MailScanner - Old News

02/02/2005 Released stable version 4.38.10. Fixed one bug if handling of file.
01/02/2005 Released stable version 4.38.9. There are several improvements to the phishing net, including a whitelist of known "real" websites. There is updated support for the Vexira virus scanner, and upgrades to several of the supporting packages that MailScanner uses, so you must run the ./ script to upgrade these correctly. All other changes are in the Change Log.
25/01/2005 Released beta version 4.38.7. Implemented support for new version of Vexira. Note that support for the older versions has had to be dropped. Plus minor enhancement to phishing net to handle email addresses better. All other changes are in the Change Log.
23/01/2005 Released beta version 4.38.4. Minor clearups and a couple of bugfixes. All other changes are in the Change Log.
18/01/2005 Released beta version 4.38.3. Main new feature is that there is a whitelist of safe sites for which phishing detection is disabled. All other changes are in the Change Log.
14/01/2005 Released beta version 4.38.1. Main change is the addition of an option to enable trapping of all numeric IP addresses in HTML links in messages. Very useful addition to the "phishing" detection. All other changes are in the Change Log.
1/1/2005 Released stable version 4.37.7. This has improvements in the phishing net, ability to add any arbitrary headers to messages, ability to keep infected spam out of the spam archive, handle split sendmail queues and many improvements and changes. Note there is a new MIME-tools shipped with this release, so please run the ./ to install it. See the Change log.
29/12/2004 Released beta version 4.37.6. Added important fix for some bounce messages from Hotmail that were killing it. All other changes are in the Change Log.
18/12/2004 Released beta version 4.37.5. Arbitrary headers can now be added to messages depending on their spam and/or mcp status. This is done by specifying the headers (surrounded in ") in the appropriate "Spam Actions" settings (and its relatives). All other changes are in the Change Log.
12/12/2004 Released beta version 4.37.2. This can now keep viruses out of the spam and mcp quarantines, so you can safely give your users access to the spam quarantine without them getting viruses. See the option "Keep Spam And MCP Archive Clean". Note this is switched off by default as not many people quarantine spam anyway, and so don't want the performance hit of virus checking all spam. All other changes are in the Change Log.
8/12/2004 Released beta version 4.37.1. This now supports split sendmail incoming queue directories, where any can have qf, df, xf, tf subdirectories, each of which contains the relevant file for each message. This will greatly speed operation on systems with very big incoming queues, and also allows xf and tf files to be mounted on tmpfs for extra speed.
1/12/2004 Released stable version 4.36.4. This has many improvements in the phishing net, and many improvements and changes in other areas. See the Change log.
30/11/2004 Released beta version 4.36.3. This has more improvements in the phishing net, and many other changes. See the Change log.
18/11/2004 Released beta version 4.36.1. This has many improvements in the phishing net, and also supports RedHat Enterprise 4.
4/11/2004 Released version 4.35.11. This appears to have fixed the RedHat up2date problems that have been experienced on some RedHat systems. It is currently available in RedHat/Mandrake/RPM, SuSE and Solaris/Other Unix forms. This has been tested on RedHat Enterprise, CentOS, SuSE and others.
1/11/2004 Released stable version 4.35.9. Main new features this month are the "phishing" fraud detector and support for Mandrake Linux. The are quite a few other changes and improvements as well, please see the Change log for more information.
27/10/2004 Released beta version 4.35.7. Messages with null MIME boundaries are now handled properly, and viruses in them properly detected.
26/10/2004 Released beta version 4.35.6. Fixed bug where messages with a null MIME boundary are passed. They are now rejected as unparsable.
21/10/2004 Released beta version 4.35.5. Added support for ClamAV 0.80 and clamavmodule version 0.12. Dropped support for older versions of ClamAV and clamavmodule. Other changes as well.
11/10/2004 Released beta version 4.35.4. A new feature in this beta, a "phishing" fraud detector. If you don't know what phishing fraud is, ask Google. This alerts you to attempts to defraud you out of personal information and bank details, for example. Other changes as well.
10/10/2004 Released beta version 4.35.1. I think I have cracked the problems with dependencies on RPM systems with perl-MIME-Base64. Other changes as well.
1/10/2004 Released stable version 4.34.8. New changes this month include a generic "roll your own" virus scanner, the ability to delete specific headers from messages (so you can kill off "Read Receipts") and you can now bounce spam messages as attachments if you really have to do this. Many other changes as well.
28/9/2004 Released another beta version, 4.34.7. I have implemented a "generic" virus scanner, which you write yourself in a script or program which is called by the "generic-wrapper" script. The spec of the output required by your program is in the "generic-wrapper" script. It's very simple.
27/9/2004 Released another beta version, 4.34.6. Unless anything is wrong with this, it will form the basis of the next stable release in a few days time.
22/9/2004 SpamAssassin 3.0.0 has been released. MailScanner supports this release just fine, and I have updated the ClamSA+SpamAssassin package in the "Other Stuff" area of the MailScanner downloads page.
18/9/2004 Released beta 4.34.4. Have added "Bounce Spam As Attachment" option to senders of wrongly-tagged spam can see what message was caught. Only useful to people whose pointy-haired bosses think bouncing spam is a good idea :-(
16/9/2004 Released beta 4.34.3 to fix MIME-Base64 package problems.
15/9/2004 Released beta 4.34.2 to test out new MIME-tools and MIME-Base64 packages.
14/9/2004 Released updated package for ClamAV and SpamAssassin 3.0.0-RC5.
10/9/2004 Released beta 4.34.1 to test out new MIME-tools and MIME-Base64 packages.
10/9/2004 Released updated package for ClamAV and SpamAssassin 3.0.0-RC4.
6/9/2004 Released installation package for ClamAV, the ClamAV perl module, and SpamAssassin 3. There are install scripts in the package for both RPM-based and non-RPM systems. And yes, you can skip the installation of ClamAV itself if you already have it installed from somewhere else.
1/9/2004 Released stable version 4.33.3-1. No really major changes this month, just a collection of minor improvements and a few fixes. Please see the ChangeLog for details.
1/8/2004 Released stable version 4.32.5-1. Major changes this time include fixes for MyDoom-0 problems, "Spam Score Number Format" option, "Run In Foreground" option and "--version" command-line switch to report all module versions to aid debugging and list postings. Please see the ChangeLog for details.
27/7/2004 Released beta version 4.32.4-1. This should fix the problems with MyDoom-O.
22/7/2004 Released beta version 4.32.3-1. Please see the ChangeLog for details.
10/7/2004 Released beta version 4.32.2-1. Please see the ChangeLog for details.
1/6/2004 Released stable version 4.31.4-1. New script for non-RPM systems to greatly ease installation, updated support for various virus scanners and SuSE 9.1, and fixed some problems such as file modification when signing quoted-printable PDF attachments. Various other bug fixes and many updates, see the ChangeLog for details.
26/5/2004 Released unstable version 4.31.3-1. Various bug fixes, including one for Postfix 2.1 users on some old versions of Perl, and many updates and improvements to the for non-RPM systems.
22/5/2004 Released unstable version 4.31.2-1. Updated support for new virus scanners, can now detect and disarm "web bugs", reports can contain %variables%. Other changes as well, please see the ChangeLog.
2/5/2004 Released minor update. Fixed problem in previous release were Net::CIDR would not always install properly on RPM-based systems, and moved default installation location of BitDefender to /opt/bdc.
1/5/2004 Released stable version 4.30.3. More improvements to MIME decoding and zip-file handling. See the Changelog for full details.
25/4/2004 Released unstable version 4.30.2-1. Pre-release for 4.30. Please report any problems. See the Changelog for full details.
14/4/2004 Released unstable version 4.30.1-1. Added support for SpamAssassin V3 and AVG scanner. Another MIME decoding improvement. Zip files can now be found by either content or name. See the Changelog for full details and a list of the other changes.
1/4/2004 Released stable version 4.29.7-1. Lots of updates this time for multi-layered defences against all the tactics in use by the virus writers, and some reliability, robustness and speed improvements. See the Changelog for full details. In March, we had over 23,000 downloads and were accessed from over 70,000 different sites.
25/3/2004 Released unstable version 4.29.6-1. Zip files are now detected by content and not just name. Fix to Bayes regular rebuilding code, so it should now report any errors that caused it to fail. Various logging improvements.
23/3/2004 Released unstable version 4.29.5-1. Added BinHex decoder and facility to have a directory full of Custom Functions to make upgrading easier. Old version of this facility ( is still present as well.
22/3/2004 Released unstable version 4.29.4-1. Fixed bugs in Postfix compatibility and MCP message delivery problems.
18/3/2004 Released unstable version 4.29.3-1. Fixed bug in handling of messages with several attachments, and can now unpack self-extracting Zip archives.
18/3/2004 Released unstable version 4.29.2-1. Now detects nasty emails generated by Bagle.Q worm.
16/3/2004 Released unstable version 4.29.1-1. Fix for passing archives through properly when allowing all password-protected archives. Minor speed-ups. Expect to see "defunct" processes appear with this version, it is quite normal.
8/3/2004 Released stable version 4.28.6-1. Fixed problem for Debian users with files in the queue directory. Possible speed improvement as well.
5/3/2004 Released stable version 4.28.5-2. Slight error which might stop RPM distributions installing properly.
5/3/2004 Released stable version 4.28.5. This version can block password-protected zip files, and can unpack zip files to apply file name and content rules (as well as virus scanning) to their content. If you use the RPM distributions, then all required Perl modules will automatically installed for you when you run the "./" script. If you use the tar distribution, then please see the documentation for information about what Perl modules are needed. Please also read the ChangeLog.
3/3/2004 Released unstable version 4.28.3. I have re-written the zip analyzing code to a large extent, and there is now a new keyword in the "Silent Viruses" list called "Zip-Password". Adding this to your Silent Viruses list will stop notifications about these being sent to the (possibly fake) sender of the file. You will still need to install the Perl modules Compress::Zlib and Archive::Zip yourself before using this version.
2/3/2004 Released unstable version 4.28.2. This version can detect password-protected zip files and optionally block them. You will still need to install the Perl module Archive::Zip yourself before using this version.
1/3/2004 Released unstable version 4.28.1. This version can read zip files so you can apply filename rules in there. Note: You will have to install the Perl module Archive::Zip yourself before this version will run.
1/3/2004 Released stable version 4.27.7. Since 4.26, the most important improvements are those that I have made to the MIME decoder, which is a lot more robust than it was. See the ChangeLog for everything else.
25/2/2004 Released unstable version 4.27.5. Improved robustness of MIME decoder, added support for Symantec CarrierScan and some other things.
21/2/2004 Released unstable version 4.27.4. Added "non-spoofing" virus list and a few other things.
12/2/2004 Released unstable version 4.27.2. MIME message decoder is now considerably more robust and aggressive than in all previous versions.
11/2/2004 Released unstable version 4.27.1. Various improvements and fixes, including the restoration of the "bounce" spam action.
2/2/2004 Released stable version 4.26.8. There is now a workaround for a Solaris problem, please set "Rebuild Bayes Every = 0" on Solaris systems.
31/1/2004 Released stable version 4.26.7. Please see the ChangeLog for details on what is new in this release.
29/1/2004 Released beta 4.26.6. This is a test release before I do a stable release this weekend. See the ChangeLog for details on what has changed.
23/1/2004 Removed the "bounce" spam action. Added automatic schedules Bayes database rebuilding. Added logging of non-spam. Added "notify" spam action to tell users they received some spam without letting them see it directly. See the ChangeLog for more details.
9/1/2004 Fixed outstanding Postfix problems and a few other minor issues. Please can you try this out? See the ChangeLog for more details.
18/12/2003 Fixed a few bugs in the MCP (Message Content Protection) code. There is a little bit of documentation for MCP now too.
2/12/2003 Fixed a bug causing doubling up of subject lines if they are "sanitised". Also has Infinite-Monkeys removed from the supplied "Spam List" setting. Please see the ChangeLog for more details.
29/11/2003 Released new stable version 4.25-11. Many new features, including defence against "spam zombies" and other systems sending mail to you in very high volumes as part of an attack. Please see the ChangeLog for more details.
18/11/2003 Released new unstable beta version 4.25-9. Hopefully fixed the Maximum Message Size bug. This is getting very close to release so please test it for me!
15/11/2003 Released new unstable beta version 4.25-8. Fixed a bunch of bugs in 4.25-7.
14/11/2003 Released new unstable beta version 4.25-7. Added support for ClamAV Perl module to speed up ClamAV scanning. Fixes a few bugs. See the ChangeLog for details on what else is new in this release.
7/11/2003 Released new unstable beta version 4.25-6. Added ClamAV parsing improvements and the ability to change the user, group and permissions of files and directories within "Incoming Work Dir" and "Quarantine Dir". See the ChangeLog for details on what else is new in this release.
1/11/2003 Released new unstable beta version 4.25. I didn't think it was worth doing a full release, there is some new code that provides support for LDAP directory servers, and this code has not been thoroughly tested yet. See the ChangeLog for details on what else is new in this release.
6/10/2003 Released new stable version 4.24. Loads of improvements, please see the for details.
1/10/2003 Released test release 4.24-4. This is unlikely to change much before it is released as a stable version in the next few days. See the ChangeLog.
13/9/2003 Updated Debian package now available. One of the main maintainers of Debian packages has taken over the job of looking after the MailScanner Debian package, and has released it here.
1/9/2003 Released update 4.23-11. This fixes a few mistakes and an important logging bug present in 4.23-10.
31/8/2003 Released stable version 4.23-10. Loads of new features and improvements this time. Far too much to mention here, so please see the "ChangeLog".
28/8/2003 Released beta version 4.23-8. Various fixes, including the Denial-of-Service attack handling bug. Please see the "ChangeLog" for more details.
21/8/2003 Released beta version 4.23-7. Improved RAV handling in several ways, and added new "Virus:" in addition to "To:", "From:" etc in rulesets. Please see the "ChangeLog" for more details. If you are interested in content filtering, please contact me and I'll fill you in.
12/8/2003 Released beta version 4.23-5. Fixed problems in RAV handling and corrected the show-stopper in the beta version I released last night. Sorry about that folks! Please see the "ChangeLog" for more details.
11/8/2003 Released beta version 4.23-3. Most important change is that all necessary installation directory choice has been moved out of the -wrapper and -autoupdate scripts into virus.scanners.conf. Please see the "ChangeLog" for more details.
8/8/2003 Released beta version 4.23-2. Added support for eTrust virus scanner, and greatly improved flexibility of "Allowed Sophos Error Messages". Please see the "ChangeLog" for more details.
7/8/2003 Released beta version 4.23-1. Please see the "ChangeLog" for more details.
3/7/2003 Released stable version 4.22-5. "Spam List" configuration option had to list all the RBL's in lower case. Now fixed. Also improved efficiency of filetype checking.
1/7/2003 Released stable version 4.22-4. Some useful new features added this month, including true detection of file content type regardless of filename, the ability to ban HTML forms in messages and the ability to limit the maximum size of any message (on a per-user basis of course). For more details, please see the ChangeLog.
23/6/2003 Released beta version 4.22-3. This includes support for checking file contents regardless of the attachment filename. It also includes HTML <FORM> tag detection.
4/6/2003 I am presenting MailScanner to other computer security professionals at a CERT conference in London tomorrow.
2/6/2003 Released stable version 4.21-9. Bugfix in new "attachment" spam action.
1/6/2003 Released stable version 4.21-8. Mostly bugfixes since 4.21-6, but see the ChangeLog.
18/5/2003 Released beta version 4.21-6. This includes a new "spam action" called "attachment" which moves the entire message into an attachment and puts a warning in the original message body saying what happened. This stops web bugs working in spam messages. There are also several Postfix fixes making it a lot more reliable.
11/5/2003 Last month, MailScanner was downloaded for the 100,000th time since I started counting. Quite a milestone!
3/5/2003 RPM distribution users: if you get an "unknown user" error when you start up MailScanner using the init.d script, then download an updated /etc/rc.d/init.d/MailScanner or just edit it and put a "#" at the start of the line that mentions "smmsp".
3/5/2003 Released version 4.20-3. One fix to the Postfix+ZMailer code which you will need if you archive or quarantine any mail.
2/5/2003 Released version 4.20. Most important improvements for this release are support for Postfix and ZMailer systems. Lots of other improvements and a few fixes, see the ChangeLog for more detailed information.
26/4/2003 Released beta-test version 4.15-9. Various minor Postfix issues fixes, improved error reporting. RedHat "init.d" script improved to handle Postfix, sendmail and Exim setups. "Archive Mail" setting can now also write directly to mbox-format mailboxes.
19/4/2003 Released beta-test version 4.15-5. No critical changes, it will now spread files across the postfix/incoming tree more evenly, and is more robust if sent bad files by Postfix. "Advanced SpamAssassin Settings" are now documented as these will be needed by Postfix users.
17/4/2003 Released beta-test version 4.15-4. Fixed a couple of important Postfix bugs. There is also a slight (but important) change to the installation guide for Postfix support for the "defer_transports" setting.
13/4/2003 Released beta-test version 4.15-2. This contains support for Postfix and ZMailer. It also includes the new f-prot-wrapper which is needed if you are running F-Prot on a ramdisk or with tmpfs. I have even written you a little installation guide for Postfix support.
9/4/2003 To get McAfee working on RedHat 9, you must add the line "export LD_ASSUME_KERNEL=2.2.5" to the /usr/lib/MailScanner/mcafee-wrapper script. Then it won't hang.
5/4/2003 RaQ3 systems and sendmail 8.9 users only – if you are having problems starting or stopping MailScanner 4.14, replace /etc/rc.d/init.d/MailScanner with this file.
4/4/2003 Released version 4.14. This includes support for F-Prot 3.13, F-Secure 4.50 and SpamAssassin 2.53, and various other tweaks and improvements.
29/3/2003 1. F-Prot 3.13 has been released, and they have changed the output format again. Here is a new version of the "sub ProcessFProtOutput" in Look for the line that says "sub ProcessFProtOutput {" and replace it (and the code up to the start of the next function) with the new file.
2. New beta release 4.14-8 incorporating support for the SAVI Perl module which uses Sophos Anti-Virus but without all the startup time overhead of calling "sophos-wrapper" or "sweep". Installation notes for the SAVI Perl module itself are in the docs/install directory.
27/3/2003 Released 4.14-7 for beta-testing. Note this is only for testing purposes.
25/3/2003 Released 4.14-6 for beta-testing. Note this is only for testing purposes. I have run it with SpamAssassin 2.52 and it should be okay.
New: FreeBSD port available for download.
17/3/2003 Released 4.14-5 for beta-testing. Note this is only for testing purposes. The remaining problems with SpamAssassin 2.50 have been fixed. You will need to install SpamAssassin 2.60-CVS to get all the fixes, but it must not be a version downloaded before today, as their fix was only put in SpamAssassin last night.
7/3/2003 Problems with SpamAssassin 2.50 have mostly been fixed now. Either use SpamAssassin 2.60(CVS), or even better use SpamAssassin 2.51 if that has been released by the time you read this.
1/3/2003 Release version 4.13-3. RPM packaging problem in 4.13-1 and -2.
Remember: if you are upgrading then try out my upgrade_MailScanner_conf script. It will make your life a whole lot easier!
1/3/2003 Release version 4.13-1. The highlights are:
  • Script to automate upgrade of MailScanner.conf files
  • Customisation of system administrator notices improved
  • Option to ignore some Sophos error messages when scanning files
  • Option and Custom Function added to enable SQL logging
  • Options to block encrypted (or unencrypted) messages
  • Improved check_mailscanner script
  • Improved stripping of HTML to plain text
  • New Nod32 and Kaspersky updaters. F-Prot updater improved
24/2/2003 SpamAssassin 2.50 was released a few days ago. Unfortunately there is a small bug in it which hits MailScanner really badly. I have made a small patch available which fixes it. To install it, do this:
tar xzf Mail-SpamAssassin-2.50.tar.gz
patch -p0 < SA2.50.patch
cd Mail-SpamAssassin-2.50
perl Makefile.PL
make test # This step is optional, but a good idea
make install
23/2/2003 Joe Quinn has very kindly written an Installation Guide for Cobalt RaQ4 Systems.
15/2/2003 The awkward part of upgrading to the latest MailScanner release is inserting the new configuration parameters into your MailScanner.conf file. So here is a tool to apply all the updates for you. The only thing it will have trouble with are parameters that are commented out in the new MailScanner.conf file, such as "Run As User" and "Run As Group", so you will still need to check those yourself. But it will do 99% of the job for you. Let me know how you get on with this, and if you have suggestions for improvements to it. It will be included in the next release.
1/2/2003 Released version 4.12-2. I missed the kavdaemonclient-wrapper out of the RPM distributions.
1/2/2003 Released version 4.12-1. The highlights are:
  • "Hide Incoming Work Dir in Notices" configuration option
  • "X-MailScanner-Information:" header to all messages
  • "Notice Signature" configuration option
  • "Allow Partial Messages" configuration option
  • "Allow External Message Bodies" configuration option
  • "Detailed Spam Report" configuration option
  • Custom functions to implement per-domain spam whitelists and blacklists
  • Support for the Kasperksy daemon scanner
30/1/2003 Security: There is a new attack against Microsoft Outlook Express that is being exploited. It relies on very long filenames, so is very easy to block. Edit your filename.rules.conf file, and add a "deny" rule at the top of the file that has the pattern ".{150,}". Remember to add the logging text messages as well, and that all the 4 fields on the line must be separated with tab characters and not just spaces.
8/1/2003 There is now an on-line store selling goodies with MailScanner logos. If there are any other products you would like to see, or have ideas for better "captions" then please tell me and I will see what I can do.
1/1/2003 Released versions 3.27-1 and 4.11-1. The only change in 3.27 is the security fix described below. There are many improvements, changes and fixes in 4.11, of which these are a few highlights:
  • Security fix below is included
  • Modify Subject: line to show a message has been scanned
  • Stop MailScanner replying to mailing lists that send it viruses
  • Quarantine-cleaning script included
  • Virus scanner update cron job replaced by global updater script
  • Full installation instructions for FreeBSD
  • Improved AntiVir, Sophos, F-Prot and F-Secure parsers
See the Changelog for more details.
1/1/2003 In the spirit of Perl tradition, there is now a MailScanner poetry page. All contributions welcome!
18/12/2002 Important Security Fix: you must add "-OPrivacyOptions=noetrn" to the command-line of the incoming sendmail process (the one with the "-bd" option). On a heavily loaded server, this omission can be exploited maliciously to evade MailScanner.
New distributions of versions 3 and 4 will appear in the next day or two, containing this fix.
This will only happen on servers under heavy load, and when messages are in the incoming queue ( for a long time because your MailScanner server is not coping with the high mail load.
17/12/2002 1 in every 200 emails is infected with a virus. If you were wondering if you needed Mailscanner, the answer is a definite Yes!
8/12/2002 Dale Lovelace has put together a great MailScanner-MRTG package to provide you with a quick and easy way of monitoring your MailScanner servers.
3/12/2002 Version 4.10-1 released. This contains numerous additions, changes and fixes. The biggest changes are the inclusion of Exim support, and the addition of a package for SuSE Linux 8.0/8.1.
Please read the ChangeLog for a complete list of all the details.
I now also accept donations paid by credit card.
3/11/2002 Versions 4.05-3 and 3.26-2 released. This improves the Kaspersky output parser to handle their latest (poor) output format.
3/11/2002 Versions 4.05 and 3.26 released. This improves the handling of attachments whose filenames are in unknown character encodings, and improves the handling of attachments whose filenames look malicious, removing a potential security problem before anyone else finds it or exploits it. Neither of these have ever been intentionally exploited.
Version 4 only:
- Can now put "$filename" in inline warning messages to give a comma-separated list of the infected attachment filenames.
- Improvement to Trend parser when scanning archives.
- Improvement to ClamAV parser for multi-CPU servers.
- Added Dutch and Brazilian Portugese reports.
- Added an "End" function to the Custom Functions usable in the main conf file.
- NOTE: If you have added your own Custom Functions to, you will need to add an "End" function for each of them.
27/10/2002 Versions 4.04 and 3.25 released. This fixes a potential Denial of Service attack. Note that this has never been intentionally exploited, but it is better to fix the problem before it is used.
If you are using version 3 and either do not want to upgrade at all, or have problems installing the new release, it is just a 1 line change to
27/10/2002 Version 4.03 released. This adds the ability for you to be able write your own functions to calculate values for configuration options. Read the comments at the top of mailscanner.conf and in, which are in the distribution.
Support for Trend VirusWall added, bringing the total number of scanners to 14. Contributed by Martin Lorensen .
I have also improved the RPM script some more. And the bug in the sophos-autoupdate script is fixed.
26/10/2002 I have just installed MailScanner 4 on a RaQ 3, and had an "interesting" time. If you have problems doing this, read my FAQ article on the subject. If you have any more experiences with RaQ systems you would like to share, please let me know so I can add to the FAQ.
26/10/2002 Sophos have changed the file structure of their distributions, so after upgrading to 3.62 or 3.63 you may find that sophos-autoupdate doesn't work properly and you get "Missing main virus data" errors when you try to use Sophos. I have improved the sophos-autoupdate script to handle this. The new version will be included in the next release.
25/10/2002 Warning about "" email spamming program: This isn't actually a virus, but if you don't read the entire licence agreement and then click "Yes", your PC will start spamming everyone in your Outlook address book. If you use SpamAssassin, you can easily protect yourself against this by adding 3 lines to the spam.assassin.prefs.conf file in the same directory as your MailScanner configuration files. Add these lines and then either wait a few hours or restart MailScanner:
header   FRIEND_GREETINGS   Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS   Nasty E-card from
score    FRIEND_GREETINGS   100.0
23/10/2002 Released 4.02-1. I have added a new configuration option to set whether entire messages are quarantined as the raw queue files (as they were in Version 3) or as readable head+body files.
I have also improved the script in the RPM distribution, and fixed all the other outstanding bugs that I know of.
22/10/2002 Released 4.01-7. If you weren't delivering disinfected messages, then the notifications to the sender and the local postmaster would not be sent.
22/10/2002 Another bug fix :-( This time it corrects a problem where messages would not be checked for spam if "Virus Scanning = no".
Also fixed "no warnings" problem I created in 4.01-5.
I've had better days...
21/10/2002 Fixed an important bug in 4.01-3 that could cause MailScanner to stop processing mail in certain circumstances. Also corrects spam handling anomalies. I strongly advise anyone using version 4 to upgrade to this release. There are no changes to the conf files at all, so the upgrade should be very simple.
20/10/2002 Fixed an important bug in the RedHat distribution of 4.01. If you are running this version, you must upgrade. It's a 1 line fix, so you can change /usr/sbin/MailScanner by editing it and changing the -I option in line 1 to -I/usr/lib/MailScanner
20/10/2002 Released new version 4.01-1. This is the first production release of the new Version 4. Much faster than Version 3, much more flexible configuration options, suitable for loads from 10 messages per day to 10 million (or more) messages per day. Loads of new features, far too many to mention them all here. Read the Change Log.
10/10/2002 Released version 3.24-1. This improves the reporting of the "Bugbear" virus by putting all the message reports into the text that replaces the entire message. I have also fixed a bug where infected messages with no body could have their first attachment signed with the inline warning.
Note: This also includes another security patch for the MIME-tools modules, to cope with badly-formed attachment headers.
5/10/2002 New alpha release of Version 4 is available.
This includes content filtering by being able to convert HTML in messages into plain text, which is very effective against pornographic spam.
This also includes the first releases of sets of RPMs for RedHat Linux 7 and 8. Note that the RPMs are alpha releases in their own right, so please only try them if you are confident managing RPMs.
It looks like you should add "Bugbear" to the list of silent viruses as it can fake the "From:" address. I have yet to discover if it fakes the envelope sender address as well.
4/10/2002 Released version 3.23-5. There is a new option "Allow Object Codebase Tags" which you can use to disable the Microsoft- specific checks that are not covered by the "Allow IFrame Tags" option.
27/9/2002 Released version 3.23-4. This version detects and protects against messages with external bodies stored on FTP sites and other locations. See the recent BugTraq posting about "message/external-body" messages. There are 2 parts to this: another short patch for MIME-tools and an updated copy of MailScanner to use the patch. I have given copious instructions before on how to install patches for MIME-tools.
If you are using the RPM distribution of MailScanner, just upgrade the RPM and all the patches and new code will be installed for you.
25/9/2002 Released version 3.23-3. The HTML <IFrame> tag test which catches a load of Microsoft-specific security vulnerabilities is now configurable. Just set Allow IFrame Tags = yes.
24/9/2002 Released version 3.23-2. Have fixed the bug which made the maillog swear like a trooper.
22/9/2002 Released version 4.00.0a3. I have fixed a bunch of bugs, including incorrect log reports when finding no viruses. Remember this is still early days yet.
