MailCleaner Support

• (bugfix, admin gui) - Each administrator account has now a unique name
• (bugfix, filtering) - Better detection of messages and attachments in foreign languages (Chinese and Hebrew tested, probably some others concerned)
• (bugfix, filtering) - Better detection of new Microsoft Office documents (xlsx, docx, dat etc...)
• (bugfix, maintenance) - Clean spam quarantine beginning by a number in database (spam_num)
• (improvement, maintenance) - To limit inodes consumption, count files are now purged (one year retention period)
• (bugfix, translation) - Some German translation were corrected
• (improvement, filtering) - The EPS attachment type was added and is allowed by default
• (bugfix, typography) - The word Codabase was corrected: Codebase
• (bugfix, admin gui) - The content quarantine is now correctly sorted on both date and time
• (bugfix, admin gui) - Unescaped character prevent message release
• (bugfix, admin gui) - Invalid character in headers corrupts quarantine message display
• (bugfix, admin gui) - Single quote in local part of email address prevents a lot of things
• (improvement, MC team tools) - Big improvements about reporting false-positive to nospam@mailcleaner.net (Delays and future filtering greatly improved). Same thing planned for false-negative reported to spam@mailcleaner.net

Today the site qualys publish on their blog a new vulnerability on GNU/Linux system and more precisely on le glibc.
here is the detail : https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Here is the debian detail of this bug :
https://security-tracker.debian.org/tracker/CVE-2015-0235
The debian package eglibc is not installed on MailCleaner.

About Exim, this morning Phil Pennock pdp@exim.org wrote this :

Folks,

Today CVE-2015-0235 was released, concerning a memory mismanagement
vulnerability in glibc's "gethostbyname" functions.  This software is
the most common provider of "libc" on GNU/Linux systems, outside of the
embedded space.  If you're running Exim on GNU/Linux and don't know
otherwise, assume that you are using glibc to provide much of the base
operating system functionality and that you are affected by this
problem.  The latest versions of glibc are not affected, but for clarity
you should check with your OS vendor.

The exploit announcement is up at:
  http://www.openwall.com/lists/oss-security/2015/01/27/9
and we'd like to thank Qualys for being exceptionally responsible and
trying to provide us with advance notification that Exim would be
discussed as an exploit vector; unfortunately, the details leaked, they
had to move more quickly than they had planned and we've been left
playing catch-up; we're sorry that this announcement from the Exim
Maintainers is so tardy.

Because glibc is a library, flaws are exposed in applications which use
those functions, so many different programs are affected.  Exim was
chosen by the researchers as one widespread possible attack vector, and
they have been able to use this to be able to perform a "remote code
execution" attack against Exim, under certain circumstances.

The best fix is to install security fixes for glibc from your vendor,
and then restart any network services such as Exim.

If you can not sufficiently expedite such changes, then for this one
specific attack vector as outlined in the security advisory, you can
turn off use of the broken library functions by Exim's HELO/EHLO
handling; this does not protect you from other uses of those functions
by Exim, nor does it protect other products.  Details below.

The impact of an exploit is to be able to run arbitrary machine code as
the Exim run-time user: the user which handles incoming SMTP
connections.  This is typically a user called "exim" (or "_exim" or
"mailnull" or something else chosen by your OS vendor).  For a number of
releases now, Exim's code has explicitly blocked ill-advised attempts to
build it with "root" as the run-time user, to limit the consequences of
flaws such as this latest one.  Taking over your machine entirely would
require a privilege escalation attack from the Exim run-time user to
root, but attackers just getting a foothold is likely to be sufficiently
painful for you.

To protect Exim against the HELO/EHLO attack vector, do *not* set either
of these in the main configuration:

    helo_verify_hosts
    helo_try_verify_hosts

and do *not* use the following in any ACLs:

    verify = helo

We believe, based on rather hurried analysis, that every other
configuration option in Exim which might use "gethostbyname()" will use
a newer set of functions if available, and not explicitly disabled by
your OS packagers when building Exim.

Regards,
- -Phil, pp The Exim Maintainers

After a sanity check of the exim's configuration file everything is clean about the HELO/EHLO attack vector.

The new version is already deployed on all the MailCleaner Enterprise.
To verify if your MailCleaner is really up to date, go to Monitoring -> Status :

• Version : 2014.10
• Patch level : 2014120101

Here is the Changelog :
#001- (security, admin gui) - set Cypher priority
#002- (security, admin gui) - support of TLS v1.1 v1.2
#003- (upgrade, os) - major upgrade of ClamAV (clamd & ClamSpam), openssl

The new version is already deployed on all the MailCleaner Enterprise.
To verify if your MailCleaner is really up to date, go to Monitoring -> Status :

• Version : 2014.10
• Patch level : 2014102101

Here is the Changelog :

#001- (improvement, smtp) - changed LDAP callout behavior to accept on failure
#002- (improvement, filtering) - added X-Auto-Response-Suppress on detected spams
#003- (bugfix, filtering) - fixed potential white space before subject in quarantined messages
#004- (bugfix, admin gui) - increased the Trusted IPs/Network field size
#005- (feature, smtp) - added authenticated users blocking list
#006- (bugfix, smtp) - fixed LDAP quoting
#007- (improvement, os) - improved IPv6 firewalling support
#008- (improvement, smtp) - increased limit in SPF included resolutions
#009- (feature, filtering) - added avoidable hosts list in PreRBls module
#010- (feature, filtering) - added support for optional MessageSniffer module
#011- (feature, gui) - added auto-detection of starttls on LDAP connector
#012- (bugfix, admin gui) - cleaning of some output in logs view
#013- (improvement, admin gui) - changed defaults for DKIM DNS record information to match current recommendations
#014- (improvement, os) - added Squeeze LTS for long support security updates
#015- (upgrade, os) - major upgrade of Apache, MySQL, PHP and SpamAssassin packages
#016- (upgrade, security) - removed usage of SSLv3