Version 0.8 of SoftlabsAV - a Generic AntiVirus Filter for incoming
Mail servers - has been released today. This set of procmail recipes now
additionally plugs to the Clam AntiVirus Scanner (clamscan) if it is
available. It can be downloaded via
http://softlabsav.sourceforge.net/
The ChangeLog is:
____________________________________________________________________________
v0.8 (2004 06 26)
+ Integration with the ClamAV clamscan Virus Scanner. If ClamAV
version >= 0.70 is installed, all extracted potential viruses will be
scanned with clamscan automatically.
+ the Viruses log file contains an additional column with the result of
ClamAV's virus scanner, including version and Virus database number (if
an acceptable version of ClamAV has been found). Such entries may look
like this:
VIRUS FOUND: Worm.SomeFool.P (ClamAV 0.73 / Daily DB 370)
NO VIRUS IDENTIFIED (ClamAV 0.73 / Daily DB 371)
ERROR: some message if an error has occured [Exit code NN] (ClamAV 0.73
/ Daily DB 371)
(ClamAV 0.68-1 not supported!)
(ClamAV not available)
+ new Configuration setting 'av_REMOVE_INFECTED' to specify if infected
mails detected by ClamAV should be removed or isolated within the
Quarantine directory.
+ new Configuration setting 'av_DELIVER_UNIDENTIFIED' to specify if
potentially infected mails not identified by ClamAV should be delivered
or isolated within the Quarantine directory.
+ the Configuration setting 'av_EXTRACT_VIRUSES' has been removed since it
is now always turned on, in order to work with ClamAV.
+ added 'cpl', 'hta' and 'vbs' to the default list of bad extensions due to
new variants of Bagle Worms that have been received (Bagle.AC in *.cpl
and Bagle.Gen-vbs in *.hta / *.vbs attachments).
+ the 'X-Virus-Filter' header will also contain the "Executing of
'zipinfo/unrar' failed" Warning with damaged Zip/Rar attachments.
If ClamAV is available, its virus scanner will scan the suspect attachment
to prove if it is in fact a virus. If so, the infected mail and the virus
will be removed per default (that behaviour is configurable) and the name
of the found virus will be logged. If not, the suspect mail will be
delivered as usual per default (that behaviour is also configurable).
Therefore, per default there will never stay a file permanently within the
Quarantine directory.
The Viruses log file now may look like this:
roal: 20040623 EXE.cpl VIRUS FOUND: Worm.Bagle.AC (ClamAV 0.73
/ Daily DB 367) 22248 the_message.cpl MS-DOS executable
sfnsjabwomlpwavttkm(_at_)anet(_dot_)at
roal: 20040625 EXE.hta VIRUS FOUND: Worm.Bagle.Gen-vbs (ClamAV
0.73 / Daily DB 369) 74381 Message.hta HTML document text
1104282584(_dot_)20040625105603(_at_)anet(_dot_)at
peta: 20040625 EXE.com VIRUS FOUND: Worm.Bagle.Z (ClamAV 0.73
/ Daily DB 370) 20282 the_message.com MS-DOS executable
vsfhjzsdivdgnijhjrp(_at_)anet(_dot_)at
roal: 20040625 ZIP.exe VIRUS FOUND: Worm.SomeFool.P (ClamAV
0.73 / Daily DB 370) 29832 letter.zip Zip archive data
200406251500(_dot_)i5PF0geQ006631(_at_)baby(_dot_)softlabs(_dot_)at
roal: 20040625 EXE.pif VIRUS FOUND: Worm.SomeFool.AB (ClamAV
0.73 / Daily DB 371) 17944 loveletter02.pif MS-DOS executable
200406260102(_dot_)i5Q12XnA009378(_at_)baby(_dot_)softlabs(_dot_)at
roal: 20040625 ZIP.com VIRUS FOUND: Worm.SomeFool.Gen-1
(ClamAV 0.73 / Daily DB 370) 25489 worker_msg2.zip Zip archive data
200406251429(_dot_)i5PETX1D006177(_at_)baby(_dot_)softlabs(_dot_)at
peta: 20040625 EXE.pif VIRUS FOUND: Worm.SomeFool.Gen-2
(ClamAV 0.73 / Daily DB 370) 18432 detailed_document7.pif MS-DOS
executable
200406251503(_dot_)i5PF3cXf006861(_at_)baby(_dot_)softlabs(_dot_)at
best,
rob.
--
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail