Release 2.67 adds the following features since 2.65 (there was no public
2.66 release):
* The ability for mimedefang-multiplexor to use poll rather than select.
This removes the FD_SETSIZE limit on the number of file descriptors
the multiplexor can handle.
* Support for FPROTD version 6 daemonized virus scanner.
2.65
There is only one change since 2.64: An error in the way the embedded
perl interpreter was initialized has been fixed. This fixes problems
on the Debian HPPA architecture and possibly others.
2.64
This is a minor bugfix release;
* Add support for NOD32 command-line scanner
* Add support for Sophos "savscan" scanner
Changes since 2.62:
* mimedefang-multiplexor.c: Relax the umask when creating the unprivileged
socket ("-a" command-line option.)
* mimedefang.c(eom): If we do not have a queue ID yet, try to obtain one
in eom. This is designed to improve operation with Postfix, which does
not assign a queue ID until after the first successful RCPT. Based on a
patch from Henrik Krohns.
* examples/init-script.in: Added MD_SKIP_BAD_RCPTS init script option
(suggested by John Nemeth)
* Remove support for OpenAntivirus. It's a dead product.
* mimedefang.pl.in(spam_assassin_status): Call $mail->finish() to prevent
temporary files from accumulating.
* redhat/mimedefang-init.in: Add configtest routine to check filter
syntax.
Changes since 2.61:
* A new "change_sender" action lets you change the envelope sender. Only
works with Sendmail/Milter 8.14.0 and newer!
* Clam interface code has been fixed to work properly with ClamAV 0.90
and later.
* Other minor improvements and bugfixes.
includes patch to work with clamav 0.90 and newer.
Changes since 2.59:
* SECURITY FIX: Versions 2.59 and 2.60 contained a programming error
that could lead to a buffer overflow. This is definitely
exploitable as a denial-of-service attack, and potentially may
allow arbitrary code execution. The bug is fixed in 2.61.
* If a message is going to end up being rejected,
discarded or tempfailed, we don't bother carrying out requests
to add/delete/modify headers or recipients, change the message
body, etc.
* mimedefang.c: Fix filter registration so MIMEDefang works
correctly against libmilter from Sendmail 8.14
Changes since 2.58:
* A new "watch-multiple-mimedefangs.tcl" tool that lets you keep an eye
on a cluster of MIMEDefang scanners.
* Fixes to the build scripts that should eliminate build problems on
Intel/AMD 64-bit architectures.
* mimedefang generates the COMMANDS file more safely and more efficiently.
* Various other minor improvements and bug-fixes.
Changes since 2.57:
* Various minor bug-fixes, including a memory leak.
Changes since 2.56:
* Various minor bug-fixes
* New md-mx-ctrl hload command shows load over past 1, 4, 12 and 24 hours.
* New multiplexor scheduling algorithm tries to keep a given command on a
given set of slaves.
Changes 2.54:
a few minor enhancements and fixes.
Changes 2.53:
mostly work around bugs and deficiencies in third-party packages
commonly used with MIMEDefang.
Changes in 2.48:
This is a bugfix release for 2.46 and 2.47, which contained several
embarrassing bugs.
Changes in 2.46:
This release has a mechanism for Perl slaves to report back their status
to the multiplexor. This allows you to see exactly what each scanning
slave is doing at a given point in time. This release also features
support for the "csav" virus-scanner from Command Software, and better
support for Trend Micro's command line scanner. The algorithm that
reconstructs MIME messages after modification is greatly improved and
avoids creating useless multipart containers with only a single sub-part.
A few smaller changes fix minor bugs and tighten up security.
