qmailのウイルススキャナ qmail-scannerが 1.25から2.00に大きくどかーんとバージョンアップ。ChangeLogもすげー長いッス。

　とはいえ、これをいきなり1.25で実運用しているメールサーバにあてるのはかなり勇気がいる。…というか、怖くてできないので別サーバをたててこじんまりと試してみたいと思います。

　個人的にはqmail-scannerが軽くなってると嬉しいけど、たぶんそれはないでしょうね…。

ChangeLog

2.00 20/Mar/2006

* cleanup: removed "virusdir" option

* Changed uudecode perm to 0640

* Updated nod32 - thanks to Max Kellermann

* Added 30sec timeout to calls to spamc. i.e. spamc will exit without
knowing the score of a piece of mail if spamd takes more than 30sec
to respond. This should cut down on silly amounts of time being spent
dealing with DNS timeouts/etc, without making SA miss anything it
would have caught before.

* Refer to logrotate script in contrib/ directory which can be used to
perform "housekeeping" duties for Q-S


2.00rc1 23/Jan/2006

* Big version jump from 1.25 to 2.00 to reflect some of the changes
that have take place.

* NAME CHANGE.
The spool directory into which Qmail-Scanner is installed is now
/var/spool/qscand. This is to reflect (or force ;-) that you need
to re-evaluate all your settings as some pretty fundamental changes
have been made

* NAME CHANGE.
quarantine-attachments.txt has been renamed quarantine-events.txt as
it is used to quarantine more than just attachments, and the format
of that file has been changed.

* NEW FEATURE.
Quarantine directory is now separated into THREE subdirs: "spam",
"viruses" and "policy". This is so sites can arrange different auto-delete
jobs to control the size of these areas if they so wish. See below
for more details

* NEW FEATURE.
Starting to include concepts from Salvatore Toribio
"st" patch to add spam quarantining features to Q-S. If you
set "--sa-quarantine X" (where "X" is a positive number), then
if SA tags a message as having a score higher than "required_hits"
plus "X", that message will be quarantined into a new
maildir "./spam/" and not delivered to the end-user (also
no-one is notified). e.g. for "--sa-quarantine 5", a score of
10/5 would cause the message to be quarantined into maildir
"./spam/" instead of being delivered. A message with a score
of 7/5 would be tagged as SPAM and delivered as per older versions. Note
that this is a serious step to take. It means a false match ends up
with no-one being notified and the e-mail effectively
"blackholes". You can use your old Q-S logs of previous
"tagged-only" mail to go through to prove to yourself that the
"sa-quarantine" value you are going to use won't result in
lost e-mail. DISABLED by default

* To go along with the above new feature, the contrib dir contains
"qscan-spam-to-users.pl". A cronjob script designed to move any
high-scoring SPAM out of the "spam" quarantine dir into an
IMAP maildir structure where the recipient of the SPAM gets
their own mail subfolder. This gives a more filtered
way for IS staff to deal with any false positives. You can
log in via IMAP, go to a particular users (sub)mail folder and
see all the high-scoring SPAM sent to them - and forward
any false matches. Hopefully this should never be needed
as SpamAssassin scores over 10/5 should really never be
wrong...

* NEW FEATURE
The "qmail-scanner-queue.pl -z" script has also been updated to
auto-delete messages quarantined under the "quarantine/" maildirs
when they are older than 14 days. This is
to stop these maildirs growing insanely large! You are of course
welcome and encouraged to do something about e-mail in these
folders according to your own timescales if you wish. Simply
have your own cronjob move it into some other area of diskspace
- and then it's your problem to deal with :-)

* NEW FEATURE
A maximum size for scanning (--max-scan-size) can be set. This means
if a message is greater than this size (in bytes), then Q-S won't
run any AV or anti-Spam checks against it. Use with caution and
note that I have hard-wired a minimum value of 10000000 (10M) to
this variable to stop people making stupid mistakes. I am concerned that
virus writers will just start making really large viruses to bypass
systems with such options - so be careful!

* BIG CHANGE
Some features that were hard-wired into the main body of Q-S have
been moved into quarantine-events.txt where they should have been
all along. This makes it possible to change settings without
reconfiguring the main body of qmail-scanner-queue.pl. You will need
to rewrite any rules you had in place within the old
quarantine-attachments.txt into the new format quarantine-events.txt
One of these changes allows you to block zero-length attachments at last
("any" length is now represented by "-1" instead of "0"). LET ME SAY THAT
AGAIN!!! "0" NOW MEANS "0" - IT USED TO MEAN "ANY"!!!!

