http://www.mailscanner.info/ RedHat, Fedora and Mandrake Linux_http://www.sng.ecs.so...6-2.rpm.tar.gz SuSE Linux 8 to 9.3_http://www.sng.ecs.so...-2.suse.tar.gz Solaris / BSD / Other Linux / Other Unix_http://www.sng.ecs.so....44.6-2.tar.gz
1/6/2007 New in Version 4.60.8-1 ============= * New Features and Improvements * 1 Improved Sophos.install script so that it sets up /etc/ld.so.conf ready for installation of Perl-SAVI module required for "sophossavi" virus scanner. 1 Custom Functions can now receive parameters not only to their Init and End functions, but also to their run-time calculation functions (i.e. the real custom function itself used when processing each message). The Custom Function is now passed not only the message, but also a ref to a list of parameters specified in the MailScanner.conf file. 1 Improvement to phishing net. 1 'clamavmodule' scanner no longer detects encrypted zips/rars as viruses, leaving MailScanner to do the check later in the dangerous content scanning. The consequence is that MailWatch will allow them to be released from quarantine. 2 Updated a whole load of Perl modules in the pre-requisites lists for both MailScanner and SpamAssassin. 2 Added a "--nomodules" command-line option to the MailScanner install.sh script to skip installing required Perl modules. 2-2 Fixed bugs introduced by 4.60.2 in generic installer. Only affects 'other Linux and non-Linux' installer. 2-4 Fixed more non-Linux installer problems. 4 Added more modules to the list output by "MailScanner --version". 4 Improved phishing net detection of HTML tags, courtesy of [email protected]. 4 Added patches to provide full "p record" support in Postfix 2.3 and 2.4, courtesy of Glenn Steen . 5 Added a new feature, to compress all the attachments in a message and replace them with a single zip file. Set "Zip Attachments = yes" (no by default), and set "Attachments Zip Filename = MessageAttachments.zip" 6 Added 2 new configuration options for the "Zip Attachments" feature: Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .tgz .gz .mpg .mpeg .mp3 .rpm Hopefully these are fairly self-explanatory.
* Fixes * 1 Phishing net now correctly handles HTML tags inside links. 1 Deprecated clamscan flag replaced with supported one to stop it printing the summary. 1 Added '-b' to nod32-1.99 command-line options in SweepViruses.pm to stop scanner producing licensing details. Thanks to UxBoD. 1 Removed test in RPM distribution's test for RedHat 6 as it will clash with RHEL 6 and Fedora. Anyone still running RedHat 6 has bigger problems! :-) 1 Worked round Perl bug in returning number of RBLs hit by a message. 1 Fixed problem causing some password-protected RAR archives to be missed. 3 Fixed bug introduced in earlier beta in RBL code. 6-2 Patch to Exim to handle named ACL variables as well as numbered ones. Courtesy of Maarten Vink. 7 Added v320.pre to mcp directory. 7 Postfix 2.3/2.4 patch fix. RedHat, Fedora and Mandrake Linux (and other RPM-based Linux distributions)_http://www.mailscanne...8-1.rpm.tar.gz SuSE_http://www.mailscanne...-1.suse.tar.gz Solaris / BSD / Other Linux / Other Unix_http://www.mailscanne....60.8-1.tar.gz
2/1/2008 New in Version 4.66.5-2 ============= * New Features and Improvements * 1 New optional configuration setting "Syslog Socket Type". By default this is left blank, as it will work it out according to the operating system you are using. Some Solaris users may want to set this to "native". 1 Addition of new message property for use by MailWatch 2. 1 Update of Sophos.install for Sophos version 6. 2 Updated to handle new MailTools 2.02. This includes the use of several new Perl modules, so you'll have to use the install.sh to install all the requirements of the new MailTools code (unless you are doing clever things with yum repositories). 3 Improvement to the phishing net for multiple "blocked::" prefixes on links. 3 Improvements to speed up StartTiming() and StopTiming() greatly. 3 Updated to MIME-tools 5.425. This should solve lots of problems people are having with using yum repositories. 4 Added startup code to check for consistent version numbers with MIME-tools. 4-2 Better install.sh for RHEL and CentOS 5. 4-3 Added some more modules to the compulsory list for RHEL and CentOS 5. These are all labelled "yes" in the right-most column of the module list near the bottom of install.sh. 5 Improved eTrust-wrapper and -autoupdate to handle latest version 8.1 of eTrust, and allow more flexibility in setting of eTrust location in virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 or later. 5 Improved easy-to-install ClamAV & SpamAssassin package so that it will always install my patched Mail::ClamAV and Mail::SpamAssassin modules even if un- patched versions are already installed. Downloads_http://www.sng.ecs.so....66.5-2.tar.gz
ЭЖД, 5.03.2008 - 14:44
MailScanner 4.67.6
