qmail-scanner 2.10

[breun]

Changes since 2.08 (currently in Atomic) according to http://qmail-scanner.sourceforge.net/CHANGES:

2.10 16/Aug/2011

* ./configure now exits if you choose a "--lang" language
that isn't supported
* Change Received: header used to show diagnostic detail
to X-Qmail-Scanner-Diagnostics: - that will make SpamAssassin
happier
* changed password-protected zip files to not bother
unpacking them - just a waste of time
* Team Cymru Malware Hash Registry (MHR) support added.
NOTE: even though this is a free, DNS-based AV service, it
is free for non-commercial use ONLY. Please see their website
for details

2.09 22/Sep/2010

* Added DLPmonitor feature. If you want to use clamAV or perlscanner
to block the movement of intellectual property/etc (i.e DLP),
you can create rules that will enable Q-S to treat such files/data
identically to viruses. However, it is common to want to *track*
such events first (to get a feel for false-positives), so
$DLPmonitor_REGEX enables you to define a regex of strings
that cause Q-S to archive and log as "DLP:" - but otherwise
treat as "Clear", non-quarantine events

* Added ${V_HEADER}-Remote-OS: header contain OS of SMTP client
as discovered if you are using qmail-delay with p0f. Adding it
as a header means SA can use the OS information for rule checks.
Be aware that NAT gateways at either end can adversely affect
the results p0f discovers, so this feature may not work well
in your particular environment. This header by itself doesn't
do much - you'll have to write SA rules to use this "meta data"

* Changed internal localization from "C" to "en_US" to workaround
bug in latest reformime.

* small debugging changes. Thanks to Toni Mueller

* HBEDV change. New version has replaced "antivir" with "avscan".
Thanks to Wolfgang Hamann for the patch

[faris]

Interesting!

But the current qmail-scanner RPM is kind of broken, in that it doesn't uninstall cleanly, and doesn't re-install correctly. At least that's how I remember it -- this is why you have to go through the Breun Qmail Dance (tm) to get it working again if a Plesk MU screws things up, instead of just doing a reinstall or uninstall-install, yes? (or no?)

If my understanding of this is correct, could you have a poke around for us to see if anything can be improved please Scott? It would save a lot of people a lot of tears and it would be very much appreciated

[breun]

I see qmail-scanner-2.10-8 has appeared in the atomic channel.

Code: Select all

# rpm -q qmail-scanner
qmail-scanner-2.10-8.el5.art.x86_64

However, the mail headers keep reporting qmail-scanner version 2.08 and indeed in /var/qmail/bin/qmail-scanner-queue.pl I find the following lines:

Code: Select all

my $VERSION="2.08";
my $st_version="20100626";

Removing /var/qmail/bin/qmail-scanner-queue.pl and running qmail-scanner-reconfigure generates a new file with version 2.08. I don't really understand why, because /usr/share/qmail-scanner/qmail-scanner-queue.template has these lines:

Code: Select all

my $VERSION="2.10";
my $st_version="20111118";

Does anyone have any idea what's up here?

[breun]

I found another bug in the new qmail-scanner package: /etc/logrotate.d/qmail-scanner has 'missngok' on line 26. I guess this should be 'missingok'.

I found this because cron sent this:

Code: Select all

/etc/cron.daily/logrotate:

error: qmail-scanner:26 unknown option 'missngok' -- ignoring line

[breun]

We've reverted to qmail-scanner-2.08-5, because 2.10-8 seems too buggy. Apart from the issues mentioned above we've also had problems with fresh installations of 2.10-8 not generating qmail-scanner-queue.pl at all.

[faris]

That's not good. I'm glad I've not upgraded to -8 yet

I wish I was confident enough to build these myself.

[breun]

The qmail-scanner-2.10-9 does seem to work, but /etc/logrotate.d/qmail-scanner still has 'missngok' instead of 'missingok', so we had to patch that ourselves.

[breun]

This is fixed in qmail-scanner-2.10-10 which was just released.