2007-05-25 Robert M. Stockmann* Added ClamAV 0.90.2 as new VirusScan engine. ClamAV is 100% opensource and free downloadable from : http://www.clamav.net/ see also http://www.clamav.net/doc Make sure to only run clamdscan by querying throught clamd. Running clamscan barebones and standalone is a broken option. 2004-10-29 Robert M. Stockmann * Fixed a bug inside securezip. see http://sourceforge.net/mailarchive/message.php?msg_id=7168947 now changed to : http://sourceforge.net/mailarchive/forum.php?thread_id=3854523&forum_id=37876 but as sadly enough sourceforge.not cannot maintain fixed url's see a cached copy from google here. # diff zipsecure.c.BAK zipsecure.c 281c281 < for( ToCopy=SWAPSHORT(Header->ExtraFieldLength); ToCopy; ToCopy-=i ) { >--- > for( ToCopy=SWAPSHORT(Header->ExtraFieldLength); ToCopy && ! feof(fpin); ToCopy-=i ) { 2002-08-21 Robert M. Stockmann * Added a better MIME scanner. Integrated the munpack MIME handler inside scanmails as a decent MIME unpacker. This means one needs to have mpack installed. mpack can be found from ftp://ftp.andrew.cmu.edu/pub/mpack . This whole issue arised when NAI and Sophos decided to remove MIME support from their commandline scanners like uvscan and sweep. 2000-10-31 Rainer Link * src/scanmails/scanmails.in: lha 1.15 produces some version output, which confuses some MTAs - fixed * amavis/src/scanmails/scanmails.in (Christian Bricart): added version of AMaViS to loging output (improves "helpdesk support" :-)) changed mispelled REC_E_IPIENT to RECIPIENT (quite overdue, doh!) * doc/: amavis.html, amavis.txt: added m4 stuff updated ChangeLog & credits minor modifications * src/scanmails/scanmails.in: fixed some bugs with TNEF handling SFX files are not deleted but instead moved to a special directory as the SFX file itself could be infected by a virus entry improved handling of uuencoded files a bit * README.scanners: Updated * README.sendmail: Added hint for possible problem with users .forward file * src/scanmails/scanmails.in: bugfix: wrong check for tnef files avoided tnef encoding generate notification message if a virus scanner seems to be broken (i.e. an automatic update failed) or report it via syslog * configure.in: fixed a problem with tnef detection check for Sophos IDE directory look first for /etc/sav.conf * FAQ, HINTS, NEWS, TODO: Updated * doc/amavis.html (Christian Bricart): added even more notes about README.* files (marked with "FIXME") * (Christian Bricart): AUTHORS, BUGS, FAQ, HINTS, INSTALL, NEWS, doc/amavis.html: added CVS tags * Released 0.2.1 2000-09-23 Rainer Link * README.scanners: Updated for Sophos sweep 3.37. Added update scripts provided by AMaViS users added section "return codes" (cut&paste out of scanmails.in) * README.exim: fixed some typos * README.sendmail: added example configuration for sendmail 8.11 * README.reformime: Updated * README.postfix: Updated * doc/: amavis.html, amavis.txt: * updated (broken?) links so far * documentation does not actually match 0.2.1, yet * still on TODO: - describe links provided - add to "in the press" - fix all that is still missing - point to various README.* * doc/amavis.png: new logo in PNG format * doc/amavis.gif: replaced amavis.gif with amavis.png this image does no longer contain a version number * configure.in: bugfix: AvpDaemonTst was not detected by configure configure stopps if the "file" binary is not installed Added hint to read README.metamail/README.reformime if neither metamail nor reformime is installed added check if metamail 1.0 or below is used * src/scanmails/scanmails.in: improved detection for uuencoded mails (if send inline) moved information about return values for the used scanners (moved to README.scanners) improved unpacking stuff a bit extract uuencoded file(s) if send inline improved handling of self-extracting files a bit improved handling of uuencoded files a bit check the return value of AvpDaemonClient for 4 and 5 fixed a minor issue with postfix Added -i to sendmail relay and postfix when delivering back the eMail to avoid potential mail loss improved postfix support * NEWS: updated * README: updated to release 0.2.1-pre3 * Released 0.2.1-pre3 2000-07-30 Rainer Link * configure.in: small cosmetic change (an asterisk was missing) PKG_VERSION changed to 0.2.1-pre2 PGK_REL_DATE changed to 2000-07-30 * src/scanmails/scanmails.in: removed the comment sign before "export SAV_IDE=@sophos_ide@ added -B -Y to AVP/Linux command line to skip boot sector test and to skip all dialogs * README.scanners: added hint how to avoid "log flooding" by AVP/Linux * README: updated to release 0.2.1-pre2 * NEWS: Updated * Released 0.2.1-pre2 2000-07-29 Rainer Link * configure.in: fixed a severe