summaryrefslogtreecommitdiff
path: root/security/amavisd-new
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2005-02-01 17:39:24 +0000
committerwiz <wiz@pkgsrc.org>2005-02-01 17:39:24 +0000
commit552f4e9088998513b3c64e50c2f107141835f863 (patch)
tree7ecb363e67c7841819882447824c0f14330d86e2 /security/amavisd-new
parent482a12dee5453c77e1562f59f81645668436ba6b (diff)
downloadpkgsrc-552f4e9088998513b3c64e50c2f107141835f863.tar.gz
Update to 2.2.1, provided by the maintainer, Julian Dunn, in PR 29183.
Release notes: December 22, 2004 amavisd-new-2.2.1 release notes SECURITY: - add support for the pax(1) archive decoder, which can handle tar/cpio/pax archives (including legacy format variants). Due to limitations in cpio (and in Archive::Tar), for security reasons it is preferred to decode such archives with pax and no longer with cpio; please add a line: $pax = 'pax'; to amavisd.conf and verify that the program pax is installed on the system (and in the jail if running in chroot); - perform additional tests at startup time on the proper protection of the configuration file; - add file name extensions wmf, emf and grp to the example list of banned extension, according to recent Microsoft security bulletins; suggested by Stephane Lentz; - introduces 'clean but inconclusive' av scanner result to avoid a specialized or quick partial av scanner like jpeg checker to claim mail is clean when all other general purpose av scanners fail (see below); INCOMPATIBILITY: - removed some legacy $*_ldap variables, as they are no longer needed; These variables were still declared but ignored in 2.2.0 for compatibility with older amavisd.conf files. Such variables need to be removed from the amavisd.conf if they are still present there from older versions, otherwise Perl will complain with 'Global symbol ... requires explicit package name"; OTHER FIXES: - files_to_scan and decompose_mail are now able to remove unexpected directories which may have been left behind by some failed decoding and were causing temporary failures and mail delivery retries; error recovery problem after failed unarj reported by Ralf Hildebrandt; - error recovery code in files_to_scan and rmdir_recursively now tries to change protection on directories and files, and retry if the first attempt to access them fails because of denied permission; - pre-load some additional Perl modules needed by SA when running in chroot; - add module Net::LDAP::Search to a list of pre-fetched modules; omission pointed out by Paul Jacobson; - when quarantining is disabled by keeping $QUARANTINEDIR undefined, the log entry and administrator notification message inappropriately suggested that mail was quarantined, which in fact (appropriately) it was not. Setting $QUARANTINEDIR='' did work as expected. Reported by Sascha Lucas; - avoid the use of Encode::is_utf8 due to a Perl bug (still present in 5.8.5) where Encode::is_utf8 on tainted utf8 character string produces false; - modify safe_encode() to guarantee the result is a string of octets, not a string of UTF-8 characters; it saves some unnecessary work in further processing and keeps MIME::Entity from UTF swamp when running in chroot; problem pointed out by Branko F. Gracnar; - avoid braindead Perl default where an empty regexp implies the last successfully matched regexp, which (if not being very careful) brings in some completely unrelated last-executed regular expression; - change kill 'TERM' into kill 'KILL' when a forked process within run_command and run_command_consumer gets into deep trouble, to avoid exit handlers being invoked in the subprocess (which could lead to two processes trying to clean the same set of temporary files); - in an old sendmail setup using the amavis(.c) helper program without LDA arguments, avoid inappropriate warning: "WARN: no recips left (forgot to set $forward_method=undef using milter?) and return status 0 instead of 99 when message is to be blocked, as the helper program amavis(.c) does not recognize status 99 in this situation and inappropriately passed it on to sendmail; reported by The Mindflayer; - the @bypass_header_checks_maps is now able to also bypass the bad header checks as provided by MIME::Parser; inconsitency reported by CRivera; - avoid some Perl warning messages; thanks to Bill Landry; CHANGES AND MINOR NEW FEATURES: - add configuration variable @newvirus_admin_maps (and $newvirus_admin, along with corresponding SQL field 'newvirus_admin') which works like the existing @virus_admin_maps (and $virus_admin), except that it sends virus administrator notification to specified e-mail address only for newly encountered viruses which have not yet been encountered since the amavisd startup. It makes use of by-virusname counters in the SNMP counters database. If more than one child process starts working on infected message containing a not-yet-accounted-for virus, there might be more than one 'first time' notification, this is not a malfunction. Both the @newvirus_admin_maps and the @virus_admin_maps may be enabled, each (possibly both) would receive their notifications as appropriate. A useful setting is to globally enable only the new virus notifications, and additionally enable _all_ administrator notifications for internally originating mail only (by the use of policy banks); - provide separate configuration variables @banned_admin_maps and @bad_header_admin_maps, along with corresponding SQL fields 'banned_admin' and 'bad_header_admin'; their function was previously covered by @virus_admin_maps, which now only still controls administrator notifications in case of viruses; - introduces 'clean but inconclusive' av scanner result to avoid a specialized or quick partial av scanner like jpeg checker to claim mail is clean when all other general purpose av scanners fail: in av scanner entries (lists @av_scanners and @av_scanners_backup) give an extended meaning to undefined fourth argument (the 'match for clean' list or regexp). The interpretation of the fourth argument is now: 4. an array ref of av scanner exit status values, or a regexp (to be matched against scanner output), indicating NO VIRUSES found; a special case is a value undef, which does not claim file to be clean (i.e. it never matches, similar to []), but suppresses a failure warning; to be used when the result is inconclusive (useful for specialized and quick partial scanners such as jpeg checker); Also modified example jpeg checker entry in amavisd.conf accordingly. - NOD32 av scanner: changed @av_scanners entry to match the new version of the scanner; thanks to Nejc Skoberne; - added @av_scanners entry for File::Scan; - when preparing a SQL SELECT clause for white/blacklisting lookup, take into account a relative position of ? and %k in the $sql_select_white_black_list template to improve flexibility of specifying the clause; suggested by Matt Petteys; - reduce the log level of some more common and harmless log messages; - macro %p and the log entry now reports full policy bank path, not just the last loaded policy bank name; - added LDAP attributes amavisWarnVirusRecip, amavisWarnBannedRecip, and amavisWarnBadHeaderRecip; by Joel Nimety and Michael Hall; - renamed LDAP attribute name amavisSpamModifiesSubject to amavisSpamModifiesSubj in order to match the documented LDAP schema; noticed by Kees Bos, patch by Michael Hall; - add support for ripOLE decoder, which attempt to extract embedded documents from MS OLE documents (MS Office) (http://www.pldaniels.com/ripole/, by Paul L Daniels)); ripOLE is still experimental/alpha code; To be make amavisd-new find the installed program 'ripole', add the: $ripole = 'ripole'; to the amavisd.conf; suggested by David Wilson and Noel Jones; - allow multiple occurrences of command line option: -c config_file and execute the provided configuration files one after the other; based on a subset of functionality provided as a patch by Davor Ocelic; - a slight improvement (in default $map_full_type_to_short_type_re) in classifying mpeg and some other multimedia files; - several minor code cleanups; - add a recommendation by Daniel J McDonald to a documentation file INSTALL: If different UID is preferred for an AV scanner, a solution for ClamAV is to add user clamav to the amavis group, and then add AllowSupplementaryGroups to clamd.conf; - enclosed a simple demonstrational Perl program amavis.pl, which is functionally much like the amavis.c helper program, but talks the new AM.PDP protocol with the amavisd daemon. See README.protocol for the description of AM.PDP protocol. To be placed in amavisd.conf: $protocol='AM.PDP'; $unix_socketname='/var/amavis/amavisd.sock'; Usage: amavis.pl sender recip1 recip2 ... < message.txt - documentation updates;
Diffstat (limited to 'security/amavisd-new')
-rw-r--r--security/amavisd-new/Makefile5
-rw-r--r--security/amavisd-new/distinfo6
2 files changed, 5 insertions, 6 deletions
diff --git a/security/amavisd-new/Makefile b/security/amavisd-new/Makefile
index fc3f774dbce..fdfe7a3419d 100644
--- a/security/amavisd-new/Makefile
+++ b/security/amavisd-new/Makefile
@@ -1,15 +1,14 @@
-# $NetBSD: Makefile,v 1.4 2004/12/28 02:47:48 reed Exp $
+# $NetBSD: Makefile,v 1.5 2005/02/01 17:39:24 wiz Exp $
DISTNAME= amavisd-new-${VERSION}${PATCHLEVEL}
PKGNAME= amavisd-new-${VERSION}${PATCHLEVEL:S/-//}
-PKGREVISION= 1
CATEGORIES= security mail
MASTER_SITES= http://www.ijs.si/software/amavisd/ \
http://mirrors.catpipe.net/amavisd-new/ \
http://ftp.cfu.net/pub/amavisd-new/ \
ftp://ftp.cfu.net/pub/amavisd-new/
-VERSION= 2.2.0
+VERSION= 2.2.1
PATCHLEVEL= # empty
MAINTAINER= jdunn@aquezada.com
diff --git a/security/amavisd-new/distinfo b/security/amavisd-new/distinfo
index bd6dbf613c9..65c9f20f303 100644
--- a/security/amavisd-new/distinfo
+++ b/security/amavisd-new/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.2 2004/11/28 23:31:49 wiz Exp $
+$NetBSD: distinfo,v 1.3 2005/02/01 17:39:24 wiz Exp $
-SHA1 (amavisd-new-2.2.0.tar.gz) = b40385707ed635346278e0e8f63fbc1371381477
-Size (amavisd-new-2.2.0.tar.gz) = 586935 bytes
+SHA1 (amavisd-new-2.2.1.tar.gz) = e7624364c52c450d9d92784c1c7395c524be253a
+Size (amavisd-new-2.2.1.tar.gz) = 741461 bytes
SHA1 (patch-aa) = 30a62b2e8954bcb5b106a9715f1e64837065fbe0