Changes in 2.45:
The multiplexor has a new "-a" option to allow non-privileged users to
run a restricted set of status commands. "watch-mimedefang" has been
completely revamped and gives a lot of useful information about email
server load. It can monitor a remote server over an SSH tunnel. The
notification facility has two new messages, indicating a busy timeout and
the unexpected death of a Perl slave. There is a new set of RBL functions
that perform parallel DNS lookups to reduce latency. In addition, many
minor features have been added, bugs have been fixed, and documentation
has been cleaned up.
pkgsrc changes - add rc scripts and runtime checks for virus checkers
from Eric Schnoebelen in PR pkg/24295
- require native pthread library as pth doesnt work
Major changes from 2.39 to 2.40:
If multiple virus scanners are installed, they are all used.
Default action for viruses is now discard.
Added a new "notification" facility to allow external software to react
to changes in multiplexor state.
We now pass both the raw input message and the unpacked, decoded parts to
the virus scanner. This makes virus detection much more reliable.
Major changes from 2.38 to 2.39:
The multiplexor can be compiled with an embedded Perl interpreter to
significantly reduce the cost of starting a new slave
A memory leak in the status command was fixed.
A histo command was added so you can see how busy your installation
Major changes from 2.37 to 2.38:
The internal SMALLBUF constant was increased to handle larger SpamAssassin
reports produced by SpamAssassin version 2.60.
If a virus is found, action_notify_sender is disabled.
Major changes from 2.36 to 2.37:
Pure bug-fix release: A file descriptor leak was fixed, and we set the
close-on-exec flag on most file descriptors.
Major changes from 2.35 to 2.36:
Scalability enhancements for very busy servers.
Support for BitDefender's "bdc" virus scanner.
Other minor bug fixes.
Major changes from 2.32 to 2.33:
The syslog facility can be changed easily.
MIMEDefang deletes all but the first of multiple Content-Type: headers.
MIMEDefang adds a Received: header when resending messages.
Major changes from 2.31 to 2.32:
Support for Central Command's Vexira virus-scanner.
Support for Sendmail's rcpt_mailer, rcpt_host and rcpt_addr macros.
Other minor bug fixes
Major changes from 2.30 to 2.31:
support for FPROTD scanner.
support for Symantec CarrierScan Server virus scanner.
Added remove_redundant_html_parts() to delete HTML parts if a
corresponding text/plain part is present in the message.
Speed ups
Changes in 2.24:
This release includes "watch-mimedefang", a graphical monitoring tool [not enabled].
It does stricter checks on functions which only make sense in the context of a
message. Global variables are cleared between messages so that extraneous values
don't stick around. There are important fixes for Solaris and possibly other
non-Linux machines.
Changes in 2.23:
A bug which could crash mimedefang-multiplexor under conditions of extreme load
has been fixed. An attacker with sufficient bandwidth may be able to exploit the
bug to mount a denial-of-service attack.
Changes in 2.22:
Support has been added for clamd, the daemonized version of Clam AntiVirus. A new
variable $MaxMIMEParts lets you reject overly complex MIME messages which could
otherwise result in a DoS. A new action_delete_all_headers routine has been added
which deletes all instance of a given header. Many little bugs were fixed and
portability was improved.
MIMEDefang is an e-mail filter program which works with Sendmail 8.12
and later. MIMEDefang filters all e-mail messages sent via SMTP.
MIMEDefang splits multi-part MIME messages into their components and
potentially deletes or modifies the various parts. It then
reassembles the parts back into an e-mail message and sends it on its
way.
MIMEDefang is written (mostly) in Perl, and the filter actions are
expressed in Perl. This makes MIMEDefang highly flexible and
configurable. As a simple example, you can delete all *.exe and *.com
files, convert all Word documents to HTML, and allow other attachments
through.
MIMEDefang uses the "milter" feature of Sendmail to "listen in" to
SMTP connections. It runs a scan once for each message, not once for
each recipient (as simpler procmail-based systems do.) Therefore, it
is more CPU-friendly than procmail-based systems. In addition,
because MIMEDefang can participate in the SMTP connection, you can
bounce messages (something impossible to do with procmail-based
systems.)