4/3/2008 New in Version 4.67.6-1 ============== * New Features and Improvements * 1 Added support for the ESET virus scanner, from www.eset.com. Support written by Phil (UxBoD). Many thanks! Just use "Virus Scanners = esets" in MailScanner.conf and check you have installed it in the expected location or change /etc/MailScanner/virus.scanners.conf. 2 "MailScanner --lint" now checks to ensure unrar is installed and executable. 2 Esets autoupdater now accurately reports status results. 3 Implemented file MIME type checking, as reported by the "file -i" command. This includees 3 new settings, which all work just like their non-MIME brothers: "Log Permitted File MIME Types", "Allow File MIME Types" and "Deny File MIME Types". The main use is via the filetype.rules.conf file, where a new optional field may be added just after the regular expression field (just after the 2nd field in each line). If this field is added, then the "file -i" command is run on every batch of messages and the output checked against the MIME types specified in the newly inserted 3rd field (out of fields 1-5 on each line of filetype.rules.conf files). 4 Added compatibility for BitDefender 7.5 to bitdefender-wrapper. 4 --debug now tells you when it's waiting for its batch of messages, and how big the batch is. 4 "Use TNEF = replace" behaviour changed to add attachments with their original potentially very long filenames instead of a sanitised one. 4 Linux RPM install.sh fixed for Fedora Core 8. Thanks to [email protected] for that one. 4 Improvement to the phishing net to allow all the links that look like this: Name of my Blog - http://site.blogspot.com/ 4 Installation order of Perl module changed to install File::Spec before ExtUtils::MakeMaker, which should help the Solaris folks. 5 Made warning about %org-name% containing illegal characters a lot more obvious when running "MailScanner --debug" as well as "MailScanner --lint". 5 Any mail headers inserted with spaces in them will have spaces replaced with hyphens. 5 When "MailScanner --debug --debug-sa" is run, the start of every line of SpamAssassin debugging output now has the current time stuck on the front of it. This makes looking for pauses a whole lot easier. 6 Improvements to the init.d scripts for the RPM distributions. While waiting for the MailScanner processes to die of natural causes, they periodically send them another kill signal as there are a few cases in which the kill signals are ignored. This should result in far more reliable restarting. 6 "sophos-autoupdate" improved to handle new "suspicious" threat data files whose names start with "sus".
* Fixes * 4 Improved definition of "Scan Messages" when using Postfix, to attempt to avoid occasional double delivery of unscanned messages on heavily loaded servers. 5 Maliciously crafted attachment filenames could circumvent the 'very-long- filename' rule in filename.rules.conf. Fixed. 5 Fix to include "ClamAVModule" in log outputs from it. 5 Symantec Scan Engine support problems now fixed. Set the path in MailScanner's virus.scanners.conf to "/opt/SYMCScan". If set to that value, it expects to see the Linux command-line scanner in the file /opt/SYMCScan/ssecls/ssecls. Downloads (~7,8 Mb)_http://www.mailscanne....67.6-1.tar.gz
ЭЖД, 2.04.2008 - 15:01
MailScanner 4.68.8
1/4/2008 New in Version 4.68.8-1 ============= * New Features and Improvements * 1 Support for the Fpscand daemon that is supplied with F-Prot version 6. Add this line to your virus.scanners.conf f-protd-6 /bin/false /usr/local/f-prot and set "Virus Scanners = f-protd-6" in your MailScanner.conf. This is very much faster than the f-prot-6 command-line scanner. 3 Improved the list of ignored web-bug filenames. 3 New update_bad_phishing_sites script to use major new fireproof delivery system. Many thanks to Matt Hampton for all his time and support with this. 3 Updated to Catalan translation. 3 Updated support for Vexira "vascan" virus scanner. 3 Changed location of Web-Bug Replacement image. upgrade_MailScanner_conf will put in the new URL. This will give significantly better response to your users. 3 Added new option "Log SpamAssassin Rule Actions" so that you can see exactly what actions fire on what messages from the "SpamAssassin Rule Actions" setting. 3 Added new option to the filename.rules.conf and filetype.rules.conf files. Instead of "allow", "deny" or "deny+delete", you can now specify a space or comma-separated list of email addresses. If the filename or filetype rule is matched, the message is sent to these new addresses instead of the ones given in the original email address. 3 Updated support for latest versions of Esets virus scanner from Nod32. 4 Added Net-DNS and Digest-SHA1 to the main MailScanner distributions so that they are installed appropriately ready for when you install Razor. This way they are installed as RPMs and not just plain Perl modules, as the RPM of Razor requires them to have been installed as RPMs. 4 New configuration option "Automatic Syntax Check" added, default is "yes", which causes a quick syntax check of the MailScanner.conf file and the other configuration files, printing out errors on the console, instead of just logging them to your system's mail log as it did before. This will hopefully make it easier for novices to get going successfully. 5 SpamAssassin Cache will no longer cache "timed out" responses. 5 Upgraded to perl-Digest-SHA1 version 2.11. 6 Added SpamAssassin MCP patch for 3.2.4. 7 Changed default supplied High-Scoring Spam Actions to "store". That way users don't have to work out how to change it, to reduce their spam a lot.