* BIG CHANGE in definition of times. Previously Q-S "started
the clock" the moment it was invoked, and stopped it when it
finished. Unfortunately that meant that if you were receiving
a large e-mail over a slow link, your Q-S stats would show it
took (let's say) *hours* to "process" the message - when in
fact it took hours to *receive* the message, and 2 seconds to
process. From now on the debug file (qmail-queue.log) will
differentiate between the two, and the per-message syslog reports
generated will contain a timestamp of how long the message took to
process i.e. - ***once it had been delivered to disk*** This will
make Q-S look faster than it did before - faster and more
correct IMO. Thanks go to a ratty old hub for making me realise how bad
the stats could look (I had some *8* hour deliveries... ;-)

* Changed setuid to 6755 - ie it's now setuid and setgid. Forcing all files to
be group qscand will allow those who wish to do so to keep their AV daemons
running as other accounts. They just need to ensure those daemons are members
of the qscand group - and as such should be able to read the necessary files.
e.g. clamd could run as "clamav", but as long as account "clamav" is a member
of group "qscand", clamd is able to read the mail enough to scan it

* Changed regex-matching in quarantine-events.txt to be case-*insensitive*
instead of case-sensitive. It was causing too much confusion.

* Added new monitor script to contrib dir - check_AV_daemons.
This perl script can be used to monitor that your daemonized
AV system (and SpamAssassin too!) is running correctly.
"perldoc contrib/check_AV_daemons" for details

* Added extra alarm on writing to syslog to stop Qmail-Scanner hanging waiting for a broken
syslog daemon to respond.

* Act like RELAYCLIENT is set if qmail-scanner called via pipe instead of SMTP. This makes it more
consistant with other Qmail apps - e.g a call to qmail-inject is equivalent to a local SMTP
connection. All this does is disable calling SA. If you want SA to be called (maybe this is
being called by a Web app), then just set QS_SPAMASSASSIN=1 in your environment. Note that I've
also changed the documentation to refer to QS_SPAMASSASSIN=1 instead of QS_SPAMASSASSIN=on
- think boolean.

* Added support for "greylisting"-style policy blocks. Instead of blocking and quarantining
an email, you can configure a Perlscan rule to trigger a SMTP temporary failure. This is
meant for emergency situaions where your current AV is being hit by a Day-Zero using some
attachment type you cannot afford to just blanket block. e.g. ZIP files. With the "greylisted"
option, you can tell Q-S to exit with a temp failure whenever such mails show up - which will
cause legitimate mail to simply requeue at the other end. Then when your AV is able to detect
the virus, you can remove the rule, and all that legitimate mail that was being blocked should
flow through again (assuming you don't have the rule in place for days of course!). Greylisted
events show up in logging as "Perlscan:Greylisted". Note: this is NOT "recipient greylisting"
- offers accepted for a better word...

* Localized the "$destring" at last. Can other languages that are supported
please send in translations for the "destring_*" files?

* Added support for AVG Antivirus from GrisSoft. Thanks to Jaroslav Suchanek

* Change to the Kaspersky avp scanner to allow corrupt attachments through

* Added support for decoding encoded attachment filenames and Subject: headers
by calling MIME::Base64. Now that's been done, you must reference "normalized"
filenames or strings in quarantine-attachments.txt and Q-S will catch them
even if they are encoded. Enabled by default, but as I'm not sure
how many bad implementations of MIME encoding there are, it can be disabled. Disable
via the "--normalize 0" ./configure option - and tell me if it starts blocking
valid mail... I am also concerned about people running broken syslog servers, and
how they handle 8bit chars showing up. Please keep an eye on this feature.


* Just noticed that Q-S spamassassin tagging was still reporting
SA scores as "hits=xx" instead of SA's official "score=xx". Fixed

* Fix to MacAfee scanner - well - kludge really. Thanks to
Beni Schoedler for spotting it.

* If you use "--add-dscr-hdrs", this will only be set on e-mails
that came from *non* relayed addresses. e.g mail from the Internet
to your site will have the headers added, but mail leaving your site
won't. This should make it safer (from a privacy perspective) to
enable

* Presence of DomainKeys signing added to report if "--log-crypto" enabled

* Now treat the presense of URLs in even text-only e-mails as enough
reason to run AV modules. This will mean that quite a lot of extra
text-only e-mail gets scanned - but is needed to thoroughly allow
Phishing attacks to be caught (most [all?] are currently HTML and
were scanned anyway - but they'll figure this out shortly...).

* Buglet in how the alert syslog records were written. They contained
details of the actual virus e-mail (e.g. IP address) instead
of more correctly reflecting they were locally generated.

* Added check to ensure clamdscan isn't just a link to clamscan
- which some third-party Web sites recommend! Gah! If you want
to run clamdscan - THEN SET UP THE DAEMON PROPERLY. Otherwise
don't - and you'll get clamscan instead (at 100th the performance)
Let me say it again: No-one running ClamAV should be using clamscan.

* Tiny change to configure to better discover if spamd is running
in socket mode - thanks to Renato Botelho

* Changed uudecoding sequence to just use system() instead of pipes as an anonymous
user reported an error on an unknown system that sounds like that OS has issues
with perl pipes (which reminded me of the problem FreeBSD had in 1.24). The code
change should only be cosmetic - but if it solves a problem - I'm all for it!