2017-12-18
fixed in assp 2.5.5 *Fortress* build 17352:

- a memory leak in report connection handling is fixed

- ASSP_AFC: non ASCII characters in 
  'ASSP_AFCReplBadAttachText','Replace Bad Attachments Text'
  and
  'ASSP_AFCReplViriPartsText','Replace Virus Parts Text'
  were wrong MIME-encoded in the delivered mail

changed:

- 'MaxAUTHErrors','Max Number of AUTHentication Errors'
....
If your MTA offers AUTH without supporting it (has no user accounts) define a negative value here (e.g. -1).
In this case assp and the MTA will function as an AUTH-honeypot, the peer will get an penalty at the first AUTH request.
....

- in case a blocked attachment mail is resent in block reports by admins, the '[no] scan' option is added to the request
  mail body

- ASSP_AFC version 4.75 fixes a minor logging output issue

- ASSP_AFC version 4.75 has a new function for VBA detection. To enable it set
  $ASSP_AFC::VBAcheck = 0;     # enable(1)/disable(0) the executable VBA script check
  to '1'


2017-12-07
fixed in assp 2.5.5 *Fortress* build 17341:

changed:

- improved connection data cleanup in idle mode (sleeping threads)

- typo corrections in the GUI



2017-12-05
fixed in assp 2.5.5 *Fortress* build 17339:


changed:

- It is now possible to define a SSL-listener for all listeners (SMTP, WEB, STAT) - to do this write SSL: in front of the listener definition.
  Examples:
  225
  SSL:325
  225|SSL:325
  127.0.0.1:225
  192.168.1.1:225|192.168.2.1:225|SSL:192.168.1:325

- improved error handling for the new SSL code in build 17338



2017-12-04
fixed in assp 2.5.5 *Fortress* build 17338:

- orphaned connection data and handles may caused errors like:
  - too many open files
  - invalid filehandle
  - ....
  It was also possible, that the connection screen and the worker status screen have shown incorrect data.
  On some systems those orphaned connections caused unexpected high CPU and memory usage.

changed:

- 'maxSSLRenegotiations' is only checked for incoming mails, not for local and outgoing mails

- the default value for 'maxSSLRenegotiations','Maximum Allowed SMTP SSL Client-Initiated-Renegotiations' is changed to 10

- SSLDEBUG now writes the debug information of the SSL handling to maillog.txt

- For all SSL listeners and STARTTLS connections where assp acts as server and all SSL/TLS connections to defined destinations only a single SSL-Context is used
  for each peer to speedup the SSL connections and to reduce memory usage.
  Setting the hidden configuration parameter 'enablePermanentSSLContext' to zero or 'undef' will force the old behavior (create and delete the SSL-Context for each connection).
  Setting the hidden configuration parameter 'enablePermanentSSLContext' to zero or 'undef' is not related to SNI configurations. For SNI server configurations a permanent
  SSL-Context is used every time.

- improved SNI support for environments with a large amount of SSL-certificates and keys

- speed improvement of the rebuildspamdb task

added:

- ASSP_AFC version 4.74 is able to check for 'Microsoft Office Compound File Binary (OLE)' attachments - the exception tag is :MSOLE

- The above referenced hidden configuration variable 'enablePermanentSSLContext' is added  
  our $enablePermanentSSLContext = 1;      # (0/1) enable usage of permanent SSL Context - maxunused = 1 hour, max lifetime = 1 day (default = 1)
  If set, assp will reuse an available SSL-Context unitl this context is not older than one day or it was unused for over one hour.



2017-11-19
fixed in assp 2.5.5 *Fortress* build 17323:

- on 'apply changes', google chrome (v57 and higher) may has thrown an error about 'x-xss-protection', if the GUI in http mode was used by user 'root'

- it was possible that setting 'FileScanCMD' to 'NORUN' caused stucking workers, if the online filesystem virus scanner detected a virus and locked the checked
  file permanently
  
- ClamAV and the FileScanner were called on no content (zero bytes), which sometimes caused an unexpected virus detection or a wrong content replacement by ASSP_AFC

 
- ASSP_AFC version 4.72 fixes a logging mistake

  

2017-11-13
fixed in assp 2.5.5 *Fortress* build 17317:

changed:

- If the filename for an attachment contains no extension, but the given Content-Type MIME header provides the filetype, the related extension is added
  to the file name to prevent unexpected blocked attachments.

  related to this change, the ASSP_AFC.pm Plugin is updated to version 4.71
  
  

2017-11-06
fixed in assp 2.5.5 *Fortress* build 17310:

- If 'StoreCompleteMail' was set to 'disabled'(0), the stored corpus files (.eml) were smaller than the value defined for 'MaxBytes'.


