Protecting over 3.5 billion e-mails every week, for many tens of millions of usersOver 120,000 downloadsVersion 4.22-5 3rd July 2003 |
If you download MailScanner to try it out, or even better if you start using it on your site, please let us know by dropping us a line so we have some idea of where it is being used.
There is a mailing list for MailScanner users. The developers also keep an eye on it, so it's a good place to suggest new features, problems, questions, etc. But please remember there are limits to the time that can be spent on unpaid support. If you need more specific help, please read about our professional support options.
If you only want to hear announcements of new versions, then I suggest you subscribe to the project at FreshMeat. You can access the mailing list on the web, or you can subscribe by sending an email to jiscmail@jiscmail.ac.uk containing
Before posting questions to us or the mailing list, please search the list archives and read the Installation FAQ.
We have an ongoing usage survey. If you use MailScanner on your site, please can you email us the number of messages processed by MailScanner each day. We don't need to know the number of viruses found, or anything like that, just the number of email messages that MailScanner scans each day. Thankyou!
| Released stable version 4.22-5. "Spam List" configuration option had to list all the RBL's in lower case. Now fixed. Also improved efficiency of filetype checking. | ||
| Released stable version 4.22-4. Some useful new features added this month, including true detection of file content type regardless of filename, the ability to ban HTML forms in messages and the ability to limit the maximum size of any message (on a per-user basis of course). For more details, please see the ChangeLog. | ||
| Released beta version 4.22-3. This includes support for checking file contents regardless of the attachment filename. It also includes HTML <FORM> tag detection. | ||
| I am presenting MailScanner to other computer security professionals at a CERT conference in London tomorrow. | ||
| Released stable version 4.21-9. Bugfix in new "attachment" spam action. | ||
| 1/6/2003 | Released stable version 4.21-8. Mostly bugfixes since 4.21-6, but see the ChangeLog. | |
| 18/5/2003 | Released beta version 4.21-6. This includes a new "spam action" called "attachment" which moves the entire message into an attachment and puts a warning in the original message body saying what happened. This stops web bugs working in spam messages. There are also several Postfix fixes making it a lot more reliable. | |
| 11/5/2003 | Last month, MailScanner was downloaded for the 100,000th time since I started counting. Quite a milestone! | |
| 3/5/2003 | RPM distribution users: if you get an "unknown user" error when you start up MailScanner using the init.d script, then download an updated /etc/rc.d/init.d/MailScanner or just edit it and put a "#" at the start of the line that mentions "smmsp". | |
| 3/5/2003 | Released version 4.20-3. One fix to the Postfix+ZMailer code which you will need if you archive or quarantine any mail. | |
| 2/5/2003 | Released version 4.20. Most important improvements for this release are support for Postfix and ZMailer systems. Lots of other improvements and a few fixes, see the ChangeLog for more detailed information. | |
| 26/4/2003 | Released beta-test version 4.15-9. Various minor Postfix issues fixes, improved error reporting. RedHat "init.d" script improved to handle Postfix, sendmail and Exim setups. "Archive Mail" setting can now also write directly to mbox-format mailboxes. | |
| 19/4/2003 | Released beta-test version 4.15-5. No critical changes, it will now spread files across the postfix/incoming tree more evenly, and is more robust if sent bad files by Postfix. "Advanced SpamAssassin Settings" are now documented as these will be needed by Postfix users. | |
| 17/4/2003 | Released beta-test version 4.15-4. Fixed a couple of important Postfix bugs. There is also a slight (but important) change to the installation guide for Postfix support for the "defer_transports" setting. | |
| 13/4/2003 | Released beta-test version 4.15-2. This contains support for Postfix and ZMailer. It also includes the new f-prot-wrapper which is needed if you are running F-Prot on a ramdisk or with tmpfs. I have even written you a little installation guide for Postfix support. | |
| 9/4/2003 | To get McAfee working on RedHat 9, you must add the line "export LD_ASSUME_KERNEL=2.2.5" to the /usr/lib/MailScanner/mcafee-wrapper script. Then it won't hang. | |
| 5/4/2003 | RaQ3 systems and sendmail 8.9 users only – if you are having problems starting or stopping MailScanner 4.14, replace /etc/rc.d/init.d/MailScanner with this file. | |
| 4/4/2003 | Released version 4.14. This includes support for F-Prot 3.13, F-Secure 4.50 and SpamAssassin 2.53, and various other tweaks and improvements. | |
| 29/3/2003 | 1. F-Prot 3.13 has been released, and they have changed the output
format again. Here is a new version of
the "sub ProcessFProtOutput" in SweepViruses.pm. Look for the line that
says "sub ProcessFProtOutput {" and replace it (and the code up to the
start of the next function) with the new file.
