[Qmail-scanner-announce] Qmail-Scanner 2.00 release
AV/content filter for Qmail
Brought to you by:
jhaar
From: Jason H. <Jas...@tr...> - 2006-04-04 01:48:42
|
This is announce that Qmail-Scanner 2.00 is officially out! Download from http://qmail-scanner.sf.net/ Some of the major changes made since 1.25 follows (for a full list, see http://qmail-scanner.sf.net/CHANGES): * Updated nod32 * added 30sec timeout to spamc - some people have experienced long hangs on spamd (nothing to do with Q-S), and ended up with spamc processes left lying about. This should limit such issues * NAME CHANGE. The spool directory into which Qmail-Scanner is installed is now /var/spool/qscand. This is to reflect (or force ;-) that you need to re-evaluate all your settings as some pretty fundamental changes have been made * NEW FEATURE. Starting to include concepts from Salvatore Toribio "st" patch to add spam quarantining features to Q-S. If you set "--sa-quarantine X" (where "X" is a positive number), then if SA tags a message as having a score higher than "required_hits" plus "X", that message will be quarantined into a new maildir "./spam/" and not delivered to the end-user (also no-one is notified). e.g. for "--sa-quarantine 5", a score of 10/5 would cause the message to be quarantined into maildir "./spam/" instead of being delivered. A message with a score of 7/5 would be tagged as SPAM and delivered as per older versions. Note that this is a serious step to take. It means a false match ends up with no-one being notified and the e-mail effectively "blackholes". You can use your old Q-S logs of previous "tagged-only" mail to go through to prove to yourself that the "sa-quarantine" value you are going to use won't result in lost e-mail. DISABLED by default * BIG CHANGE Some features that were hard-wired into the main body of Q-S have been moved into quarantine-events.txt where they should have been all along. This makes it possible to change settings without reconfiguring the main body of qmail-scanner-queue.pl. You will need to rewrite any rules you had in place within the old quarantine-attachments.txt into the new format quarantine-events.txt One of these changes allows you to block zero-length attachments at last ("any" length is now represented by "-1" instead of "0"). LET ME SAY THAT AGAIN!!! "0" NOW MEANS "0" - IT USED TO MEAN "ANY"!!!! * Added support for decoding encoded attachment filenames and Subject: headers by calling MIME::Base64. Now that's been done, you must reference "normalized" filenames or strings in quarantine-attachments.txt and Q-S will catch them even if they are encoded. Enabled by default, but as I'm not sure how many bad implementations of MIME encoding there are, it can be disabled. Disable via the "--normalize 0" ./configure option - and tell me if it starts blocking valid mail... I am also concerned about people running broken syslog servers, and how they handle 8bit chars showing up. Please keep an eye on this feature. Existing users: please read the documentation included in the package again to see if anything has changed that might affect you. Also take another look at the contrib directory, there may be things you'd find useful in there too. Obviously all this goes for new users too! ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |