If you download MailScanner to try it out, or even better if you start using it on your site, please let me know by dropping me a line so I have some idea of where it is being used. I might even let you know about major updates...
There is a mailing list for MailScanner users. The developers also keep an eye on it, so it's a good place to suggest new features, problems, questions, etc. You can access the mailing list on the web, or you can subscribe by sending an email to jiscmail@jiscmail.ac.uk containing
| 25/3/2002 | Released version 3.13-1.
Fixed bug where carriage return characters embedded in subject lines could stop MailScanner being able to extract files from the message. Fixed bug in Sophos NSV autoupdate code. |
|
|---|---|---|
| 7/3/2002 | Released version 3.12-5.
Fixed bug where McAfee auto-updating script used the wrong lockfile. |
|
| 5/3/2002 | Released version 3.12-4.
Fixed bug causing "Mail Archive" feature to not work. Sorry! |
|
| 5/3/2002 | Released version 3.12-3. Changes from previous version are:
Domains To Scan now supports wildcards, e.g. *.julianfield.net, Spam White List now supports wildcards, e.g. *.julianfield.net, Greatly improved F-Prot parser (this should be the last major change to the parser), Support for SpamAssassin 2.1 and upwards, Stopped McAfee wrapper producing "kernel: cdrom open failed" errors, New feature: Mail Archive to save all incoming mail to a directory, Support for Inoculan 4.x virus scanner. Fixed the bug in changing the subject line when spam-tagging with Exim (hopefully!) Note: I would strongly advise all F-Prot users to upgrade to this version. |
|
| 2/3/2002 | I have added support for SpamAssassin version 2.1, but have had to
remove support for earlier versions. It will complain at startup if your
SpamAssassin is too old. I have also added Inoculan 4.x support, provided by gabor.funk@hunetkft.hu. |
|
| 25/2/2002 | I have improved the F-Prot parser some more, it should now cope with all the output that F-Prot can generate. | |
| 22/2/2002 | Modified feature: I have changed the "Spam White List" to support wildcards in the same say as the "Domains To Scan" list described below. | |
| 21/2/2002 | Modified feature: I have changed the "Domains To Scan" list when
scanning by domain. It will now match any address whose domain ends in one
of the names listed in the domains.to.scan.conf file. So putting
*.julianfield.net in the domains.to.scan.conf file will cause all
mail to/from anything.julianfield.net to be scanned, as well as
all mail to/from julianfield.net.
This code will be included in the next release, but please ask if you want it before then (release date unknown at the moment). |
|
| 15/2/2002 | Security Alert: A bug in Microsoft Outlook Express has been brought to my attention. By exploiting this bug, Outlook Express can be made to see a file attachment that is embedded in the message headers, and is currently not checked by MailScanner. As far as I am currently aware, no virus is yet exploiting this security hole. However, it is a simple 1-line fix to solve the problem, and I have just released version 3.11-1 to solve it. | |
| 12/2/2002 | Version 3.10-4 released. F-Prot parser updated to recognise output about "destructive programs". |
|
| 12/2/2002 | Version 3.10 released. Virus scanning per domain now implemented. It's an "all or nothing" switch per domain, I'm afraid. Keeps it simple. One or two minor bugfixes and improvements to some of the support scripts, please don't ask for too many details (I can't quite remember :-) |
|
| 28/1/2002 | Emergency: The MyParty virus slips through versions of MailScanner before 3.04-1. You must update to 3.04-1 to be able to catch this virus. If you want to fix it without upgrading, find the function DefinitelyClean in sendmail.pl and insert "return 0;" at the start of the function. | |
| 21/1/2002 | There are now some graphs showing the number of downloads by month and by version. Yell at me if they get out of date... | |
| 21/1/2002 | Due to a very generous gift from Paul Welsh (a MailScanner user), I now have the addresses www.mailscanner.biz, www.mailscanner.org.uk and www.mailscanner.co.uk all pointing to this site (in addition to www.mailscanner.info which I had already). Many thanks to Paul for this! | |
| 17/1/2002 | Version 3.03-1 released. New features/changes/fixes include:
Several virus scanners can now be used together. X-MailScanner-SpamCheck: SpamAssassin headers now include the number of hits. Lock File Dir configuration option. Improved F-Prot output parser to fix handling of joke programs, trojan programs and encrypted archives. All F-Prot users should upgrade. F-Prot output parser no longer stops when it gets output it doesn't recognise. Minor Inoculate and CommandAV parser fixes. Double-bounces of MailScanner messages now go to local postmaster. Fixed wrapping of virus scanner reports. Fixed bug where virus scanner would still be called with "Virus Scanning = no". Fixed bug in subject line spam tagging for Exim. All Exim users should upgrade. Improvement to Sophos.install, checks for install.sh script before calling it. |
|
| 8/1/2002 | Bug fix to improve stability and to stop Perl core dumping.
Bug fix causing SpamAssassin to mark everything as spam. Bug fix in F-Prot parsing code to support trojans and backdoor programs properly. All F-Prot users should upgrade. Bug fix in Inoculate parsing code. All InoculateIT users should upgrade. Improvement to logging when viruses originate from inside your own network. Changed localdomains.txt to localdomains.conf. Release of version 3.02-1. All users having any problems should upgrade. |
|
| 5/1/2002 | Bug fix in InoculateIT parsing code and release of 3.01-3. | |
| 4/1/2002 | I have fixed a problem scanning inside Zip files with F-Prot and released version 3.01-1. | |
| 4/1/2002 | I have written some notes about the Minimum Code Status configuration option, as it seems to be causing some confusion (especially among users who haven't read the documentation :-) | |
| 4/1/2002 | Improved the code that links messages between the queues when moving them. Minor change to sendmail.pl. | |
| 3/1/2002 | Fixed a problem in the tar distribution where the mailscanner script was wrong. Nothing has changed in the RPM distribution. | |
| 3/1/2002 | The previous version (2.60-2) was downloaded 3,441 times. As I know that quite a lot of you never upgraded to that version, I would estimate the number of MailScanner users out there to be at least 4,000 !!! | |
| 3/1/2002 | Version 3.00 released. Loads of new features in this version:
|
|
| 13/12/2001 | Quite a few people have asked about monitoring MailScanner using MRTG so they can draw some graphs showing mail throughput, number of viruses caught, and so on. I have written a page about MRTG support which includes the scripts and configuration files I use to do it. | |
| 13/12/2001 | The new version is close to completion. For a sneak preview of some of the new features, look here for any mention of "3.00". There are a few new keywords and a few updated ones. | |
| 7/12/2001 | Things have been a bit quiet on the MailScanner front recently. There have now been over 2,300 downloads of version 2.60-2. Work on the next version is in progress and I expect to release something around Christmas time. | |
| 7/12/2001 | Got onto the Cover Disc of the December issue of Linux Format magazine. They don't say much about it, but they did include it which is nice. | |
| 7/11/2001 | Won "Best Of Linux" award on DaveCentral.com. He also wrote a very nice review. | |
| 29/10/2001 | Released version 2.60.
Description is as below, there are now more text files in the etc directory to customise. I have also tweaked the timeout code again to make it more reliable. |
|
| 24/10/2001 | The next version, 2.60, is on the way. I have added more text files to the etc directory so that users get different responses (and replacement attachments) depending on whether it found a virus or whether it failed one of the filename traps. This should make things easier to understand for our poor hard-done-by users :-) | |
| 23/10/2001 | Released version 2.54-1.
This is a bug-fix release, corrects a problem with modifying the subject line of spam when using Exim. This change does not affect sendmail users at all. The Linux version now uses wget instead of lynx due to problems seen with some versions of lynx when running from crond. Also, to reduce the number of problems related to MIME-tools, minimum version numbers of some modules are now checked. |
|
| 18/10/2001 | Released version 2.53-1.
This includes improved handling of unparsable messages, and should also resolve any outstanding problems with timeouts that were present in version 2.52. It also logs its version number when it starts up. |
|
| 16/10/2001 | I have just found a bug that under rare circumstances (a MIME message badly formed in a very particular way, only originating from Apple Macs) MailScanner would fail and stop. This is the first time I have seen this happen in over a year of use. However, I have improved the handling of badly formed messages enough so that nothing stops. The fix will be included in 2.53 due out at the end of this week. | |
| 12/10/2001 | Update on 2.52: The code fix I propose is working well so far,
if you want a copy of the 2 new files then mail me, otherwise I'll
release it towards the end of next week if it's proved to solve the
problem.
2.52 is having one or two problems, I suggest you use 2.51 until I manage to prove that my fixes work. More news as it happens... |
|
| 9/10/2001 | 2.52-2 contains updated text in the Linux RPM distribution. The tar distribution is exactly the same as 2.52-1. | |
| 9/10/2001 | 2.52-1 released. Added configuration option "Deliver in
Background" which makes it run the sendmail processes in the
background instead of waiting for them to complete.