2. New beta release 4.14-8 incorporating support for the SAVI Perl module which uses Sophos Anti-Virus but without all the startup time overhead of calling "sophos-wrapper" or "sweep". Installation notes for the SAVI Perl module itself are in the docs/install directory. |
|
| 27/3/2003 | Released 4.14-7 for beta-testing. Note this is only for testing purposes. | |
| 25/3/2003 | Released 4.14-6 for beta-testing. Note this is only for testing
purposes. I have run it with SpamAssassin 2.52 and it should be okay. New: FreeBSD port available for download. |
|
| 17/3/2003 | Released 4.14-5 for beta-testing. Note this is only for testing purposes. The remaining problems with SpamAssassin 2.50 have been fixed. You will need to install SpamAssassin 2.60-CVS to get all the fixes, but it must not be a version downloaded before today, as their fix was only put in SpamAssassin last night. | |
| 7/3/2003 | Problems with SpamAssassin 2.50 have mostly been fixed now. Either use SpamAssassin 2.60(CVS), or even better use SpamAssassin 2.51 if that has been released by the time you read this. | |
| 1/3/2003 | Release version 4.13-3. RPM packaging problem in 4.13-1 and -2.
Remember: if you are upgrading then try out my upgrade_MailScanner_conf script. It will make your life a whole lot easier! |
|
| 1/3/2003 | Release version 4.13-1. The highlights are:
|
|
| 24/2/2003 | SpamAssassin 2.50 was released a few days ago. Unfortunately there is
a small bug in it which hits MailScanner really badly. I have made a
small patch available which fixes it.
To install it, do this:
|
|
| 23/2/2003 | Joe Quinn has very kindly written an Installation Guide for Cobalt RaQ4 Systems. | |
| 15/2/2003 | The awkward part of upgrading to the latest MailScanner release is inserting the new configuration parameters into your MailScanner.conf file. So here is a tool to apply all the updates for you. The only thing it will have trouble with are parameters that are commented out in the new MailScanner.conf file, such as "Run As User" and "Run As Group", so you will still need to check those yourself. But it will do 99% of the job for you. Let me know how you get on with this, and if you have suggestions for improvements to it. It will be included in the next release. | |
| 1/2/2003 | Released version 4.12-2. I missed the kavdaemonclient-wrapper out of the RPM distributions. | |
| 1/2/2003 | Released version 4.12-1. The highlights are:
|
|
| 30/1/2003 | Security: There is a new attack against Microsoft Outlook Express that is being exploited. It relies on very long filenames, so is very easy to block. Edit your filename.rules.conf file, and add a "deny" rule at the top of the file that has the pattern ".{150,}". Remember to add the logging text messages as well, and that all the 4 fields on the line must be separated with tab characters and not just spaces. | |
| 8/1/2003 | There is now an on-line store selling goodies with MailScanner logos. If there are any other products you would like to see, or have ideas for better "captions" then please tell me and I will see what I can do. | |
| 1/1/2003 | Released versions 3.27-1 and 4.11-1. The only change in 3.27 is the
security fix described below. There are many improvements, changes and
fixes in 4.11, of which these are a few highlights:
|
|
| 1/1/2003 | In the spirit of Perl tradition, there is now a MailScanner poetry page. All contributions welcome! | |
| Important Security Fix: you must add
New distributions of versions 3 and 4 will appear in the next day or two, containing this fix. This will only happen on servers under heavy load, and when messages are in the incoming queue (mqueue.in) for a long time because your MailScanner server is not coping with the high mail load. |
||
| 17/12/2002 | 1 in every 200 emails is infected with a virus. If you were wondering if you needed Mailscanner, the answer is a definite Yes! | |
| 8/12/2002 | Dale Lovelace has put together a great MailScanner-MRTG package to provide you with a quick and easy way of monitoring your MailScanner servers. | |
| 3/12/2002 | Version 4.10-1 released. This contains numerous additions, changes
and fixes. The biggest changes are the inclusion of Exim support, and
the addition of a package for SuSE Linux 8.0/8.1.
Please read the ChangeLog for a complete list of all the details. I now also accept donations paid by credit card. |
|
| 3/11/2002 | Versions 4.05-3 and 3.26-2 released. This improves the Kaspersky output parser to handle their latest (poor) output format. | |
| 3/11/2002 | Versions 4.05 and 3.26 released. This improves the handling of
attachments whose filenames are in unknown character encodings, and
improves the handling of attachments whose filenames look malicious,
removing a potential security problem before anyone else finds it
or exploits it. Neither of these have ever been intentionally
exploited.
