- The most common/important file formats are recognized based on file
contents, not just file name and MIME-type. Detects WMF files, to
allow reliable blacklisting. Detects when people try to disguise
non-JPEG/GIF/PNG content as such files and defangs such attachments.
- Bug fixed, where disinfection wouldn't result in the modification
count of a message being incremented. Some 3rd party systems rely
on the modification count to determine whether to use the output or
not. This is a critical fix for such systems.
- Improved handling of Yahoo DomainKeys.
- Fixed crash when multiple Content-Transfer-Encoding headers were
present in the same message part.
- Added mailblogger.pl, to the distribution. This program has
nothing to do with security, but uses the MIMEStream parser to
extract images from e-mail and can subsequently generate thumbnails
and re-post both text and images to a web-site, to implement
email-to-www gateway functionality. (E.g. mobile blogging.)
Added zip_policy.pl from Advosys (http://advosys.ca/) to the contrib/
directory, after being invited to do so by Derrick Webber of Advosys.
Added sanitizer.procmail ruleset to contrib/, illustrating how to
implement a quarantine and add custom headers to infected e-mails.
Fixed priority bug in filename detection code, which would in some
cases give higher priority to Content-IDs than it gave to the MIME
filename attributes.
Made the file-name/MIME-type sanity checks configurable (default on)
via. the feat_sane_names variable. Set to 0 to disable.
Added support for scripts which want to pass the name of a detected
infection using the a line "Anomy-FileScan-VirusName: blah" like.
This makes the following new variables available to the file replacement
tempalte:
%VIRUSNAME - Propogated from Anomy-FileScan-VirusName
%SUMMARY - Propogated from Anomy-FileScan-Summary
%DESCRIPTION - Propogated from Anomy-FileScan-Description
This corrects problems, implements and expands on suggestions
(posted here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235352)
by Derrick Hudson (dman at dman13.dyndns.org).
Added system_io_file variable to allow plugging in of custom
replacements for the IO::File module, to facilitate internal FRISK
development.
Fixed a problem with the mime-type auto-detection code which would
corrupt certain messages when feat_log_after was enabled. This
probably also have caused problems in other cases, but so far none have
been reported.
Include the TNEF hooks in Sanitizer in default distribution and made
inclusion of Anomy::TNEFStream "lazy" to save cycles in one-shot modes.
Note that the Anomy::TNEFStream modules still isn't distributed by
default.
Tuned the MIME parser to catch more of the exploits illustrated on
http://testvirus.org/. Also fixed a bug in the position counting. These
two changes combined effect almost all of the test cases (lines containing
pos= and MIME info almost all change).
Added the following options to configure the HTML cleaner (all are off
by default):
feat_html_noexe Disallow links to executables
feat_html_unknown Allow unknown HTML tags
feat_html_paranoid Paranoid HTML Cleaner mode, bans all src= links
and enables feat_html_noexe paranoia as well.
Added code to decrease the odds that attachments with content-IDs
ending in ".com" get mistakenly treated as executables.
Tweaked MIME parsing to catch a few more odd virus-generated messages.
Anomy Sanitizer filters mail messages checking for common exploits and
hostile file attachments. For instance: it can remove attachments,
rename unknown file types, "defang" HTML messages, fix MIME headers,
and call external virus scanners to scan email attachments.
