amavisd-new 2.6.5 release candidate - a backport of bug fixes from 2.7.0-pre*

[Mark Martinec]

amavisd-new-2.6.5-rc1.tar.gz is a release candidate for a maintenance
update of a 2.6 branch, backporting all bug fixes from 2.7.0-pre* series.

It is available at:
  http://www.ijs.si/software/amavisd/amavisd-new-2.6.5-rc1.tar.gz



amavisd-new-2.6.5 release notes

This version is strictly a maintenance release, it incorporates
bug fixes backported from the 2.7.0-pre* series.


BUG FIXES

- when a back-end MTA rejected a message, amavisd would send a non-delivery
  status notification, but also propagate the reject status back, which is
  wrong, only one or the other response would be appropriate. A fix also
  allows choosing either a D_REJECT, D_BOUNCE or D_DISCARD response for
  such a case, configurable through %final_destiny_by_ccat at a CC_MTA
  entry, defaulting to D_REJECT; reported by Peer Heinlein;

- checking header section syntax could take excessive amounts of time
  in some degenerate cases of a very long header section, now fixed;

- do not bypass spam checking of a bounce message when its referenced domain
  in Message-ID is non-local but pen pals are disabled; reported by Stefan;

- removed some of the guesswork in bounce killer to prevent false
  positives in certain cases of forwarding a mail message as an attachment,
  at the expense of passing through some undesired but nonstandard bounces;
  (also, deal with non-delivery notifications from yahoogroups.com,
  and fixed one particular case of a false-positive in bounce killer
  (mixed/multipart with an attached full message, sent through a mailing
  list);

- fix a 'Zoo archive' entry in the $map_full_type_to_short_type_re list;

- fix a test for $myhostname being a FQDN to allow IDN domains (with a dash);

- fix a REPLACE hack (feature introduced in 2.6.2) on loading a policy bank;

- fix choosing the module IO::Socket::INET in ask_daemon_internal() to
  avoid versions of IO::Socket::INET6 older than 2.55 (2.56?) failing with
    "Address family not supported by protocol family"
  when an IPv4 address with a port number is specified for connections
  to a virus scanner; based on a patch by Phil Pearl (Lobbes);

- do_unzip: avoid testing version of Compress::Raw::Zlib, the module may
  not be loaded at all and the test would fail, resulting in inoperative
  zip unpacking; reported by Tuomo Soini;

- when logging or quarantining to SQL, execute a clause: SET NAMES 'utf8'
  after connecting to a database, to ensure the decoded Subject and From
  header fields are correctly interpreted by a SQL server as UTF-8 encoded
  strings. It seems the module DBD::mysql does not observe a MySQL setting
  for 'character_set_client' and needs an explicit SET NAMES. The problem
  did not affect PostgreSQL. Reported by Zhang Huangbin;

- avoid LDAP lookups aborting the scan when a %d placeholder is used in
  a $default_ldap{base} setting and the resulting base do not exist in
  an LDAP schema; reported by Zhang Huangbin;

- the amavisd-new 2.6.3 relaxed semantics of a number of hard links on a
  directory in TempDir::prepare(_dir), but left out an equivalent change
  necessary in TempDir::check, which is now fixed; the change only affects
  certain file system (like the one used on Mac OSX);

- treat an empty PID file or a junk one-liner file the same as a nonexistent
  PID file; previously an empty PID file (e.g. after an unclean shutdown)
  would prevent amavisd from starting; problem reported by Michael Scheidell;

- changed amavisd-release to only provide a 'quar_type' attribute in its
  request when it is reasonably sure of its appropriate value, otherwise
  leave the decision to the amavisd daemon; this solves releasing from a
  file-based quarantine when compression is not used and all files are at
  the top directory; reported by Voytek Eymont;

- provide a workaround for a [perl #62048] bug:
    Unwarranted "Malformed UTF-8 character" on tainted variable;
  reported by Jakob Curdes;

- provide a workaround for logging to syslog using an old version of
  Unix::Syslog which didn't prepare and keep its own copy of the 'ident'
  argument on a call to openlog(3); thanks to Bill Landry;


OTHER

- ensure compatibility with a new version 5.500 of MIME-Tools, which changed
  the way mime attributes content-disposition.filename and content-type.name
  are decoded, now properly respecting their declared encodings (character
  set). As a result, the declared (recommended) file names of MIME parts are
  now represented as native Perl character strings (Unicode), and as such
  may also end up in reported names of banned parts. Regular expressions
  in @banned_filename_maps, $banned_filename_re and $banned_namepath_re
  may also see these strings as native Perl characters, as well as in their
  MIME-encoded form. The change also affects interpretation of names in
  earlier versions of MIME-Tools, making them behave more like the 5.500.

- amavisd.conf: exclude names starting with 'cid:' from matching the
  double extensions banning rule, avoiding false positives;

- support Postfix 2.9 long queue IDs (enable_long_queue_ids=yes) as available
  since postfix-20110321 by adjusting default values for $log_short_templ
  and $log_verbose_templ templates;

- a small update to a default @virus_name_to_spam_score_maps;


Mark