Version 4 only: - Can now put "$filename" in inline warning messages to give a comma-separated list of the infected attachment filenames. - Improvement to Trend parser when scanning archives. - Improvement to ClamAV parser for multi-CPU servers. - Added Dutch and Brazilian Portugese reports. - Added an "End" function to the Custom Functions usable in the main conf file. - NOTE: If you have added your own Custom Functions to CustomConfig.pl, you will need to add an "End" function for each of them. | |
| 27/10/2002 | Versions 4.04 and 3.25 released. This fixes a potential Denial
of Service attack. Note that this has never been intentionally
exploited, but it is better to fix the problem before it is used.
If you are using version 3 and either do not want to upgrade at all, or have problems installing the new release, it is just a 1 line change to disinfect.pl. |
|
| 27/10/2002 | Version 4.03 released. This adds the ability for you to be able
write your own functions to calculate values for configuration
options. Read the comments at the top of mailscanner.conf and in
CustomConfig.pm, which are in the distribution.
Support for Trend VirusWall added, bringing the total number of scanners to 14. Contributed by Martin Lorensen I have also improved the RPM install.sh script some more. And the bug in the sophos-autoupdate script is fixed. |
|
| 26/10/2002 | I have just installed MailScanner 4 on a RaQ 3, and had an "interesting" time. If you have problems doing this, read my FAQ article on the subject. If you have any more experiences with RaQ systems you would like to share, please let me know so I can add to the FAQ. | |
| 26/10/2002 | Sophos have changed the file structure of their distributions, so after upgrading to 3.62 or 3.63 you may find that sophos-autoupdate doesn't work properly and you get "Missing main virus data" errors when you try to use Sophos. I have improved the sophos-autoupdate script to handle this. The new version will be included in the next release. | |
| 25/10/2002 | Warning about
"FriendGreetings.com"
email spamming program: This
isn't actually a virus, but if you don't read the entire licence
agreement and then click "Yes", your PC will start spamming everyone
in your Outlook address book. If you use SpamAssassin, you can easily
protect yourself against this by adding 3 lines to the
spam.assassin.prefs.conf file in the same directory as your
MailScanner configuration files. Add these lines and then either wait a
few hours or restart MailScanner:header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS 100.0 |
|
| 23/10/2002 | Released 4.02-1. I have added a new configuration option to
set whether entire messages are quarantined as the raw queue files
(as they were in Version 3) or as readable head+body files.
I have also improved the install.sh script in the RPM distribution, and fixed all the other outstanding bugs that I know of. |
|
| 22/10/2002 | Released 4.01-7. If you weren't delivering disinfected messages, then the notifications to the sender and the local postmaster would not be sent. | |
| 22/10/2002 | Another bug fix :-( This time it corrects a problem where
messages would not be checked for spam if "Virus Scanning = no".
Also fixed "no warnings" problem I created in 4.01-5. I've had better days... |
|
| 21/10/2002 | Fixed an important bug in 4.01-3 that could cause MailScanner to stop processing mail in certain circumstances. Also corrects spam handling anomalies. I strongly advise anyone using version 4 to upgrade to this release. There are no changes to the conf files at all, so the upgrade should be very simple. | |
| 20/10/2002 | Fixed an important bug in the RedHat distribution of 4.01. If you are running this version, you must upgrade. It's a 1 line fix, so you can change /usr/sbin/MailScanner by editing it and changing the -I option in line 1 to -I/usr/lib/MailScanner | |
| 20/10/2002 | Released new version 4.01-1. This is the first production release of the new Version 4. Much faster than Version 3, much more flexible configuration options, suitable for loads from 10 messages per day to 10 million (or more) messages per day. Loads of new features, far too many to mention them all here. Read the Change Log. | |
| 10/10/2002 | Released version 3.24-1. This improves the reporting of the
"Bugbear" virus by putting all the message reports into the text
that replaces the entire message. I have also fixed a bug where
infected messages with no body could have their first attachment
signed with the inline warning.
Note: This also includes another security patch for the MIME-tools modules, to cope with badly-formed attachment headers. |
|---|
Due to the nature of this software, I have an interest in the Regulation of Investigatory Powers Act which has just come into force in the United Kingdom. Under section 3(3) of the Act, I believe that this sort of interception is legal, but care must be taken to ensure that no-one other than the sender and intended recipient of any message can read any part of that message. This certainly includes infected attachments.
