All releases of Email Security through Procmail

  •  07 Sep 2003 21:57
Avatar

    Release Notes: This release adds Microsoft Office Suite VBE buffer overflow attacks (8/31 EEYE alert) to the Microsoft Office file attachment macro scanner, and trapping attacks on other recent Outlook and Sendmail bugs. There are other minor improvements.

    •  27 Jan 2003 00:45
    Avatar

      Release Notes: This release fixes a minor security bug and a missed MIME type mangle. Configuration of Office embedded-link scoring has been added.

      •  23 Dec 2002 04:20
      Avatar

        Release Notes: A bug in filename shortening that broke older Perl versions has been fixed. MIME mangling has been changed away from TEXT/PLAIN, as some mailers perform text-related operations on that MIME type, corrupting the attachments.

        •  20 Oct 2002 23:40
        Avatar

          Release Notes: CPL (Control Panel applet) and WSZ (scriptable WinAmp skin) have been added to the default list of executable extensions. Extension only filenames are handled properly. HTML encoded multibyte characters are not corrupted. Runs of spaces in filenames are collapsed before length limiting. Original extensions are not lost during length limiting. A kill-all-EXEs option has been added to check the base64 body for Windows .exe magic. MSWord INCLUDETEXT and INCLUDEPICTURE are detected as an attack by the macro scanner. There is a special case for sender detection in messages from AOL.

          •  27 May 2002 05:28
          Avatar

            Release Notes: Improved the sender address checking to better avoid notifying forged sender addresses, and fixed the quoting of unquoted attachment filenames that have embedded semicolons. Improved active HTML defanging a bit, improved customizability, and made other minor improvements and bugfixes.

            •  22 Apr 2002 06:01
            Avatar

              Release Notes: More configuration options were added in this release to ease use with non-sendmail MTAs. There is improved handling of maliciously encoded attachment filenames and Windows-specific attachment filename trickery, a workaround for a memory bug in Procmail 3.22, and other minor bugfixes and enhancements.

              •  06 Jan 2002 01:46
              Avatar

                Release Notes: A fix for a bug in handling certain recursive multipart MIME attachments (as used in a recent worm variant), and other minor feature enhancements.

                •  24 Nov 2001 05:31
                Avatar

                  Release Notes: Two bugs that allowed some messages to bypass attachment sanitizing have been fixed. Attachment stripping has been added, as well as many other minor capability enhancements and bugfixes.

                  •  08 Sep 2001 22:06
                  Avatar

                    Release Notes: This release is smaller, and should now work on AIX. There are more customization options. Handling of CLSID filenames has been added.

                    •  24 Apr 2001 07:07
                    Avatar

                      Release Notes: Now detects and truncates "Subject:" headers longer then 250 characters, to protect Outlook Express users. VCF and NWS added to the default MANGLE_EXTENSIONS list. Only defangs HTML in message body, to avoid defanging email addresses like "< meta.smith@example.org >". Changed macro scanner to allow detailed reporting of what it finds; if you add SCORE_DETAILS=YES to your sanitizer configuration, the sanitizer will now tell you why it is considering a document to be poisoned. Modified macro score logging to include the recipient name. Changed default filename to "default.txt" to try to force Windows to treat it safely. Fixed the REPORT bug from 1.128.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.