22/9/2002 Released version 3.23-1 and 4.00.0a2.
I have added traps for all known Outlook, IE and Eudora security vulnerabilities, and MailScanner now catches all of the GFI email security tests. This makes MailScanner a complete e-mail security system, rather than just being a virus scanner. See for information about these tests.
Fixed a bug where the "" file would ignore complete e-mail addresses containing a '.' before a '@'.
Version 4 additionally fixes the obvious bug where the check_mailscanner script would not work unless you were in the installation directory when you ran it.
21/9/2002 I have added a "donations" page with a link to PayPal, should you want to make a donation for your copy/use of MailScanner.
20/9/2002 Version 4: The first alpha test release of version 4 is now available from the downloads page. Please do not touch it if you aren't totally happy with it. I have tested it on my own systems and it works okay for me, but more than that I can't say. Your results may vary. The value of your investments may go down as well as up :-)
12/9/2002 Security Release: I have released version 3.22-14. This addresses an exploit recently advertised on the Bugtraq mailing list, involving fragmented email messages which can be easily created with Microsoft Outlook Express.
If you use the tar distribution, you will have to apply the mime-tools-patch2.txt to the MIME-tools module, in addition to the mime-tools-patch.txt I created long ago. If you unpack the MIME-tools into the current directory, then the command "patch -p0 < mime-tools-patch2.txt" should apply the patch. If you have trouble applying the patch, please read the documentation for the patch command or else apply it by hand, it's a very simple patch.
If you use the RPM distribution, applying this patch to your system will all be done automatically.
10/9/2002 Released version 3.22-13. This just contains a few fixes:
Fixes the problem caused occasionally when logging names of file attachments whose names include '%' characters.
Improved Command AV parser.
Improved Sophos.install scripts included.
Simplified the wildcard whitelist checking code when looking for spam, to make it more reliable as previous version fails occasionally.
Fixed Exim setuid/setgid ordering bug.
16/8/2002 Sophos users: If you have ever directly run the script supplied with Sophos, you may have trouble upgrading Sophos to version 3.60. I have modified the Sophos.install script to handle this situation. There are Linux and Solaris/other Unix versions.
15/8/2002 Released version 3.22-12. One very minor improvement to the F-Prot parser (to handle messages possibly containing unknown viruses), and a new configuration option Still Deliver Quietly Deleted Viruses. This feature was added on request.
11/8/2002 Released version 3.22-11. Changes to handle 2 security vulnerabilities (one for Exim, one for Eudora), and 2 other minor changes.
1. Exim users only: there was an internal Perl issue with the handling of Subject: lines longer than 32766 characters.
2. Eudora users only: a vulnerability has been found in certain versions of Eudora, when used with certain versions of Windows 2000, where a buffer overflow problem would arise if the boundary separating MIME sections of a message is longer than 138 characters. A sample exploit has been published on the Bugtraq mailing list. My patch detects and neutralizes attempts to exploit this vulnerability in Eudora.
3. Fixed deletion of core files found in working directory.
4. Added logging to McAfee parser to improve virus-logging.
30/7/2002 Released version 3.22-10. Fixed a minor bug in the spam whitelisting code that would cause whitelisted domains to be sometimes marked as spam.
29/7/2002 Released version 3.22-9. New code in 3.22-8 to fork off MailScanner daemon at startup has been abandoned due to instability problems on a few versions of Solaris. I strongly recommend non-Linux users to upgrade to this version.
27/7/2002 Release version 3.22-8. Bug fixes: spam logging should now log the correct domain, sender warnings now correctly support "Hide Incoming Work Dir" option, code that forks off MailScanner daemon at startup improved to protect from zombie processes on BSD.
23/7/2002 Security alert: Due to a posting on NTBugtraq today, I would advise all MailScanner users to add a "deny" rule for \.mhtml$ to protect yourself against a newly discovered META-REFRESH attack against Eudora.
23/7/2002 Version 3.22-7 improves the F-Prot parser to cope with the new "mass-mailing worm" output it can produce. Many thanks to Alan Ford at Newnet for reporting this one.
Note: I strongly advise all F-Prot users to upgrade.
22/7/2002 Version 3.22-6 addresses a couple of complaints about the new function of the spam.whitelist.conf file matching both inbound and outbound addresses. The syntax of the file has been enhanced to allow for a "From:" or "To:" keyword on each line indicating whether the address should match the sender or recipient addresses of the message.
22/7/2002 I have released version 3.22-5.
A few new features this time:
Spam White List configuration option now gives a filename whose contents are checked against both the sender's address and the recipients' addresses.
Max Spam List Timeouts configuration value gives the threshold for the number of consecutive times a single "Spam List" or "Spam Domain" entry can timeout before it is removed from the list of places to be checked. It will be restored to the list at the next restart (every 4 hours by default).
Max SpamAssassin Timeouts configuration value works the same way as "Max Spam List Timeouts" except it applies to SpamAssassin instead.
Hide Incoming Work Dir configuration option allows you to hide the full directory pathname from the messages sent to users.
Sign Messages Already Processed configuration option allow you to only sign messages once, regardless of how many times it has been scanned by your site.
There are also a few improvements, such as automatic cleanup of core files, improvements to the RedHat init.d script to ease upgrading, improved logging of RBL timeouts, and another form of wildcard in all the files that take addresses and domains. You can now have wildcards like "spam@*" as well as "*".
The RAV installation directory has been changed to /usr/local/rav8/bin which is where the RAV 8.x installation program puts it. The F-Prot autoupdate script now handles stray ^M characters properly, and incorporates the fix recently published by F-Prot.
The "Multple Headers = replace" option is now more robust against bugs in some versions of Perl.
28/6/2002 I have written FAQ 22 on the subject of why MailScanner does not yet support "daemonized" virus scanners as OpenVirusScanner and the daemonized version of F-Prot.
27/6/2002 I have produced a df2mbox script which will convert complete quarantined messages (such as all your stored spam) into "mbox format" files which you can read with pine or Eudora (to name two). See FAQ 21 for more information.
27/6/2002 Version 3.21 released.
This contains a couple of minor bugfixes, and you can now separate MailScanner's logging messages from your sendmail/Exim logs using the new "Log Facility" configuration option.
The "Notify Senders" configuration option has been extended to allow the value "local" where only senders listed in the "Local Domains" list will be notified, and not those outside those domains.
There is a new "High SpamAssassin Score" configuration value to set the minimum SpamAssassin score above which the "High Scoring Spam Action" setting applies.
There is a new "High Scoring Spam Action" configuration value to set the action applied to all messages whose SpamAssasssin score is greater than the "High SpamAssassin Score".
25/6/2002 A small bug has been found in the SpamAssassin report-handling code. This can cause the delivery of a very small percentage of spam email. The fix is 1 line, and involves simply editing and adding the line
$SAreport =~ s/\s+$//g if $SAreport;
after the line that says
$SASaysSpam = 0 unless $SAreport; # Solve bug with empty SAreports
which is line 285 in the latest release.
23/6/2002 Released version 3.20-7.
This corrects a small problem with the mail queue ownership (if you don't run MailScanner as root).
Messages containing viruses listed in will now be delivered (clean) to the recipient just as normal, but the sender will not be informed; this is a slight change to the previous operation of this option.
The RedHat RPM init.d script has been improved: it now supports a "status" command, and if you change the outgoing queue delivery interval this value can be kept across upgrades.
