Hi,
SoftlabsAV 0.8.7 has been released today and can be downloaded via
http://softlabsav.sourceforge.net/
SoftlabsAV is a generic anti-virus filter for incoming mail servers on
Unix. It is driven by the widely used procmail Mail Delivery Agent
(MDA). In addition, it plugs to the ClamAV anti-virus scanner
(clamscan) if it is available.
Changes:
____________________________________________________________________________
v0.8.7 (2006-02-24)
+ new virus main type "UUE" has been added, representing infectious files
packed inside UU encoded attachments. First appeared in mails infected
by the Worm.Nyxem.E (Worm.VB-9) virus.
+ new configuration setting 'av_VIRUSTEST_TO' to specify e-mail addresses
that may have been used in the 'To:' header field of incoming mails to
identify test virus mails
+ section 2 of the shipped /etc/procmailrc file has been enhanced by a
global variable name "CR", in order to convert DOS-style line endings
to Unix-style, by eliminating the Carriage Return (CR) ASCII characters
____________________________________________________________________________
v0.8.6 (2005-12-05)
+ Always scan HTML mails (potential MBOX.Html type infections), also after
ClamAV has scanned an extracted attachment giving a negative result (or
if the mail has no attachment).
+ If ClamAV has scanned a mail after (negatively) scanning an attachment of
that mail, log both scan results into procmail's log file, like this:
SoftlabsAV 0.8.6: Virus likely EXE attachment of MIME type
"image/jpeg" detected: "sentimentalists.jpg"
(no virus identified) (ClamAV 0.87.1/1183)
SoftlabsAV 0.8.6: Potential malicious mail of type MBOX.Html detected
VIRUS FOUND: HTML.Phishing.DB-1 (ClamAV 0.87.1/1183)
+ Per default, always scan all entire mails, unless ClamAV has already
identified a virus. This introduces a second MBOX virus type: in addition
to "MBOX.Html" types on HTML mails, Non-HTML mails will be scanned as
"MBOX.SCAN_ALL" types. Scanning of Non-HTML mails can be disabled by
turning off the new configuration setting 'av_SCAN_ALL'.
+ If ClamAV has ben applied twice (first against a dangerous attachment
and then against the entire mail), but both scan results are negative,
include both virus types in the 'X-Virus-Filter' header, like this:
X-Virus-Filter: This message was caught by SoftlabsAV 0.8.6 due to its
potential ZIP.exe + MBOX.SCAN_ALL type infection
ATTENTION: ClamAV 0.87.1/1183 did not detect a virus. However, this
mail may be dangerous
+ fixed a bug introduced in SoftlabsAV 0.8.5 regarding .rar attachments
____________________________________________________________________________
v0.8.5 (2005-09-23)
+ Attachments with a 'image' MIME sub type other than 'jpeg'
(eg. 'image/gif') will no longer be treated as being potentially
infected.
+ Unless a potential EXE, (E)ZIP or (E)RAR virus type has been found,
always check for Html (MBOX.Html type) infections.
+ When required, '$' characters in attachment's file names will be escaped,
in order to avoid possible variable expansions
+ minor grammer error fixed that affected the 'X-Virus-Filter' header in
potentially infected messages. Thanks to Chuck Harding.
____________________________________________________________________________
v0.8.4 (2005-02-26)
+ new virus main type "MBOX" has been added, representing potential
malicious mails that do not necessarily have an attachment and will be
scanned as entire mbox file (if ClamAV 0.80 or higher has been detected).
This type will currently be applied on HTML mails, representing the
"Html" sub-type.
+ the "av_CLEAN_EXT" list now contains the "jpg" and "Html" sub-types. The
viruses log file will only contain entries of these types when ClamAV's
scanning result was not negative.
+ the routine to print the line into the viruses log file has been
outsourced into an own .inc file (av_log.inc)
+ some cosmetic changes and small bug fixes
best,
rob.
--
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail