Sorry fo critical/high. This version fixes some virus scanning issues and is long overdue (sorry again). - Update to 4.38.10 * New Features and Improvements * - Upgraded to MIME-tools 5.417. - Added new filename restrictions using Microsoft vulnerability report from AUScert. - Improved /etc/sysconfig/MailScanner so that it finds Incoming Work Dir and Incoming Queue Dir automatically from MailScanner.conf file. - Can now use $from, $id and $subject in inline signature for signing clean messages. - Any entry in the "Archive Mail" setting can contain _DATE_ which will be replaced with the current date in yyyymmdd form, so you can backup or move yesterday's archive safely knowing that it won't be written to today. - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to cause problems. - Added "Also Find Numeric Phishing" setting (on by default) so that all numeric IP addresses in links are flagged as being dangerous. - Added "$postmastername" to the list of variables available in many reports. - ClamAV -autoupdate script now logs all warnings and errors from freshclam. - Postfix support added to "IPBlock" functionality for SMTP connection throttling. Many thanks to Rakesh for writing this. - Updated German translations. Many thanks to Felix for doing this. - Added PDF version of new MailScanner advertising "flyer". - Added "Log Dangerous HTML Tags" configuration setting, and removed old "Log IFrame Tags" configuration setting, so that all potentially dangerous HTML tags are now logged. This helps when you are developing your white- list of safe sources of HTML tags, such as newsletters and daily cartoons. - Added "Phishing Safe Sites File" configuration setting to point to a file containing a list of fully-qualified hostnames which are ignored in the phishing detection tests. Any links to any of these hostnames are ignored in the phishing tests. - Added "Eicar" to non-forging viruses list, so it's easier for testing. - Upgraded to latest HTML::Parser version 3.45. - Changed logging about HTML disarming to only log if it actually changed the message. - Improved comments about ruleset filenames for Spam Actions et al. - Upgraded to latest Net::CIDR version 0.10. - Improved phishing net to handle links which look like email addresses. - Upgraded Vexira to handle new version. Note that support for the old version of Vexira has been dropped. You *must* upgrade to use this release. - Upgraded install-Clam-SA.tar.gz script (on the downloads page) to install ClamAV 0.81 and SpamAssassin 3.0.2. - Better updated translations of pt_br by Eduard Michels. - Improved logging of numeric-ip based phishing attempts. * Fixes * - Fixed problem where some spam was delivered even if the Spam Actions was set to "store delete" if the messages were not to be virus-scanned. - Fixed harmless uninitialised variables in HTML disarming. - Removed 2nd copy of tnef sources from tar distribution. - Fixed problem in phishing net where empty <A> tags would cause false alarm on the previous normal link. - Fixed problem in a few situations where logging would say content disarming was happening when actually it wasn't. - Fixed problem where messages that were not virus-scanned did not have arbitrary headers removed. - Subject lines are now MIME decoded before writing to Postmaster notices. - Fixed bug in SpamAssassin score counting in MCP functionality. - Fixed bug in handling of phishing safe sites file. Generated with FreeBSD Port Tools 0.63
State Changed From-To: open->closed Committed, thanks! (Nobody is looking at Severity/Priority anyway, don't worry :)