Also the Linux RPM uses wget rather than lynx to fetch Sophos updates (in /usr/local/Sophos/bin/autoupdate) as it is better for cron jobs than Lynx. I have also removed the sample sendmail.cf file from the distribution altogether as it continues to cause confusion. |
|
| 5/10/2001 | Any remaining problems with timeouts apparently not working have
been solved. This will be in release 2.52-1 which you can have
on request
if you urgently need it, else I'll release it around the end of next week.
I have also added a configuration option to allow the "sendmail" processes
to be all run in the background, instead of waiting for them to complete.
It will also use wget on Linux instead of lynx as it is more suited to running from a cron job. |
|
| 4/10/2001 | 2.51-2 released. Slight bug in sweep.pl stopped the removal of macros viruses from attachments working. *No* viruses would get through as a result of this bug, just one of the nice features of this package wouldn't work. | |
| 4/10/2001 | 2.51-1 released. Added configuration option "Deliver Unparsable TNEF" to allow compatibility with earlier behaviour where Microsoft Outlook Rich Text Format attachments that could not be decoded were still delivered. The default is "no". | |
| 2/10/2001 | 2.50-2 released. Corrected one typo in sweep.pl (that's all). | |
| 1/10/2001 | Version 2.50 released. New features are all mentioned below, and new mailscanner.conf switches are documented. | |
| 27/9/2001 | Version 2.50 will also feature a "spam white list" consisting of a file holding email addresses and email domains from which you will accept mail without ever marking it as spam. | |
| 26/9/2001 | MailScanner is now right near the top of the ratings chart at
FreshMeat. If some more
people could vote, we might make it to number 1 again!
Version 2.50 is near completion. This will feature timeouts to prevent Denial Of Service (DoS) attacks by people sending you things like the Zip of Death file (a small zip file which expands to thousands of terabytes). It will also feature the new version of the TNEF decoder, with an extra switch added to avoid other DoS attacks. And a couple of minor features requested by users (turn off virus scanning, turn off delivery of cleaned messages to users). |
|
| 10/9/2001 | Version 2.42 released.
This version allows you to modify the Subject: line of messages identified as being likely spam. There are 2 new configuration variables controlling this, "Spam Modify Subject" and "Spam Subject Text" which are both documented. |
|
| 3/9/2001 | We have discovered a problem in the Exim installation notes. Taking the steps given to stop the incoming Exim from ever accidentally delivering mail, will also cause it to operate as an open mail relay. This is okay if it is one of your internal mail servers, but obviously is very bad if it is one of your MX hosts. For now, please don't follow these 3 steps until we find a better solution. | |
| 31/8/2001 | Version 2.41-2 released.
There is a slight bug in the Sophos autoupdate script, which in some situations may cause the wrong IDE files to be fetched from Sophos, if the version of Sophos has been updated since it was originally installed. This is due to Sophos' installation program leaving an old version of a file lying in the sophos/lib directory. Either install the entire latest release or just fetch the appropriate replacement Linux or Solaris/Unix script. |
|
| 30/8/2001 | Version 2.41 released.
New feature is more intelligent handling of MailScanner status headers when a message has passed through multiple MailScanners. It is now configurable, but the default behaviour is to append new information to the existing X-... header, rather than add a new header. |
|
| 29/8/2001 | Important: I have discovered that some of you may have
corrupt copies of the tnef binary, which is in the
MailScanner bin directory and is used to unpack Microsoft
Outlook Rich Text attachments. To test it, cd into the
bin directory and run the command ./tnef --help
which should produce a help message. If it doesn't produce a help
message, please download a replacement Linux
or Solaris binary and copy it into this
directory, ensuring that you have permission to execute it (type
chmod +x tnef* in the bin directory).
This issue will be fixed in the 2.41 release due in the next few days. | |
| 29/8/2001 | Installation guide now available in Portugese. | |
| 15/8/2001 | Version 2.40 released.
Save a copy of your /etc/sendmail.cf, and /usr/local/MailScanner/etc or /opt/mailscanner/etc files before installing the new version as the upgrade may well overwrite them (particularly when using the Linux RPM). There are several new configuration file options, read the documentation carefully and merge your mailscanner.conf customisations into the new supplied version of this file. Make sure that any long lines (eg. the "Inline HTML Warning") don't word-wrap in your text editor! There is also 1 new addition to my suggested filename.rules.conf file (to trap .reg files). Managed to propogate a bug in /etc/rc.d/init.d/mailscanner from the previous version of the Linux RPM, hence there's now a 2.40-2 RPM. |
|
| 15/8/2001 | Discovered the official version of how the RBL+ works, thanks to
Michael Forrest. The line of code in sendmail.pl mentioned
below for using the RBL+ should read
|
|
| 12/8/2001 | Created a mailing list, subscription instructions are shown above in the "Talk To Me" section. | |
| 10/8/2001 | Version 2.40 is now in testing, hopefully will release next week.