* Fixes * 2 Improved MakeNameSafe() to fix problems caused by f-protd-6 working with filenames containing spaces (which it cannot handle!). 2-2 Fixed error in --lint support for F-Protd-6. 2-3 Typo, missed out a "$" :-( 3 Fixed important bug in f-protd handling code. 4 Fixes to Ruleset-From-Function.pm Custom Function code. 5 Fixed various issues with new automatic syntax check (--lintlite) code. 6 Fixed IPBlock problem with MailScanner --lintlite. 6 Fixed Postfix milter problem (thanks Glenn!). 7 Fixed problem with Inline images in HTML signatures. Now works with nested multiple replies. 8 Fixed bug where original unsafe filename wasn't used correctly when auto- replacing attachments with zipped copies to save space in mail stores. Thanks to Armand Leroux at Capgemini for finding this one. Downloads (~8,0 Mb)_http://www.mailscanne....68.8-1.tar.gz
ЭЖД, 1.05.2008 - 18:37
MailScanner 4.69.8
1/5/2008 New in Version 4.69.8-1 ============= * New Features and Improvements * 1 Added command-line option "--id=" which will force it to scan just the message described by . Only works when used with "--debug". 1 Commented out definition of ORDB-RBL to force a syntax error in setups which are still mistakenly using it (and not getting any mail as a result!). 1 Added comand-line option "--inqueuedir=" which can take a) a directory name, or a directory name glob (or wildcard), or c) a text file listing any combination of (a) and ( above. This specifies where to look for incoming messages. This is very useful when debugging, as test messages can be put in their own queue directory, and the main MailScanner running will not touch them, only a MailScanner run with this command-line option will see them. 1 Can now extract embedded files from within Microsoft Office documents and subject them to all the file tests like any other attachments. 1 To allow for executables embedded in zipped Office documents, default value for "Maximum Archive Depth" has been increased to 3. Remember that using upgrade_MailScanner_conf will *not* over-ride your current settings, so you will have to change this manually to use the new value. 3 Added new keywords available in Spam Actions, the SpamAssassin Rule Actions and Archive Mail locations. You can now specify _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ keywords in any of those and they will be replaced with the user and domain halves of the relevant addresses of the original message. If, for example, you specify a "forward" address "[email protected]", then a new recipient will be added to the message for *each* of the original recipients. So a message with 5 original recipients will have 5 new ones added to it. 3 Added new configuration setting "Missing Mail Archive Is =" which can take the values "file" or "directory". This allows you archive to mbox files whose name is based on the addresses of the original recipients. 4 Using the "store" Spam Action, you can now specify an arbitrary directory path after the '-', so "store-/var/spool/MailScanner/quarantine/spam/_TOUSER_._TODOMAIN_" will store the message in a location determined by the recipient addresses. Any of the _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ keywords can be used. 4 Changed "Monitors for ClamAV Updates" for ClamAV version 0.93. 5 If the image signature tag includes alt="MailScanner Signature" then it notices the sig file is present and so doesn't add it again. The "alt" attribute is matched by the word "MailScanner" followed by anything followed by the word "Signature" in any combination of upper- and lower-case so you can adapt this text quite a lot. See note for "6" below. 6 Added new configuration setting "IP Protocol Version Header" which will tell you the IP version number used in the last hop to this server. It produces either "IPv4" or "IPv6" in the header. To stop the header appearing, just set it to be blank. Added at special request by my boss :-) 6 Added new configuration setting "Allow Multiple HTML Signatures". If the message has been signed with an HTML signature containing an tag, whose "alt" attribute contains "MailScanner" and "Signature" and "%org-name%", then it will not be signed again if this option is set to "no". Once a message (with an image in the signature) has been replied to a few times, it starts getting very large and ugly. This option keeps the message size down and makes it look better. This is set to "no" by default as messages look better this way. 7 Debian/Ubuntu have changed the default %org-name% value to "unconfigured- debian-site" so I have to check for that as well in the 'Have I Been Configured" code at startup :-(
* Fixes * 1 "IPBlock" Custom Function will start up properly without MailScanner.conf location on the command-line. 2 Fixed problem with file MIME type checks were being incorrectly applied. 2 Added OLE::Storage_Lite to the list output by "MailScanner -v". 4 Forced "Debug SpamAssassin" to no unless "Debug" is set to yes. 7 Fixed problem with "--debug-sa" and MailScanner freezing using 100% CPU. 8 Fixed problem with modules not reporting properly with "MailScanner -v". 8 Fixed problem where "MailScanner --lint" would sometimes report false errors. Downloads (~8,0 Mb)_http://www.mailscanne....69.8-1.tar.gz