20/6/2002 Written a much better RedHat Linux /etc/rc.d/init.d/mailscanner script.
19/6/2002 RPM installation now has latest MailTools package, V1.46. Tar distribution is unchanged.
19/6/2002 I have fixed a problem where, rarely, a message will get a blank SpamAssassin report, which will cause email filters to consider it as spam. Released Version 3.20-5.
18/6/2002 I have written an autoupdate script for F-Prot. It aims to do exactly the same as the one supplied with F-Prot, except that it also does the proper file locking so that MailScanner cannot attempt to use F-Prot while the update is actually happening.
17/6/2002 Released Version 3.20-4. This corrects the problems some users have experienced getting false alarms from SpamAssassin.
15/6/2002 I've come up with a possible solution if you are getting false alarms from SpamAssassin, where a message gets marked as spam even though the "hits" < "required_hits". Try applying this patch and see if it solves the problem. Please let me know how you get on.
15/6/2002 Everything seems to work okay with SpamAssassin 2.30. Check the mailing list archives to see my experiences installing and testing it.
14/6/2002 Released Version 3.20. Many new features and improvements in this release. For fuller details read the ChangeLog (in the docs directory) and the mailscanner.conf documentation.
Some of the new features/improvements in this release are:
Moved McAfee support from "mcafee" directory to "uvscan" to make McAfee installation simpler.
Added support for Panda and RAV virus scanners, bringing total supported to 10
Many performance optimisations
Added configuration option to list viruses that should be quietly deleted without informing the sender or recipient. A good example is the "Klez" worm
Improved performance of SpamAssassin by pre-compiling all code
Added configuration option to enable SpamAssassin's "auto-whitelist" functionality
Added optional internal TNEF expansion using CPAN Perl Convert::TNEF module
Updated version of MIME-tools module shipped and included mime-tools-patch.txt from Bugtraq
Added support for RBL lists that work by domain name rather than by IP number
Note for Exim users only: Due to a re-write of the locking code, MailScanner currently supports Linux, BSD (any variant), Solaris, AIX and IRIX. If you are using a different OS such as HP/UX, please contact us so we can quickly add support for your system.
10/6/2002 MailScanner has got a good write-up on Here is the full article.
7/6/2002 Security patch for MIME-Tools
A member of the Bugtraq mailing list has found some potential security problems with the MIME-Tools module that MailScanner uses. They have released a patch which they claim resolves these problems. I have tested it on my systems and it does not appear to cause any problems. It is a patch for version 5.411 (latest stable release) of the MIME-Tools module, so if you do not have that version yet then you should download it from and unpack it, then apply the patch.
20/5/2002 Released Version 3.15-3. Fixed bug where non-spam messages from whitelisted hosts/networks, when SpamAssassin header was always included, would give an empty SpamCheck: header.
19/5/2002 Released Version 3.15-2. Couple of minor fixes.
19/5/2002 Released Version 3.15. No very major changes this time, but a few improvements that have been requested:
Added "Always Include SpamAssassin Header" option so you can have spam reports on non-spam messages
Added "default" rule to spam.actions.conf file. See the supplied file for an example, and the documentation
Implemented switch to control logging of allowed attachment filenames
Most systems will no longer need "syslogd -r" for logging to work
F-Prot parser handles non-working copies of viruses
RPM file now saves config files rather than overwriting them
17/5/2002 I have just added a FAQ that explains how to use MailScanner when your mail server runs Microsoft Windows or any other OS you care to mention, or any other mail system I don't support (e.g. Postfix, Qmail, Exchange, NTMail, etc).
14/5/2002 Released Version 3.14. Changes for this version are:
Implemented per-user and per-domain control of what to do with spam
Added "Subject:" line modification for viruses, same as for spam
SpamAssassin report now also includes names of successful tests
Infected "multipart/alternative" messages are converted to "multipart/mixed" so that virus warning can always be seen.
Files which pass the filename rules are now logged
Added section about "exim_tidydb" command to Exim docs
File "" can now be a copy of Exim domain map file
Added ".scr" to supplied list of banned filename extensions
Added another FAQ (12) about settings for high-volume mail servers
Fixed tainting bug in ClearOutQueue()
Made documentation stylesheet a local file
Fixed handling of "Return-Path:" header
Fixed case sensitivity bug in local domains file
Fixed bug in Sophos autoupdate to account for new "vdl" filename
11/5/2002 Next release due soon. I have implemented per-user and per-domain control of what to do with spam (deliver/store/delete), and added modification of the subject line in messages that had a virus in them.
I have fixed a few minor bugs such as handling infected multipart/alternative messages rather more neatly, and the Sophos autoupdate code (which broke when Sophos changed the VDL filename).
25/3/2002 Released version 3.13-1.
Fixed bug where carriage return characters embedded in subject lines could stop MailScanner being able to extract files from the message.
Fixed bug in Sophos NSV autoupdate code.
7/3/2002 Released version 3.12-5.
Fixed bug where McAfee auto-updating script used the wrong lockfile.
5/3/2002 Released version 3.12-4.
Fixed bug causing "Mail Archive" feature to not work. Sorry!
5/3/2002 Released version 3.12-3. Changes from previous version are:
Domains To Scan now supports wildcards, e.g. *,
Spam White List now supports wildcards, e.g. *,
Greatly improved F-Prot parser (this should be the last major change to the parser),
Support for SpamAssassin 2.1 and upwards,
Stopped McAfee wrapper producing "kernel: cdrom open failed" errors,
New feature: Mail Archive to save all incoming mail to a directory,
Support for Inoculan 4.x virus scanner.
Fixed the bug in changing the subject line when spam-tagging with Exim (hopefully!)
Note: I would strongly advise all F-Prot users to upgrade to this version.
2/3/2002 I have added support for SpamAssassin version 2.1, but have had to remove support for earlier versions. It will complain at startup if your SpamAssassin is too old.
I have also added Inoculan 4.x support, provided by
25/2/2002 I have improved the F-Prot parser some more, it should now cope with all the output that F-Prot can generate.
22/2/2002 Modified feature: I have changed the "Spam White List" to support wildcards in the same say as the "Domains To Scan" list described below.
21/2/2002 Modified feature: I have changed the "Domains To Scan" list when scanning by domain. It will now match any address whose domain ends in one of the names listed in the file. So putting * in the file will cause all mail to/from to be scanned, as well as all mail to/from
This code will be included in the next release, but please ask if you want it before then (release date unknown at the moment).
15/2/2002 Security Alert: A bug in Microsoft Outlook Express has been brought to my attention. By exploiting this bug, Outlook Express can be made to see a file attachment that is embedded in the message headers, and is currently not checked by MailScanner. As far as I am currently aware, no virus is yet exploiting this security hole. However, it is a simple 1-line fix to solve the problem, and I have just released version 3.11-1 to solve it.
12/2/2002 Version 3.10-4 released.
F-Prot parser updated to recognise output about "destructive programs".
12/2/2002 Version 3.10 released.
Virus scanning per domain now implemented. It's an "all or nothing" switch per domain, I'm afraid. Keeps it simple. One or two minor bugfixes and improvements to some of the support scripts, please don't ask for too many details (I can't quite remember :-)
28/1/2002 Emergency: The MyParty virus slips through versions of MailScanner before 3.04-1. You must update to 3.04-1 to be able to catch this virus. If you want to fix it without upgrading, find the function DefinitelyClean in and insert "return 0;" at the start of the function.
21/1/2002 There are now some graphs showing the number of downloads by month and by version. Yell at me if they get out of date...
21/1/2002 Due to a very generous gift from Paul Welsh (a MailScanner user), I now have the addresses, and all pointing to this site (in addition to which I had already). Many thanks to Paul for this!
17/1/2002 Version 3.03-1 released. New features/changes/fixes include:
Several virus scanners can now be used together.
X-MailScanner-SpamCheck: SpamAssassin headers now include the number of hits.
Lock File Dir configuration option.
Improved F-Prot output parser to fix handling of joke programs, trojan programs and encrypted archives. All F-Prot users should upgrade.
F-Prot output parser no longer stops when it gets output it doesn't recognise.
Minor Inoculate and CommandAV parser fixes.
Double-bounces of MailScanner messages now go to local postmaster.
Fixed wrapping of virus scanner reports.
Fixed bug where virus scanner would still be called with "Virus Scanning = no".
Fixed bug in subject line spam tagging for Exim. All Exim users should upgrade.
Improvement to Sophos.install, checks for script before calling it.
8/1/2002 Bug fix to improve stability and to stop Perl core dumping.
Bug fix causing SpamAssassin to mark everything as spam.
Bug fix in F-Prot parsing code to support trojans and backdoor programs properly. All F-Prot users should upgrade.
Bug fix in Inoculate parsing code. All InoculateIT users should upgrade.
Improvement to logging when viruses originate from inside your own network.
Changed localdomains.txt to localdomains.conf.
Release of version 3.02-1.
All users having any problems should upgrade.
5/1/2002 Bug fix in InoculateIT parsing code and release of 3.01-3.
4/1/2002 I have fixed a problem scanning inside Zip files with F-Prot and released version 3.01-1.
4/1/2002 I have written some notes about the Minimum Code Status configuration option, as it seems to be causing some confusion (especially among users who haven't read the documentation :-)
4/1/2002 Improved the code that links messages between the queues when moving them. Minor change to
3/1/2002 Fixed a problem in the tar distribution where the mailscanner script was wrong. Nothing has changed in the RPM distribution.
3/1/2002 The previous version (2.60-2) was downloaded 3,441 times. As I know that quite a lot of you never upgraded to that version, I would estimate the number of MailScanner users out there to be at least 4,000 !!!
3/1/2002 Version 3.00 released. Loads of new features in this version:
  • Support for new virus scanning engines (as well as Sophos and McAfee):
    • F-Prot -- free for Linux at the time of writing this page
    • F-Secure
    • Kaspersky
    • CommandAV
    • InoculateIT
  • Add a signature to clean messages showing they were scanned by MailScanner, in either/both text and HTML
  • Include the full message headers in virus reports to the local Postmaster
  • Support for the SpamAssassin project to greatly improve the success of spam identification. See for installation instructions.
  • Stop messages that ever had a virus in them leaving your site, even after they have been cleaned up and had viruses removed. Saves washing your dirty linen in public!
  • Set the attachment warning filename so it doesn't have to be VirusWarning.txt any more
  • Support for Sophos' (undocumented) built-in TNEF decoder to improve the decoding of Microsoft Outlook Rich Text Format attachments.
  • Latest version of the public domain TNEF decoder included.
  • Revised filename.rules.conf file to set the order of the rules correctly
13/12/2001 Quite a few people have asked about monitoring MailScanner using MRTG so they can draw some graphs showing mail throughput, number of viruses caught, and so on. I have written a page about MRTG support which includes the scripts and configuration files I use to do it.
13/12/2001 The new version is close to completion. For a sneak preview of some of the new features, look here for any mention of "3.00". There are a few new keywords and a few updated ones.
7/12/2001 Things have been a bit quiet on the MailScanner front recently. There have now been over 2,300 downloads of version 2.60-2. Work on the next version is in progress and I expect to release something around Christmas time.
7/12/2001 Got onto the Cover Disc of the December issue of Linux Format magazine. They don't say much about it, but they did include it which is nice.
7/11/2001 Won "Best Of Linux" award on He also wrote a very nice review.
29/10/2001 Released version 2.60.
Description is as below, there are now more text files in the etc directory to customise. I have also tweaked the timeout code again to make it more reliable.
24/10/2001 The next version, 2.60, is on the way. I have added more text files to the etc directory so that users get different responses (and replacement attachments) depending on whether it found a virus or whether it failed one of the filename traps. This should make things easier to understand for our poor hard-done-by users :-)
23/10/2001 Released version 2.54-1.
This is a bug-fix release, corrects a problem with modifying the subject line of spam when using Exim. This change does not affect sendmail users at all.
The Linux version now uses wget instead of lynx due to problems seen with some versions of lynx when running from crond.
Also, to reduce the number of problems related to MIME-tools, minimum version numbers of some modules are now checked.
18/10/2001 Released version 2.53-1.
This includes improved handling of unparsable messages, and should also resolve any outstanding problems with timeouts that were present in version 2.52. It also logs its version number when it starts up.
16/10/2001 I have just found a bug that under rare circumstances (a MIME message badly formed in a very particular way, only originating from Apple Macs) MailScanner would fail and stop. This is the first time I have seen this happen in over a year of use. However, I have improved the handling of badly formed messages enough so that nothing stops. The fix will be included in 2.53 due out at the end of this week.
12/10/2001 Update on 2.52: The code fix I propose is working well so far, if you want a copy of the 2 new files then mail me, otherwise I'll release it towards the end of next week if it's proved to solve the problem.
2.52 is having one or two problems, I suggest you use 2.51 until I manage to prove that my fixes work. More news as it happens...
9/10/2001 2.52-2 contains updated text in the Linux RPM distribution. The tar distribution is exactly the same as 2.52-1.
9/10/2001 2.52-1 released. Added configuration option "Deliver in Background" which makes it run the sendmail processes in the background instead of waiting for them to complete.
Also the Linux RPM uses wget rather than lynx to fetch Sophos updates (in /usr/local/Sophos/bin/autoupdate) as it is better for cron jobs than Lynx.
I have also removed the sample file from the distribution altogether as it continues to cause confusion.
5/10/2001 Any remaining problems with timeouts apparently not working have been solved. This will be in release 2.52-1 which you can have on request if you urgently need it, else I'll release it around the end of next week. I have also added a configuration option to allow the "sendmail" processes to be all run in the background, instead of waiting for them to complete.
It will also use wget on Linux instead of lynx as it is more suited to running from a cron job.
4/10/2001 2.51-2 released. Slight bug in stopped the removal of macros viruses from attachments working. *No* viruses would get through as a result of this bug, just one of the nice features of this package wouldn't work.
4/10/2001 2.51-1 released. Added configuration option "Deliver Unparsable TNEF" to allow compatibility with earlier behaviour where Microsoft Outlook Rich Text Format attachments that could not be decoded were still delivered. The default is "no".
2/10/2001 2.50-2 released. Corrected one typo in (that's all).
1/10/2001 Version 2.50 released. New features are all mentioned below, and new mailscanner.conf switches are documented.
27/9/2001 Version 2.50 will also feature a "spam white list" consisting of a file holding email addresses and email domains from which you will accept mail without ever marking it as spam.
26/9/2001 MailScanner is now right near the top of the ratings chart at FreshMeat. If some more people could vote, we might make it to number 1 again!
