v5/changelog
Shawn Iverson 5e730ed212
Milter Hotfix (#623)
* Integrate working version of Sendmail::PMilter

* Update VERSION, changelog
Add failsafe mechanism to MSMilter
2022-10-29 14:24:38 -04:00

458 lines
16 KiB
Text

10/29/2022 Changes in v5.4.5-3
==================================
- Integrate working version of Sendmail::PMilter (milter)
(Version 1.2x from CPAN not working with postfix currently)
10/09/2022 Changes in v5.4.5-2
==================================
- Remove v5.4.5-1 from beta
- Fix dat file check not allowing files through
- Fix attachment mode not adding new MIME header
- Fix external message warning not always appearing
- Fix extraneous newline appearing in received header (milter)
- Bump milter to v1.7
07/03/2022 Changes in v5.4.5-1
==================================
- Add support for unrar v6x
- Add f-secure-12 support for allow password-protected archives
02/20/2022 Changes in v5.4.4-1
==================================
- Override Filetypes feature
- Generalize detection of dat files
- Improved handling of milterout queue files
- Unfold Received header (postfix/sendmail)
- Ensure HTTP::Date perl module is installed
- Fix IP::Country::DB_File (Suse)
01/04/2022 Changes in v5.4.3-2
==================================
- Remove default hosted 1x1spacer.gif
- Include base64 encoded 1x1 spacer
- Add missing file wrappers to packages
11/28/2021 Changes in v5.4.3-1
==================================
- Refine HTML Disarm logic (detect premature pipe end)
11/25/2021 Changes in v5.4.2-3 (beta)
==================================
- Revised logic for HTML Disarm (close in child only)
11/14/2021 Changes in v5.4.2-2 (beta)
==================================
- Eliminate queue id change in MSDiskStore.pm
11/14/2021 Changes in v5.4.2-1 (beta)
==================================
- Check for /usr/local/bin in path for ms-configure
- ESETS EFS Support
- Milter cleanup after restart
- MSMilter handle file handling before DISCARD
- Set F-Secure to use ScanOptions
- Close pipe in parent only for HTML Disarm
- Milter Authenticated Spam Skip enhancements
- Fix Received header detection in MSMilter
- F-Secure 12 Support
- Limit queue processing to child-owned queue files in MSMail.pm
- Properly detect permfails with code 5xx in MSMail.pm
09/19/2021 Changes in v5.4.1-3 (beta)
==================================
- Support for F-Secure version 12+
- Milter queue processing for child-owned queue files
08/08/2021 Changes in v5.4.1-2
==================================
- Update inline.internal.warning.html (translation)
- Update inline.external.warning.html (translation)
- Declare code in v5.4.1-1 production ready
01/25/2021 Changes in v5.4.1-1 (beta)
==================================
- Option to ignore DAT file type check
- Fix TNEF unparse behavior and work file permissions/ownership
- Reset opts variable causing unwanted notifies
- Fix mangling of sender in pre-header (preserve first occurrence)
12/04/2020 Changes in v5.3.4-3
==================================
- Ignore QP DOS Failure option and body fix
- Process all links during phishing checks
- Output to stdout/stderr when running in foreground mode
11/04/2020 Changes in v5.3.4-2
==================================
- Revert milter substitution of RCPT TO
09/07/2020 Changes in v5.3.4-1
==================================
- Add RFC 3461 RCPT TO Service Extension support (milter)
- Change Received header continuation spacing to tabs (milter)
- Fix pair of typos in ms-configure (rhel)
05/12/2020 Changes in v5.3.3-1
==================================
- Fix broken MIME Filetype logic
- Add support for the Kaspersky Scan Engine AV
- Add support for the Avast Daemon AV Engine
- Remove duplication in AV code
- Add support for the F-Prot Daemon Anti-virus Engine
- Add support for the F-Secure Daemon Anti-virus Engine
- Add support for the Sophos SAVID Daemon Anti-virus Engine
- Simplify build scripts
- Move new builds to release tags
04/25/2020 Changes in v5.3.2-2
==================================
- Fix errors with exim RBL bypass
04/25/2020 Changes in v5.3.2-1
==================================
- Support bypass of RBLs for authenticated connections in Exim
- Fix quarantining of relay rejected emails (milter)
- Eval WordDecoder in Exim
04/17/2020 Changes in v5.3.1-3
==================================
- Include /usr/local/bin and /usr/local/sbin in ms-cron PATH
04/11/2020 Changes in v5.3.1-2
==================================
- Rollback strategy for spamassassin on failure (RHEL/SUSE)
04/11/2020 Changes in v5.3.1-1
==================================
- Detect DOS attempt in Quoted Printable MIME parts (Security Fix)
- Support for latest RHEL, Debian, SuSE
- Support latest SpamAssassin (3.4.4)
- Require latest SpamAssassin (Use CPAN)
- Use cpanminus by default
- Disable config check for removed settings
- Update Clamd socket path (RHEL)
- Add PowerTools option (RHEL 8)
01/19/2020 Changes in v5.2.2-1
==================================
- Fix LocalSocket substitution in latest clam config (path changed)
- Set ownership of milter queues during ms-configure
- Correct naming of debian package
- Unpack img files and include all unpackable file extensions
- Preserve all header flags in Sendmail
- Remove deprecated clamav functions
- Fix File MIME Types checking
- Support for new Exim 4.93 queue format
- Update de rules translations
- Add report substitution to ReadExternalWarning
11/15/2019 Changes in v5.2.1-2
==================================
- Add QUICKPEEK variable to msmilter-init
- Add libdb-dev missing debian dependency
- clamavmodule (Mail::ClamAV) deprecated with warning
11/03/2019 Changes in v5.2.1-1
==================================
- External message warning support
- Scan silent viruses also for spam option
- Fix silent virus delivery behavior
- Keep batch during A/V scan failure and back off for 30 seconds
- RHEL/CentOS setenforce 0 (install)
- Move ownership and permissions to post (install/update)
- Eval WordDecoder Subject
- Allow scan 7z archives if 'Find Archives By Content = no'
- Use correct callback in debug message in milter
- Honor whitelistmaxrecips in milter
- Refactor to host MailScanner using standard package management
03/03/2019 Changes in v5.1.3-3 (unreleased)
==================================
- Additional checks for empty queue id in milter
- Update esets-wrapper-README and make sudo optional
- Better process kill handling during stop
- Reap children when stopping milter
- Fix temp file cleanup in milter during stop
- Ignore Denial of Service option (workaround)
- Add additional base packages to debian install
01/27/2019 Changes in v5.1.3-2
==================================
- Add sudo and README for esets-wrapper
- Handle ipv6 packed socket properly in MSMilter
- Fix path for avg-wrapper in virus.scanners.conf
- Fix AVG output parsing in SweepViruses.pm
- Fix absolute path in Sophos output parsing in SweepViruses.pm
- Add config option for mailto phishing highlighting
12/23/2018 Changes in v5.1.3-1
==================================
- Use literal 'mailto:' for mailto phishing detection
- Handle HTML entities in mailto phishing detections
- Enforce 7 bit characters for filename checks
- Revert decode_headers workaround
- Esets catch error reading archive
- FixSubstringBoundaries removed
- Add "for <...>; date-time" to MSMilter Received: header.
- Milter add 'Authenticated' note to Received: header for SASL auth mail
- Milter refactor to capture real postfix id
- Remove CRs for QMQP processing
- Display correct log warning for QMQP socket
- Milter QMQP support added
- Option to reveal URLs in links added
- Add support to detect mailto: phishing
- Get rid of artifacts in AVG output lines
- Check for Run As User during postinst and use if defined (debian)
- Refactor milter to support multiple emails per session
- Fix missing subject field following a To: header
- Quarantine support option for DOS protection added
- Fix milter to allow modified recipients
- Add postfork support to milter
- Fix milter adding previous message recipients
10/26/2018 Changes in v5.1.2-2
==================================
- Disable rbl check if user is authenticated (postfix)
- Preserve utf-8 header data
- Add additional services to systemd unit
- Simplify esets output
- Add newline to virus.scanners.conf
- Exclude predata headers in quarantine files (milter)
10/20/2018 Changes in v5.1.2-1
==================================
- Patch Mail::ClamAV to allow install for SuSE builds
- 7zip handle spaces in filenames
- Clamd full message scan
- Detect fax and tel links
- mime_perl_to_string fix for ignored handler
- Add Kaspersky Linux Mail Server support
- Ignore "archive damaged" in esets scanner output
- Cleanup reports, add en_uk reports
- Workaround MIME::Parser failing to decode UTF-8
- Refactor milter to fully support multiple original recipients
- Refactor milter to support large messages
- Refactor milter to reject blacklisted emails early
- Fix off by one header add in milter
- Look for all recipient records in DeleteRecipients
- Update milter doc to 1.3
- Remove invalid Apparmor code in debian package
- Fix condition concatenation in ms-update-phishing
- Fix mktemp in clamav-wrapper for FreeBSD11
- Add DrWeb virus scanner support
- Fixes for clamav on rhel variants
08/25/2018 Changes in v5.1.1-1
==================================
- Remove space in "Clam AV"
- Support enable_original_recipient=no in postfix
- Check CPANOPTION and add verbosity
- Better AV scanning loop with retry attempts
- Refactor AV scanning loop
- Revert escaping spaces in unrar (already strict quoted)
- Cluster friendly update scripts (check for PID before restarting)
- Milter support option for MailScanner
- Fix postfix long queue ids getting suffixed with key
- Support ClamAV 0.100.1+ configuration change in RHEL/CentOS 7
06/17/2018 Changes in v5.0.7-4
==================================
- Switch to gzipped phishing update files
- Fix for no virus scanner defined
- Fix configuration chaining for SA rules actions in rulesets
- Fix mime decoding deprecation
- Allow wildcards in phishing lists
- Update MIME::Tools using CPAN
- Fix removal of MailScanner.conf if MailScanner is removed
- Add support for Fedora 28
- Add perl-LWP-Protocol-https (RHEL Variants)
04/29/2018 Changes in v5.0.7-3
==================================
- Fix copy of CustomFunctions directory in debian install
- Fix untaint of $safename var in unpack7zip
- Respect process exit code of Message::SafePipe
- Fix systemd file syntax in RHEL/CentOS
- Remove rotating indication in ms-init
- Add ldconfig to end of install.sh
02/03/2018 Changes in v5.0.7-2
==================================
- Use mtagroup for tmpfiles.d clamd.scan (CentOS/RHEL 7)
- Remove spaces from CURLORWGET = 'wget'
- Fix one typo and a bit of grammar in DE translations
- Fix ms-update-sa reload for systemd
- Fix ms-update-bad-emails for systemd
- Change current working directory on MailScanner invocation
- Fix ms-update-phishing to suppress cron output
- Remove support for systemd reload
- Use /etc/tmpfiles.d for /var/run/clamd.scan configuration (CentOS/RHEL 7)
- Update ms-update-phishing to use restart instead of reload
12/25/2017 Changes in v5.0.7-1
==================================
- Fix parsing an email address into local-part and domain
- Fix syntax in Debian/postrm
- Escape space before passing to unrar extract
- Add gz to unzipable files
- Only run freshclam if it is not running yet (debian)
- 7zip support
- Remove execute flag on systemd service (debian)
- Add update flag to install.sh
- Fix configuration chaining for spamassassin rules actions
- Add --force for cpanm
- CentOS/RHEL 7 clamav configuration support
- Fix broken clamav install prompt block
- Include 2 perl modules for spammassassin from debian tree
- Support for Fedora 27
- Fix install.sh modifying clamav-wrapper before MailScanner is installed
- Add mariadb as a prerequisite service for mailscanner systemd unit
09/29/2017 Changes in v5.0.6-5
==================================
- Return result of mta installation
- Automation flags for all major distros
- Fix config filename to mcp.spamassassin.conf
- Point broken links to wayback machine for mcp
- Properly detect long queue IDs for postfix
- Preserve MailScanner.conf during upgrade
- Fix finding of configured SyslogFacility
- Properly suppress removing ms-sendmail init output
08/28/2017 Changes in v5.0.6-4
==================================
- Fixes and enhancements for ms-update-phishing
- Remove execute bit on systemd files
- Return code check added for ms-init during service reload
- Update documentation
- Add ms_cron_ps_restart to /etc/MailScanner/defaults
08/20/2017 Changes in v5.0.6-3
==================================
- New phishing sites update script
- Unattended install options for debian build
- Fix for exim queue processing
- ms-init fixes
- Fix debian not installing sendmail
- Fix SuSE not installing packages via zypper
- Suppress freshclam error output during install
- Fix missing libbz2-devel package on suse builds
- Fix MailScanner.conf not getting updated and merged
07/24/2017 Changes in v5.0.6-2
==================================
- Bring Spam List documentation in line with current
spam.lists.conf.
