ANNOUNCE: amavisd-new-2.7.1 has been released

Mark Martinec Mark.Martinec+amavis at
Sun Apr 29 04:24:53 CEST 2012

Version 2.7.1 of amavisd-new has been released.
It is available at:

Release notes are at:

The 2.7.1 is a bug fixes -only release over 2.7.0.
Problems which were discovered during a 2.8.0 development cycle
were backported to 2.7.

amavisd-new-2.7.1 release notes


- prevent rmdir() from failing with 'Invalid argument' on Solaris 10 when
  deleting a temporary directory: current working directory must not be
  within a directory which is about to be deleted; reported and diagnosed
  by Maciej Uhlig;

- forwarding or quarantining through a 'pipe:' method failed with
  "Insecure dependency in exec while running with -T switch" when a
  sendmail command-line option -N was needed; reported by Andreas Schulze;

- when multiple sockets are specified (e.g. in $forward_method) as a
  redundancy/failover mechanism, and SMTP session caching is enabled,
  a failed forwarding session does not clear a cached session, so all
  further attempts are stuck with the failed server, instead of picking
  a different server from the list; discovered by Michael Storz;

- on establishing a SMTP session when multiple sockets are specified
  (e.g. in $forward_method) as a redundancy/failover mechanism, the
  random choice never picked the last socket in a list;
  discovered by Michael Storz;

- fix defanging by mimedefang, it was failing with perl 5.10 or later
  due to an unhandled "Insecure dependency in sprintf" while logging the
  result if the $log_level was 2 or higher, or when debugging was enabled;
  thanks to Steve Scotter for a problem report;

- fix defanging by Anomy::Sanitizer, it was failing with an error message:
  "mangling by anomy failed: replacement size 0, mail will pass unmodified";

- fix the 'xz' entry in a default @decoders list (in files amavisd.conf,
  amavisd.conf-default and amavisd); the first two variants ('xzdec' and
  'xz') were glued together, so the xz decoder was only available if found
  under names 'unxz' or 'xzcat';

- provide a workaround for a bug [ #64642] in a perl module
  Encode, which gratuitously untaints a string when encoding or decoding it:
    (still unfixed in Encode 2.44, perl 5.14.2);
  A module Scalar::Util is now required, which should not be a compatibility
  problem, as this module is a Perl core module since perl 5.8.0.

- avoid the use of Encode::is_utf8 due to a bug in a perl module Encode
  as bundled with versions of Perl 5.8.0 to 5.8.8 (fixed in March 2007):

  Perl bug tracking: #32687:
    Encode::is_utf8 on tainted UTF8 string returns false
  also referenced by #37170:

  This is a re-manifestation of the same problem we had back in 2004,
  with a workaround provided by amavisd-new-2.2.1.  Forgot that people
  are still using Perl 5.8 :)  Reported by Peter Dieth;

- fix a warning: _WARN: Invalid conversion in sprintf: "%a"

- write informational messages during a stop/start/restart to stdout,
  instead of to stderr, avoiding unnecessary cron job messages;
  thanks to Cristian Seres, Sandro Janke and John Griffiths;

- fix a syntactically incorrect 'Avira SAVAPI' av entry (missing
  closing bracket) in a sample configuration file amavisd.conf;

- minor: get_body_digest incorrectly logged 8-bit body as 8-bit header;

- no longer insist on a minimal version 2.22 of a module Digest::MD5,
  the 'clone' method is no longer needed since amavisd-new-2.7.0;

- do not call $parser->max_parts($MAXFILES) with some old versions
  of MIME::Parser which did not yet provide this method;

- pre-load a module File::Glob even with perl 5.8.0, otherwise
  autowhitelisting in SpamAssasssin may fail with "Insecure dependency";

- documentation: (files README.sql-mysql and README.sql-pg):
  fixed a field name "policy.unchecked_lover", previously incorrectly
  specified as "policy.unchecked_lovers_maps"; reported by TimH;

- documentation: fixed the two SELECT examples in files README.sql-pg and
  README.sql-mysql, the field 'select' needs to be qualified with a table
  name: 'msgrcpt.content' to avoid ambiguity;  reported by Gary V;

- documentation bug in amavisd.conf-default: 'ESMTP' is not a valid
  setting for $protocol, just use 'SMTP' instead; reported by Pascal Volk;


- commented out the LHA entry in the default @decoders list and in
  do_executable(). The program seems to be unmaintained, was seen crashing
  and as such it may pose a security risk; pointed out by Thomas Jarosch;

- due to popular demand, bring the 'spam-tag:' log line back to log level 2
  (version 2.7.0 dropped it to log level 3) to retain compatibility with
  some log analyzers. Caveat: 'spam-tag' string is now entirely in lowercase.
  Suggested by Stefan Jakobs;


- if a message is quarantined to more than one location using different
  quarantine methods, the SQL field msgs.quar_type indicates only the
  type of the last one. When archival quarantining is enabled this choice
  is unfortunate, as the primary quarantine type is more interesting
  than the permanent archival quarantine type. This is now reversed,
  the msgs.quar_type field now reflects the first quarantine type.
  Suggested by Patrick Ben Koetter.

- SMTP session caching now no longer re-uses old sessions which are
  in use for more than a minute since their establishment; suggested
  by Michael Storz;

- having the archive quarantine enabled should not be a sufficient reason
  to store information to SQL when $sql_store_info_for_all_msgs is off;
  Suggested by Patrick Ben Koetter.

- ClamAV-clamd and ClamAV-clamd-stream av scanners: changed socket name
  in a sample configuration file amavisd.conf to /var/run/clamav/clamd.sock
  (previously the socket name was /var/run/clamav/clamd); this makes it
  compatible with a default socket name under several Linux distributions
  and under FreeBSD; suggested by Oliver Schinagl;

- documentation updates;


More information about the amavis-users mailing list