Version 2.50 is near completion. This will feature timeouts to prevent Denial Of Service (DoS) attacks by people sending you things like the Zip of Death file (a small zip file which expands to thousands of terabytes). It will also feature the new version of the TNEF decoder, with an extra switch added to avoid other DoS attacks. And a couple of minor features requested by users (turn off virus scanning, turn off delivery of cleaned messages to users).
10/9/2001 Version 2.42 released.
This version allows you to modify the Subject: line of messages identified as being likely spam. There are 2 new configuration variables controlling this, "Spam Modify Subject" and "Spam Subject Text" which are both documented.
3/9/2001 We have discovered a problem in the Exim installation notes. Taking the steps given to stop the incoming Exim from ever accidentally delivering mail, will also cause it to operate as an open mail relay. This is okay if it is one of your internal mail servers, but obviously is very bad if it is one of your MX hosts. For now, please don't follow these 3 steps until we find a better solution.
31/8/2001 Version 2.41-2 released.
There is a slight bug in the Sophos autoupdate script, which in some situations may cause the wrong IDE files to be fetched from Sophos, if the version of Sophos has been updated since it was originally installed. This is due to Sophos' installation program leaving an old version of a file lying in the sophos/lib directory.
Either install the entire latest release or just fetch the appropriate replacement Linux or Solaris/Unix script.
30/8/2001 Version 2.41 released.
New feature is more intelligent handling of MailScanner status headers when a message has passed through multiple MailScanners. It is now configurable, but the default behaviour is to append new information to the existing X-... header, rather than add a new header.
29/8/2001 Important: I have discovered that some of you may have corrupt copies of the tnef binary, which is in the MailScanner bin directory and is used to unpack Microsoft Outlook Rich Text attachments. To test it, cd into the bin directory and run the command ./tnef --help which should produce a help message. If it doesn't produce a help message, please download a replacement Linux or Solaris binary and copy it into this directory, ensuring that you have permission to execute it (type chmod +x tnef* in the bin directory).
This issue will be fixed in the 2.41 release due in the next few days.
29/8/2001 Installation guide now available in Portugese.
15/8/2001 Version 2.40 released.
Save a copy of your /etc/, and /usr/local/MailScanner/etc or /opt/mailscanner/etc files before installing the new version as the upgrade may well overwrite them (particularly when using the Linux RPM).
There are several new configuration file options, read the documentation carefully and merge your mailscanner.conf customisations into the new supplied version of this file. Make sure that any long lines (eg. the "Inline HTML Warning") don't word-wrap in your text editor!
There is also 1 new addition to my suggested filename.rules.conf file (to trap .reg files).
Managed to propogate a bug in /etc/rc.d/init.d/mailscanner from the previous version of the Linux RPM, hence there's now a 2.40-2 RPM.
15/8/2001 Discovered the official version of how the RBL+ works, thanks to Michael Forrest. The line of code in mentioned below for using the RBL+ should read
   if ($RBLEntry =~ /^127\.[01]\.0\.[1234567]$/);
12/8/2001 Created a mailing list, subscription instructions are shown above in the "Talk To Me" section.
10/8/2001 Version 2.40 is now in testing, hopefully will release next week.
Changes include:
  • Merged Sendmail, Exim, Sophos and McAfee versions into the same code
  • Can now insert a warning message directly into the body of a disinfected message, which can be used to warn the user that they should read the VirusWarning.txt attachments. Plain text and HTML versions of this warning are provided in the configuration file
  • Delivers messages in batches with sendmail and exim for speed
  • Improved Exim file locking
  • Support for MAPS RBL+ incorporated
  • Fixed McAfee dying-after-disinfecting bug
  • Linux now successfully writes to syslog (see the FAQ)
  • Lots of internal re-organisation to make the code easier to maintain
9/8/2001 Added an Installation FAQ. All suggestions for questions (and answers) are welcome.
6/8/2001 Support for the RBL+ spam list. Due to not having a subscription before, I never discovered that it produces different format results from the other MAPS lists, so you need to make one small change to the source:
Look in for the string 235 and you'll only find 1 occurrence. Change that line to read
   if ($RBLEntry =~ /^127\.[01]\.0\.[12345]$/);
Then add the line
   Spam List = MAPS-RBL+,
to mailscanner.conf and you're away.
6/8/2001 Version 2.40 is almost ready. Significant changes are:
1. Support for RBL+
2. Merged Exim and Sendmail versions into one
3. Warning message can now be added to the top of the message body, making it easier for users to understand what the VirusWarning.txt attachments mean. Both HTML and plain text supported.
If you want other features, please request them now.
29/7/2001 Added a list of users of MailScanner.
Discovered minor bug in Linux distribution, please uncomment the call to mailscanner in /etc/rc.d/init.d/mailscanner.
10/7/2001 Sample mailscanner.conf file updated to include use of ORBL and ORDB replacements for the now-defunct ORBS open mail relay database.
14/6/2001 Exim version of 2.30 released.
12/6/2001 McAfee compatibility added to Release 2.30.
8/6/2001 Release 2.30-2 produced. This includes minor corrections to file permissions, and includes the missing sophoswrapper script.
7/6/2001 Release 2.30 produced.
This release includes automatic disinfection of macro viruses and any other viruses that can be disinfected (Sophos only, not McAfee yet).
31/5/2001 Exim installation notes finally put on-line.
Solaris release check_mailscanner script corrected to use SysV ps command. Release 2.20-2 for Solaris/non-Linux systems produced.
29/5/2001 Linux distribution of Version 2.20 released for sendmail and Sophos.
McAfee versions of 2.20 released so you don't have to use Sophos. I personally still strongly recommend Sophos over McAfee.
25/5/2001 Version 2.20 released for sendmail and Sophos. This release decodes Microsoft's MS/TNEF format and virus-checks the files contained within. This release also includes a greatly improved Sophos autoupdate script and a script to automate installation of Sophos.
24/5/2001 Someone has reminded me that the McAfee code has disappeared. Expect it back soon!
24/5/2001 I have got proper MS/TNEF decoding working, using the tool at Expect to see a new release (probably version 2.2) very soon. Exim version of it will follow a few days later.
24/4/2001 There are some new plans for the next version.
23/4/2001 New release for Exim, fixed some "header munging" bugs
19/4/2001 Version 2.14 released for Exim mail transport agent, so you don't have to use sendmail if you don't like it or find it rather too scary ;-) Documentation will follow, mostly just have a good read through the supplied mailscanner.conf file.
18/4/2001 In some installations of sendmail 8.11.3, MailScanner would fail to detect viruses properly. This has been found and fixed. Version 2.14 released as both a tar file and as a Linux RPM.
9/4/2001 I have updated the RPM distribution and fixed the file location errors. Should work straight out of the box much more easily now. Have done more testing on sendmail 8.11.3 from and it detects viruses fine on that version.
30/3/2001 I have updated the filename.rules.conf file to include some more known dangerous Microsoft file extensions. This now includes all the extensions which are known to be hidden even when you have Windows Explorer set to show all file extensions.
23/3/2001 I have prepared an RPM distribution of MailScanner for Linux. This should make it far easier to install. Just download it, install the RPM, correct the "DH" and "DM" lines in /etc/ and you are up and away. If you are interested, the RPM spec file used to build it is here as well.
Click here  

[Powered by Google]   Translate this page to 

Julian Field