- The most common/important file formats are recognized based on file
contents, not just file name and MIME-type. Detects WMF files, to
allow reliable blacklisting. Detects when people try to disguise
non-JPEG/GIF/PNG content as such files and defangs such attachments.
- Bug fixed, where disinfection wouldn't result in the modification
count of a message being incremented. Some 3rd party systems rely
on the modification count to determine whether to use the output or
not. This is a critical fix for such systems.
- Improved handling of Yahoo DomainKeys.
- Fixed crash when multiple Content-Transfer-Encoding headers were
present in the same message part.
- Added mailblogger.pl, to the distribution. This program has
nothing to do with security, but uses the MIMEStream parser to
extract images from e-mail and can subsequently generate thumbnails
and re-post both text and images to a web-site, to implement
email-to-www gateway functionality. (E.g. mobile blogging.)
Added zip_policy.pl from Advosys (http://advosys.ca/) to the contrib/
directory, after being invited to do so by Derrick Webber of Advosys.
Added sanitizer.procmail ruleset to contrib/, illustrating how to
implement a quarantine and add custom headers to infected e-mails.
Fixed priority bug in filename detection code, which would in some
cases give higher priority to Content-IDs than it gave to the MIME
filename attributes.
Made the file-name/MIME-type sanity checks configurable (default on)
via. the feat_sane_names variable. Set to 0 to disable.
Added support for scripts which want to pass the name of a detected
infection using the a line "Anomy-FileScan-VirusName: blah" like.
This makes the following new variables available to the file replacement
tempalte:
%VIRUSNAME - Propogated from Anomy-FileScan-VirusName
%SUMMARY - Propogated from Anomy-FileScan-Summary
%DESCRIPTION - Propogated from Anomy-FileScan-Description
This corrects problems, implements and expands on suggestions
(posted here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235352)
by Derrick Hudson (dman at dman13.dyndns.org).
Added system_io_file variable to allow plugging in of custom
replacements for the IO::File module, to facilitate internal FRISK
development.
Fixed a problem with the mime-type auto-detection code which would
corrupt certain messages when feat_log_after was enabled. This
probably also have caused problems in other cases, but so far none have
been reported.
Include the TNEF hooks in Sanitizer in default distribution and made
inclusion of Anomy::TNEFStream "lazy" to save cycles in one-shot modes.
Note that the Anomy::TNEFStream modules still isn't distributed by
default.
Tuned the MIME parser to catch more of the exploits illustrated on
http://testvirus.org/. Also fixed a bug in the position counting. These
two changes combined effect almost all of the test cases (lines containing
pos= and MIME info almost all change).
Added the following options to configure the HTML cleaner (all are off
by default):
feat_html_noexe Disallow links to executables
feat_html_unknown Allow unknown HTML tags
feat_html_paranoid Paranoid HTML Cleaner mode, bans all src= links
and enables feat_html_noexe paranoia as well.
Added code to decrease the odds that attachments with content-IDs
ending in ".com" get mistakenly treated as executables.
Tweaked MIME parsing to catch a few more odd virus-generated messages.
- fix issue with "all mail gets deleted", which was caused by looking at
Content-ID for filenames (new feature in 1.61); this resulted in mail
from ".com" domains to be considered ".com" attachments (patch-aa)
- fixes "PDF corruption problem" (1.64)
Changes include some improvements to the file detection mechanism,
interface to the f-prot virus scanner as well as quite a lot of bug
fixes. Note: the last pkgsrc version was from over 1.5 years ago.
Minor update to MIME type checking rules, to allow more legal MIME
types.
Made the multipart detection code less aggressive, in small text
messages it would mistake common ascii-graphic signatures for message
boundaries and mess up the parsing quite badly.
Made the filename checker check ALL possible file names against
each rule, instead of just checking the "default" one. If
feat_mime_files is set, then the default file-name for that mime
type will be checked as well. This is a major improvement to
security, but requires that filename rules are ordered so that
that all DROP/DEFANG/MANGLE rules precede any ACCEPT rules.
Made the sanitizer read /etc/mime.types (if it exists) to generate a
more complete list of default filenames for unnamed parts.
Anomy Sanitizer filters mail messages checking for common exploits and
hostile file attachments. For instance: it can remove attachments,
rename unknown file types, "defang" HTML messages, fix MIME headers,
and call external virus scanners to scan email attachments.