Changes include:
|
|
| 9/8/2001 | Added an Installation FAQ. All suggestions for questions (and answers) are welcome. | |
| 6/8/2001 | Support for the RBL+ spam list. Due to not having a subscription before, I never discovered that it produces different format results from the other MAPS lists, so you need to make one small change to the source:
Look in sendmail.pl for the string 235 and you'll only find 1 occurrence. Change that line to read Then add the line to mailscanner.conf and you're away. |
|
| 6/8/2001 | Version 2.40 is almost ready. Significant changes are:
1. Support for RBL+ 2. Merged Exim and Sendmail versions into one 3. Warning message can now be added to the top of the message body, making it easier for users to understand what the VirusWarning.txt attachments mean. Both HTML and plain text supported. If you want other features, please request them now. |
|
| 29/7/2001 | Added a list of users of MailScanner.
Discovered minor bug in Linux distribution, please uncomment the call to mailscanner in /etc/rc.d/init.d/mailscanner. |
|
| 10/7/2001 | Sample mailscanner.conf file updated to include use of ORBL and ORDB replacements for the now-defunct ORBS open mail relay database. | |
| 14/6/2001 | Exim version of 2.30 released. | |
| 12/6/2001 | McAfee compatibility added to Release 2.30. | |
| 8/6/2001 | Release 2.30-2 produced. This includes minor corrections to file permissions, and includes the missing sophoswrapper script. | |
| 7/6/2001 | Release 2.30 produced.
This release includes automatic disinfection of macro viruses and any other viruses that can be disinfected (Sophos only, not McAfee yet). |
|
| 31/5/2001 | Exim installation notes finally put on-line.
Solaris release check_mailscanner script corrected to use SysV ps command. Release 2.20-2 for Solaris/non-Linux systems produced. |
|
| 29/5/2001 | Linux distribution of Version 2.20 released for sendmail and Sophos.
McAfee versions of 2.20 released so you don't have to use Sophos. I personally still strongly recommend Sophos over McAfee. |
|
| 25/5/2001 | Version 2.20 released for sendmail and Sophos. This release decodes Microsoft's MS/TNEF format and virus-checks the files contained within. This release also includes a greatly improved Sophos autoupdate script and a script to automate installation of Sophos. | |
| 24/5/2001 | Someone has reminded me that the McAfee code has disappeared. Expect it back soon! | |
| 24/5/2001 | I have got proper MS/TNEF decoding working, using the tool at http://world.std.com/~damned/software.html. Expect to see a new release (probably version 2.2) very soon. Exim version of it will follow a few days later. | |
| 24/4/2001 | There are some new plans for the next version. | |
| 23/4/2001 | New release for Exim, fixed some "header munging" bugs | |
| 19/4/2001 | Version 2.14 released for Exim mail transport agent, so you don't have to use sendmail if you don't like it or find it rather too scary ;-) Documentation will follow, mostly just have a good read through the supplied mailscanner.conf file. | |
| 18/4/2001 | In some installations of sendmail 8.11.3, MailScanner would fail to detect viruses properly. This has been found and fixed. Version 2.14 released as both a tar file and as a Linux RPM. | |
| 9/4/2001 | I have updated the RPM distribution and fixed the file location errors. Should work straight out of the box much more easily now. Have done more testing on sendmail 8.11.3 from sendmail.org and it detects viruses fine on that version. | |
| 30/3/2001 | I have updated the filename.rules.conf file to include some more known dangerous Microsoft file extensions. This now includes all the extensions which are known to be hidden even when you have Windows Explorer set to show all file extensions. | |
| 23/3/2001 | I have prepared an RPM distribution of MailScanner for Linux. This should make it far easier to install. Just download it, install the RPM, correct the "DH" and "DM" lines in /etc/sendmail.cf and you are up and away. If you are interested, the RPM spec file used to build it is here as well. |
Due to the nature of this software, I have an interest in the Regulation of Investigatory Powers Act which has just come into force in the United Kingdom. Under section 3(3) of the Act, I believe that this sort of interception is legal, but care must be taken to ensure that no-one other than the sender and intended recipient of any message can read any part of that message. This certainly includes infected attachments.