Changes:

• Improved csf locking to enhance the integrity of the firewall


• Log lfd csf deny failures


• New SSHD regex added


• Improved the dovecot regex's


• New Beta option: lfd Clustering. This new set of options (CLUSTER*) in csf.conf allows the configuration of an lfd cluster environment where a group of servers can share blocks and, via the CLI, configuration option changes, allows and removes. See the readme.txt file for more information and details, setup and security implications

Changes:

• Fixed --options [D] output not going to a --report [file]


• Improvement to --decode [file] variable detection


• Exploit fingerprint definitions database additions

Changes:

• Added UID check to ensure updates are only performed by root (UID=0)


• New --options [D]. This is an experimental option that puts any PHP scripts containing an eval() function that decodes base64 and rot13 data through the (experimental) --decode [file] option during a scan. This will then highlight the decoded result if it hits any regex, fingerprint or virus scan matches


• Added eval(str_rot13 to --decode [file]


• Fixed --decode [file] not scanning final decoded result with regex definitions and fingerprints


• Improvements to --decode [file] detection and processing


• Modified pure-uploadscript init file to cope with multiple pure-ftpd pids on restart and to stop pure-ftpd more cleanly


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Improvements to regex definitions database


• Added new ignore options for sym:, psym: and hsym: to allow ignoring of symlinks


• Modified --generate to add sym: for symlinks to ignore file


• All UI user selections modified to be dropdown lists


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

Changes:

• Fixed bug preventing csf from blocking FTP IP addresses when --block used


• Added failure message from csf to FTP email if deny fails


• Added new exploit scanning option W to be used with --option (must be explicitly added to the options list - the same way as the C option). The W option will chmod all world writable directories found to 755. Use this option with care as it could prevent web scripts from functioning on non-suPHP or non-SUEXEC enabled systems

Changes:

• Scanning speedup when using --voptions


• Improvements to --decode performance and effectiveness


• New optimised fingerprint database. This new database, though with fewer entries, is better targetted at detecting relevant exploits that ClamAV misses (the majority!)


• Changed "Match for fingerprint of an exploit" to "Known exploit = [Fingerprint Match]"


• Changed "Match for regular expression (regex)" to "Regular expression match = [regex]"

Changes:

• New SSHD regex added


• Added Server Check to check whether SSHD UseDNS is set to "no" - it should be disabled


• Added an Important Note to the readme.txt regarding the sshd UseDNS setting


• Speedup for LF_DIRWATCH regex matching

Changes:

• Fixed email " (Hits:nn)" not totalling all accounts hits

Changes:

• Removed spurious "set to skip" message text


• Added " (Hits:nn)" to the Subject line of email reports


• Added new option --ulist [file] for use with the --all option to perform scans of only those users listed in [file]


• Regex scanning improvements


• Disable default deep scanning on FTP and web script uploads to help avoid false-positives. If you want to continue deep scanning add --deep to cxsftp.sh and/or cxscgi.sh


• Exploit regex definitions database additions


• Exploit fingerprint definitions database additions

In the latest version of MailScanner (v4.79.11) if MailScanner cannot find the virus scanner it will stop processing mail completely and no mail will be delivered.

If your virus scanner stops working, you will see the following message in your maillog:
"Virus Scanning: No virus scanners worked, so message batch was abandoned and re-tried!"

If you have this issue and want to get mail flowing again while you investigate the clamd issue, see this FAQ:
http://www.configserver.com/techfaq/index.php?faqid=84