- Fix typo in sender.filename.report.txt (fr)
- Better systemd detection
- Prevent ms-init from mistaking itself as a MailScanner process
07/16/2017 Changes in v5.0.6-1
==================================
- Updated ms-update-bad-sites to quiet curl and wget
- Updated ms-update-safe-sites to quiet curl and wget
- Fix race condition in ms-init during restart
- Add systemd support for ms-init using ms-systemd script
- Add ms-sendmail-init script to correctly start sendmail
for mailscanner on init for RHEL based systems
- Add ms-sendmail, ms-sendmail-in, and ms-sendmail-out systemd
support scripts on RHEL based systems
- Update build scripts for systemd support
04/08/2017 Changes in v5.0.5-1
==================================
- updated SweepContent.pm to allow application/ld+json scripts
when Allow Script Tags = no in Dangerous Content Scanning
- Updated Postfix.pm and PFDiskStore.pm to use long queue IDs - issue #34
- Updated Postfix.pm to work with both FIFO and UNIX pipes
- rar fix to allow spaces in file names
- removed some unneeded packages from ms-perl-check
- fix for HTML tag is split across multiple lines - issue #43
- unrar fix - issue #33
- added rblspamreport to reports - issue #45
- update logging for all spam actions taken - issue #36
- increased free disk space check from 100k to 10m - issue #40
- removed re2c conf item in defaults - not used
- updated InPhishingWhitelist and InPhishingBlacklist to not check host.*
as it is incompatible with the current structure
11/10/2016 Changes in v5.0.4-4
==================================
- updated RHEL/Debian/SuSE install scripts
- updated cron job scripts
- updated init script
- changed Debian upstart from 80/20 to 80/80
- updated RHEL packages in install.sh
- updated SuSE packages in install.sh
- Postfix double scan during custom fix
- fixed ms-init and ms-check
- fixed ramdisk portion of install scripts
- fixed perl module declarations
08/14/2016 Changes in v5.0.3-7
==================================
- updated init script to include a time-wait for pid files during
process reloads and restarts
- updated Message.pm to correctly prepend phishing notices in email
subject
- added avast virus scanner support
- added esets virus scanner support
- added new function InitClamdParser to SweepViruses.pm
- added new function ProcessClamdOutput to SweepViruses.pm
05/23/2016 Changes in v5.0.2-1
==================================
- updated chmod permissions from 0600 to 0660 on work files to address
permission issues with clamd reading header files
05/23/2016 Changes in v5.0.1-2
==================================
- fixed install.sh for ms-upgrade-conf
05/22/2016 Changes in v5.0.1-1
==================================
- added logging of failed HTML disarms to Message.pm
05/13/2016 Changes in v5.0.0-9
==================================
- RHEL installer correction: creation of /etc/mail/spamassassin/mailscanner.cf
- start levels 80 20 set in Debian and RHEL
- ms-sa-update corrected
- errant removal of /usr/lib/MailScanner corrected
- added checks to remove init.d scripts or links pre-install
- added remove to update-rc.d and chkconfig pre-install
- added add to update-rc.d and chkconfig post-install
- corrected missing variable in RHEL install.sh script
- installers refined and updated
04/30/2016 Changes in v5.0.0-1
==================================
- New Release