bug: in most cased, if metamail was used, the generated scanmails script uses the run-time switches for reformime. So no splitting of mails could be done improved the dection if the binary sweep is really Sophos Sweep new flag --with-sophos-ide, which points to to the directory where Sophos IDE files are installed (note: this currently has no function in scanmails) configure shows now, for which MTA AMaViS was configured to avoid confusion if on a system two ore even more MTAs are installed * src/scanmails/scanmails.in: the path to Sophos Sweep IDE files will be set now by configure. Currently this stuff is commented out. * INSTALL: Added configure flag --with-sophos-ide 2000-07-27 Rainer Link * updated README.metamail * added README.reformime * configure.in: give a warning, if reformime is used as reformime 1.0 and below contains a severe bug. * Makefile.am: added README.reformime to EXTRA_DIST * IMPORTANT: this is mainly a SECURITY release to fix problems with metamail and reformime. Again, please read README.metamail and README.reformime! Please read http://amavis.org/asa-2000-1.txt and http://amavis.org/asa-2000-2.txt, too. * NOTE: due to security problems mentioned above, we released it quite in a hury. So things *may* be broken, but it's rather unlikely. * Released 0.2.1-pre1 2000-07-22 Rainer Link * re-enabled zoo support * check, if tnef either supports -d or -x to extract a TNEF encoded file to a specific directory as tnef from SuSE uses -x * configure.in: added a second warning, if metamail is used * configure.in: --with-maxlevel, specifies the maximum deepth of recursive unpacking process (default is 20) * configure.in: --enable-virusbackup, specifies if an infected mail is moved to the quarantine directory (default is yes) * Makefile.am: added README.metamail to EXTRA_DIST * added README.metamail * updated AUTHORS 2000-07-04 Rainer Link * fixed a possible security hole with TNEF files (if AMaViS is run as root) * disabled handling of zoo files for security reasons (no time to write a zoo wraper like securezoo - any volunteers?) * metamail can not handle MIME multipart/alternative messages - I advise to use the tool reformime from the maildrop package instead (http://www.flounder.net/~mrsam/maildrop/) otherwise it *may* be possible that some Internet worms (i.e. the KAKworm) is not detected configure checks now for reformime first, this means if metamail and reformime are installed, reformime is used * configure yells now, if procmail is not installed but needed (procmail is not always needed) * checkaccount should now be platform-independent * updated BUGS, README.sendmail and README.exim * NOTE: this version wasn't well tested, so stuff may be broken! 2000-06-19 Lars Hecking * Makefile.am: Add README.exim, README.postfix, README.qmail, README.scanners, and README.sendmail to EXTRA_DIST. * src/Makefile.am: New distclean-local target to remove rspawnmsg/Makefile if present. 2000-06-12 Rainer Link * logging to syslog is done now with the PID of the scanmails script and not with the PID of logger (from Andreas Siegert) * specific to sendmail relay config: if $sender is empty, sendmail is called without -f * added support for postfix (NOT TESTED, based on a patch from Stephan Mueller) * if virus was found/not found is now logged via syslog, too * updated README.sendmail: added solution, if newaliases yells with an error * updated README.scanners, INSTALL and README * updated AUTHORS 2000-06-03 Rainer Link * updated README files * updated INSTALL file (explains now all AMaViS specific configure flags) * added support for TNEF files * bugfix: self-extracting files are now handled correctly * added support for CAI InoculateIT * new concept for scanning incoming, outgoing and relayed mail with sendmail (--enable-relay) 2000-05-30 Lars Hecking * Import all versions of amavis-0.2.0-pre6-* into the cvs repository at SourceForge. * Remove all non-distribution files. * configure.in: Add checks for sizeof unsigned short, int, long. * src/Makefile.am: Chnge SUBDIRS logic to fix 'make dist'. * src/zipsecure/zipsecure.c: Import latest version by Juergen Quade. Make it compile on Solaris. 2000-04-18 Rainer Link * improved example config for scanning outgoing mails in README.exim * if notification/virus report is send to admin, sender and receiver(s) is now configurable * the command line options for the used scanners are now configurable at the beginning of the scanmails script * bugfix (qmail only): bounce messages get lost * bugfix in configure script (usingexim was set to "yes", although only sendmail was installed) * some cleanup of configure script * assigned release name AMaViS-0.2.0-pre6-clm-rl-8 2000-03-29 Rainer Link * bugfix: configure sets $eximdir not correctly * bugfix: header is now shown in the notification message to sender * example config for scanning outgoing mails in README.exim * Thanks to John Burnham for his contribution and bug report * assigned bug fix relase name AMaViS-0.2.0-pre6-clm-rl-7 2000-03-25 Rainer Link * added support for MTA exim (see README.exim) Note: the exim support is on a early stage * configure searches now for AvpDaemonClient and AvpDaemonTst * assigned relase name AMaViS-0.2.0-pre6-clm-rl-6 2000-01-28 Chris Mason * From Rainer Link: added support for vfind * autoconf now bails if metamail not found * changed "file" command to be brief, prevents ways to avoid detection 1999-12-23 Chris Mason * added autoconf check for qmail * simplified MTA checks * hacked scanmails script to work with qmail-local * fixed bug in scanning loop from previous version 1999-12-19 Chris Mason * added fixes for filenames with spaces, quotes, etc. * assigned temporary release name of 0.2.0-pre6-clm-rl-3 1999-12-19 Chris Mason * fixed x_headers under qmail * simplified local delivery * assigned temporary release name of 0.2.0-pre6-clm-rl-2 1999-12-19 Rainer Link * bugfix of AVP call * added support for KasperskyLab AvpDaemon(Client), F-Secure AntiVirus and Trend Micro FileScanner * assigned temporary release name of 0.2.0-pre6-clm-rl to differentiate 1999-12-17 Chris Mason * a number of changes to increase qmail compatibility * add a small hacky program (rspawnmsg) to talk to qmail-rspawn * autoconf support for checking big-endian/little-endian * autoconf checks for grep quiet arguments * autoconf check to see if uudecode needs -p or -o * cleanup of automake files (had to remove "securetar" and "zipsecure" definitions as they were conflicting with automake names. They will always be installed now. See QMAIL automake conditional for other ways to change this behaviour.) * fixed many of the archiver options and added more error checking * changed loop logic to increase performance * assigned temporary release name of 0.2.0-pre6-clm to differentiate 1999-07-20 Christian Bricart * changed: root exploit fix uses "sed", latest fix seems to run under Bash2 only * fixed: misplaced "fi" to end an "if" caused mail loops * changed: default X-Header String * changed: syslog logging with PID (switch "-i") * Released 0.2.0-pre6 1999-07-17 Christian Bricart * fixed possible exploit published on BugTraq (http://www.securityfocus.com/) * fixed AC_PATH_PROGS(..) in configure.in * cosmetic changes * Released 0.2.0-pre5 1999-05-19 Christian Bricart * changed: NAI uvscan call in "scanmails" now should work with both v3.x and v4.x engine * added: version detection of NAI uvscan in "configure". * added: uvscan version dependend return code handling and command line syntax in "scanmails" * added: perform a check for "metamail" before do anything 1999-05-03 Christian Bricart * changed: Path to "uvscan" in "scanmails" now trailing usual comment block 1999-04-30 Christian Bricart * added: AVP integration (have not been able to test it, yet) (based on contribution from: TorstenEymann ) 1999-04-09 Christian Bricart * fixed: detection of correct Sophos sweep in configure.in (from Wouter Wolkers ) 1999-04-06 Christian Bricart * changed: return code detection of Spohos "sweep" 1999-04-01 Christian Bricart * added: header rewriting with "formail" if installed (part of the "procmail" package) adding some "X-"headers configurable with configure option: --enable-x-header=[YES|no] * fixed: Typo in detection of securetar in configure.in 1999-03-31 Christian Bricart * fixed: (silly bug) "if [ -x ${prog} ]" always true when $prog=(empty) check now for empty path first (thanks to Marcos Tadeu for reporting this) * added: if there is no program for delivery, mail is dumped to /var/tmp/dead.letter.${pid} * updated: FAQ * Released 0.2.0-pre4 1999-03-30 Christian Bricart * fixed: bzip[2] detection still unfixed (reported by Marcos Tadeu --> fixed now 1999-03-29 Christian Bricart * added: Sophos Sweep scanner support (untested contribution by Wouter Wolkers ) * added: unattaching self-extracting .EXE files (PK, RAR, LHA) ZOO archive handling ARC archive handling Freeze archive handling (contributed by Stefan Dreyer ) * fixed: There are some .exe files that have "begin 644" in them and were probed as uuencoded attachments -> fixed (reported by Fabrice Prigent ) * updated: doc/amavis.[html|txt] * removed: AMaViS-Mailer specification -> wasn't ready, yet It's still in tarball, but not used. DO NOT USE IT! * Released 0.2.0-pre3 1999-03-11 Christian Bricart * updated the src/sendmail/mailer/amavis.m4.in 1999-03-08 Christian Bricart * added new "configure" options: --enable-logging=[yes/no] => general logging enable --enable-syslog=[yes/no] => logging via syslog --with-syslog-level=FAC.LVL => facility & level in syslog --with-logdir=DIRECTORY => changes directory for logfile --with-virusdir=DIRECTORY => changes location of infected mails --with-mailto=[USER | EMAIL] => person to mail reports to * added src/scanmails/checkaccount as an install-exec-hook looks if mail account of --with-mailto=... exists, if not creates it * some cleanup in "configure.in" 1999-03-05 Christian Bricart * changed directory structure in tarball: subdirectories are now in "src" changed: "Makefile.am" added: "Makefile.am" in every subdirectory * added: acconfig.h * added: "src/sendmail/mailer/mailer.m4.in" should install as new mailer macro for sendmail (first steps done) Automake sets "scanmails" install path in resulting "mailer.m4" * configure.in: added: PKG_REL_DATE (release date for use in sendmail's .mc-file) added: MTA detection for sendmail and qmail added: overview of configured options after "./configure" deleted: old (already commented out) detection of sendmail in favour of new detection deleted: obsolete (already commented out) "nobody" workaround deleted: warning message after "./configure" changed: checks from AC_PATH_PROG to AC_PATH_PROGS changed: $(prefix) handling. everything is installed under $(prefix)/[s]bin, except when configure detects an former installation (securetar, zipsecure), changed: AC_OUTPUT(...) to match new directories * src/scanmails/scanmails.in changed: copyright notice (to 1996..99) ;-) * splitted FAQ and BUGS in two files. Left FAQ still empty 1999-02-26 Christian Bricart * new versions of /etc/macic report bzip2 compressed files as "bzip2 compressed data" not "bzip compressed" --> fixed 1999-02-25 Christian Bricart * released 0.2.0-pre2 * fixed possible loops while uncomressing archives * zipsecure and securetar as ${prefix}/bin/.. not /usr/bin * added hyphen in front of 'pre' in name of tarball (now conform to GNU package naming scheme) 1998-12-08 Christian Bricart * released 0.2.0pre1 due to multiple requests * added multiple "dnl" in configure.in for PRE-release. Actually "make install" does not work * updated TODO * added BUGS 1998-12-07 Christian Bricart * fixed problem with gziped attachments not named .gz 1998-16-11 Christian Bricart * fixed possible recursive loop in find command line (thanks to Ico Doornekamp for reporting this bug) 1998-08-19 Christian Bricart * added unARJ & LHArc support (thanks to Maik Voege for contribution) 1998-08-03 Christian Bricart * "configure" now again creates new sendmail.cf for later install 1998-07-30 Christian Bricart * configuration changed to GNU autoconfig * divided package into subdirectories * "securetar" & "zipsecure" part of distribution * removed "su"-workaround in favour of "securetar" & "zipsecure", didn't work in newer (>8.8.5) sendmails anyway as scripts invoked are now executed under UID of recipient who may not change UID to "nobody" without supplying valid password * H+BEDV AntiVir/X support added, exit-status stored in $scanstatus0 * $virusmailsdir changed to "/root/mailvirus" * added: feature syslogd support to proority "mail.info" * added: missing tools (tar, unzip, unrar .. ) are now reported to logfile (idea: should be reported to syslog too) * added: .bz2 (b[un]zip2) compression handling * added: .rar (RAR) compression handling (as proposed in 0.1.x) * added: final changedir to /var/tmp before cleaning up * changed: $tmpdir to "/var/tmp/${scanscriptname}$$" * changed: $progname into $scanscriptname="scanmails" 1998-05-10 Chistian Bricart * changed home-URL to http://www.aachalon.de/AMaViS/ 1998-03-08 Juergen Quade * zipsecure: first release (no version) 1998-01-31 Juergen Quade * securetar: released 1.3 1998-01-29 Christian Bricart * added: chown of ${tmpdir}/unpacked to "nobody" (bug report from Mogens Kjaer) * fixed: spelling bug of ${tmpdir} (was: ${tempdir} ) 1998-01-28 Christian Bricart * released AMaViS 0.1.1 * untar and unzip is now done by user "nobody" (security fix) * ${virusmaildir} (default: /root/virus) is now craeted if not exists * logfile is now REALLY created in specified log-directory 1998-01-17 Christian Bricart * released AMaViS 0.1.0 * first release to public * assigned a package name "AMaViS - A Mail Virus Scanner" * package maintenance assigned to Christian Bricart with official email adress amavis@aachalon.de and official Website at http://satan.oih.rwth-aachen.de/AMaViS * minor recoding of scanmails * installation enhancements (install.sh) <=1997 Juergen Quade * modifications to scanmails * support of McAffee's "uvscan" Mogens Kjaer * original code * support of DrSolomon's Antivirus-Kit for SCO