ЭЖД, 3.07.2008 - 11:46
MailScanner 4.70.7
* New Features and Improvements * 1 Improvement to OLE document unpacking code, more likely to extract embedded files correctly. 1 Added new setting "Dont Sign HTML If Headers Exist" to provide finer control over placement of HTML signatures. If any of the named headers exist in the message, the message is deemed to be a "reply", and so the HTML signature is not attached. By default this functionality is switched off by not specifying any header names. 2 Improvement to Filename and Filetype checks to catch mistakenly starting a regular expression with a "*" on its own, as in "*.pdf" or just "*". 2 Improved message reporting when Sophos finds password-protected zip archives. 2 Now supports Mail::ClamAV 0.22 for ClamAV 0.93. You will need to upgrade your ClamAV+SpamAssassin installation, using the download package I provide. 3 Improved update_bad_phishing_sites to support proxy_* environment variables. Thanks to [email protected] for this. 3 Improved upgrade_MailScanner_conf for ClamAV 0.93 and Mail::ClaAV 0.22. 3 Removed URIBL additions from spam.assassin.prefs.conf. They are in SpamAssassin by default now. 3 Improvements to handling of Watermarks to resolve various problems with them. 3 Upgraded to ClamAV 0.93.1 in ClamAV+SpamAssassin easy-to-install package. 4 Added "-w" to suggested "diff" command in upgrade_MailScanner_conf. Thanks to Anthony Cartmell for this idea. 6 Changed Watermarking, so it only checks if there was a SMTP client IP address as we don't want to block messages we generated on the MailScanner server. 6 Added "ID Header" setting so that you can choose whether or not you want the header showing the MailScanner message id value. If you don't want the header then set this to be blank. 6 Minor improvement to link detection in the phishing net.
* Fixes * 2 Silly mistake fixed in "Dont Sign HTML If Headers Exist" feature. 2 Fixed output text error in upgrade_MailScanner_conf. 3 Bugfixes to Watermark handling and logging. 4 More fixes to Watermark handling. 5 More fixes to Watermark handling, and a minor header change. 6 Made check for Sophos Allowed Error Messages case-insensitive. 7 Fix for missing images in HTML messages with "Allow WebBugs = yes" set. Downloads (~8,0 Mb)_http://www.mailscanne....70.7-1.tar.gz
ЭЖД, 2.09.2008 - 18:57
MailScanner 4.71.10
1/9/2008 New in Version 4.71.10-1 ============== * New Features and Improvements * 1 Upgraded from File::Temp 0.19 to File::Temp 0.20 to resolve installation problem reported with Fedora Core 8 systems. 2 New Feature: We can now extract the plain text of Microsoft Word (up to 2004) documents in the *.doc format, and add it as new attachments to a message. This is done using the "antiword" program available from
http://www.winfield.demon.nl/. There are 3 new configuration settings for this feature: "Add Text Of Doc" - This switches the feature on and off. Off by default. "Antiword" - Full command to run the antiword binary. Adding "-f" to it makes it highlight emphasized text in the output, which I find helps. "Antiword Timeout" - The greatest length of time antiword is allowed to run. 3 Improvement to phishing net, now correctly ignores ':80' in http URLs. 3 Implemented support for Esets version 3. 4 Implemented support for F-Secure 7.01. 5 Added protection against attacks on the HTML text parser (Perl module HTML::Parser) which is used to analyse HTML messages for dangerous tags. There is a message in circulation that breaks this, causing Perl to trigger a "Segmentation Fault". This protection is necessary, but may have an impact on the performance of MailScanner. Until the Perl module is fixed, however, this is very necessary protection for your email systems. 7 Added new option "Read IP Address From Received Header" which you can set to yes if you are running fetchmail and injecting mail from fetchmail into your MTA using SMTP. You need to set the "--invisible" option to fetchmail as well to stop it adding its own "Received:" header. See the "Advanced" section of MailScanner.conf for more info on this. 8 Added new rules to filename.rules.conf to allow for days of the week and months in filenames like my_document.july.doc so they aren't caught by the double filename extension trap. 8 Improved error notification if your permissions on /tmp are all wrong. It now tells you exactly what to type to fix them. 8 Improved VBA32 output parser to handle slightly different new output format. 8 Improved 'partial message' handling to only remove the partial-message section of the message, and not the whole thing. This is particularly relevant to DSNs from bigfoot.com 10 Improved F-Secure scanning within executables.
* Fixes * 3 Improvement to "Sign Clean Messages" so the signature now appears where it should, above any