Virus Snagers(tm) Version History, cont'd (current changes in vsnag.readme.html)
DIAGNOSTICS TOOL UPDATE, 26-August-2004
The diagnostics INCLUDERC, useful for all procmailers,
no longer requires $VS_DEBUG be set to turn on extra reporting when used
in conjunction with vsnag. Instructions within the file have been simplified.
Further minor improvements have been initiated. Find ver. 1.2 in the Download area.
INTERIM UPDATE, 2.04 -> 2.0.5, 3-Aug-2004
Ver. 2.0.5 offers a small improvement to one
recipe controlling the “sending_client=counterfeit-self”check.
In some cases, the check was bypassed when it should not have been. Also
added in this version is the CPL extension to the list of “baddies.”
DIAGNOSTICS TOOL UPDATE, 22-June-2004
There are minor improvements to the optional
self-test.rc diagnostics plug-in. Find ver. 1.13 in the Download area.
INTERIM UPDATE, 2.0.3f -> 2.0.4, 19-June-2004
Ver. 2.0.4 offers a minor update to one test
affecting ZIP files only. Instances of false positives are reduced with this
INTERIM UPDATE, 2.0.3 -> 2.0.3f, 25-May-2004
Ver. 2.0.3 is deprecated and officially recalled. There was a misnamed
var that caused messages not to be stopped. Version 2.0.3f or above replaces
INTERIM UPDATE, 2.0.2 -> 2.0.3, 23-May-2004
Revised code that decides if message qualifies
for attachment scanning. Previously, all mailer-daemon messages were scanned.
Now what vsnag finds to be local admin messages are skipped if the Content-Type
header doesn't indicate an attachment.
Patched algorithm bug setting MYDOMAIN_IP
with only one Received.
Stopped wrong $VS_DEBUG unassignment
Optional diagnostics tool "vsnag.self-test.rc" has
had "$$" added to its output; and $VS_SELF_TEST typo corrected.
INTERIM UPDATE, 2.0.1 -> 2.0.2, 17-May-2004
Fixed syntax error in one recipe that scans
ZIP files. The bug was causing clean messages to be blocked in some cases.
See also new clarification in FAQ with regard to how ZIPs are scanned.
NEW DIAGNOSTIC TOOL, 15-May-2004
On 15-May-04 we made available an optional plug-in
rc-file to help you with procmail diagnostics generally and also with diagnosing
the state of Virus Snaggers. The tool is useful for procmailers in general.
See the Download section of the Virus Snaggers web site.
INTERIM UPDATE, 2.0.0 -> 2.0.1, 13-May-2004
Error handling adjusted for deprecated procmail
versions below 3.15. Minor cosmetic changes to the myvars file.
UPGRADE VERSION 2.0, 9-May-2004 ("Mother's
Virus Snaggers is now a modular package. There
are environment settings for you to customize, and then there is the main
file that calls them. Along with this readme, the three files making up the
program are vsnag.rc (the main file), vsnag.genvars.rc, and vsnag.myvars.rc.
Only the last one of these should require your attention. That is, you customize
the environment if desired, and leave everything else alone.
Your pre-processing customization
now goes in the myvars file; it no longer needs to precede the INCLUDERC
call to vsnag in your personal .procmailrc. Set $VS_MYVARS in the rc if you've
renamed the file or given it a location different from that of the main file.
Backward compatibility has been lost
(sorry). Many var names are now changed, to better organize and segregate
namespace. Many new ones have been added. All vars are listed in the "myvars" env
file, which see. Of particular note, the mechanism for naming suspect file-extension
sets is simplified.
"COM" has been added as
a default bad extension. A problem with false positives caused by COM in
the bad-extension list is gone. "BAT" and "CMD" were
added in ver. 1.5.
Possible whitespace before nasty file-extensions
is now handled.
$DOUBLES and $SUPPLEMENTAL are gone,
because the new algorithm makes them superfluous. $NASTYEXT is now $VS_NASTYEXT;
$VFROM is $H_FROM; and $CTYPE is $H_CTYPE. $RECOMMENDED is also now absent
Virus signatures are gone. The "Type-B" recipe
is gone - supplanted by a reworked attachment snagger that works better than
LINEBUF minimum has been bumped to
ZIP files are now automatically checked
sanely, based on various characteristics common to the virus and worm messages
that carry them. Most legitimate (non-worm) ZIP files sent to you should
be able to make it through. $AGGRESSIVE is still available as a setting to "up
the ante," so to speak, on the scouring heuristics.
$AGGRESSIVE's default is now to block
ZIPs only if they are from 12k to 48k. You now can set $VS_ZIPMAX and $VS_ZIPMIN
in the myvars file if you care to change those values; or add ZIP to $VS_NASTYEXT
to block them altogether.
The new "hook" variable,
$VS_HOOK, allows you to write custom messages to the log or perform other
pre-delivery processing via your own separate INCLUDERC. For example, use
$VS_HOOK to log the output of $VS_OUT; or perform other pre-delivery post-processing.
$VS_ATTACH is now available whenever
a message contains an attachment. Use the presence of this var to perform
customs actions of your own, including the quarantining quarantine all messages
with attachments, if you wish.
Most code has been rewritten. There
are many new heuristics. Instructions have been moved to this readme file.
WHAT'S FAIRLY NEW
Variable tagging for viruses changed with ver.
1.6.1. Instead of the old $VIR_A/$VIR_B/$VIR_Z syntax, one variable - $VS_OUT
- is set to the heuristic triggered when a suspected virus or worm is found.
$VBELL var (previously called $VDEBUG)
was added to permit audible bell for testing on found viruses. I leave it
set all the time, myself.