2017-11-03
fixed in assp 2.5.5 *Fortress* build 17307:

- switching the effective and real UID on BSD based OS may have been failed

- If ASSP was unable to accept a client socket connection, a retry may has caused a SEGV on some OS. The retry is now skipped.

- The output of the used UserAttach ZIP: regular expression in the analyzer is now normalized.



changed:

- The default value of 'tlsValencePB' 'OK, Is a SSL/TLS connection, default=0 +' is changed from -10 to zero.

- IP's with AUTH errors, faked AUTH-errors and SSL-renegotiation attacks are now reported to the Grip-list server

- Notification emails are now showing the matched log-text and the used regular expression at the end of the email.


added:

- To prevent DoS attacks in SSL renegotiations the hidden configuration variable 'maxSSLRenegDuration' is added - the default value is 10 seconds.
# the SSL/TLS renegotiation counter will be reset after this number of seconds without a renegotiation request and any regular data are sent or received
our $maxSSLRenegDuration = 10;


'maxSSLRenegotiations','Maximum Allowed SMTP SSL Client-Initiated-Renegotiations'
 'Maxumum count of allowed SSL/TLS client initiated renegotiations to prevent DoS.
 If this count is exceeded in a connection within 10 seconds, the connection is terminated, the connected IP is registered in banFailedSSLIP and new connections
 from this IP address are rejected for 15-30 minutes. An IP-Score of PenaltyExtreme but at least 150 is used for the IP address.
 Zero disables this feature - default is : 2 attempts.'



2017-10-24
fixed in assp 2.5.5 *Fortress* build 17297:

- upper case UserAttach templates caused an exception in attachment processing
  ASSP_AFC 4.70 is required too, to fix this issue
  NOTICE: build 17297 is at least required to use ASSP_AFC version 4.70 !
    


2017-10-08
fixed in assp 2.5.5 *Fortress* build 17281:

- active connection counting and limiting was not working if clients/servers used the STARTTLS command

- analyzing the memory usage in the threads cause a SEGV in 'Devel::Size' on newer perl versions - this feature is deactivated in the code permanently


changed:

- Because sourceforge is discontinuing the CVS support, the versioning support for the ASSP development is sitched to SVN.
  Starting with this build the download location is changed to:
  
  https://sourceforge.net/p/assp/svn/HEAD/tree/assp2/trunk
  
  The folder structure and file location in SVN is the same like it was in CVS.
  
  Previouse versions (including V1) and builds are still available at CVS for download, as long as souceforge provides browser access to CVS.
  
  http://assp.cvs.sourceforge.net


2017-10-03
fixed in assp 2.5.5 *Fortress* build 17276:

changed:

- On systems which supports the thread priority settings, some time critical task are running faster (clean PBBlack, rebuildspamdb).


2017-10-02
fixed in assp 2.5.5 *Fortress* build 17275:

- On a secured Windows Server 2016, it was possible that the options to 'stop' and 'pause' the running ASSP service were not available (greyed out).
  In this case, it was also not possible to manage the service using 'sc' and 'net'.




2017-09-25
fixed in assp 2.5.5 *Fortress* build 17268:


- There were two options missing in the Archive::Libarchive::XS call in ASSP_AFC, which are not supported without a special definition per default.
  - raw compression formats
  - empty compressed files
 Both types caused an 'Unrecognized archive format' exception at decompression time and an additionally call to a second (or third) decompression engine (eg: 7zip)
 Version 4.65 fixes this issue - those files are now decompressed by Archive::Libarchive::XS, if they are supported by the module.

- it was possible, that the used SSL/TLS cipher was added multiple time to the assp 'Received:' MIME-header line
 

changed:

- improved MS exchange MTA detection - related to '$CCchangeMSGDate', see build 17261

- 'DoSameSubject' uses a similarity check instead of an equality check

- 'MaxAllowedDups' uses a similarity check instead of an equality check

- using ASSP_AFC 4.65, the version numbers of the archive modules are now shown in the Perl-modules status screen

- if Encode::Detect is installed, it will be used instead of Encode::Guess to provide better decoding results



2017-09-18
fixed in assp 2.5.5 *Fortress* build 17261:


- if 'STARTTLS' was used to resend a mail, the second 'EHLO' possibly used 'localhost.localdomain' as hostname (instead of 'myName'), which may caused problems on some MTA's,
  because they expect to get the same EHLO again - both EHLO commands are now using 'myName'


changed:

- the function of the hidden parameter '$CCchangeMSGDate' is enhanced

our $CCchangeMSGDate = 0;                ## (0..31) change the 'Date:' MIME-header on CCmail (sendHamInbound), ForwardSpam (sendAllSpam) and resend mail
                                         ## MS-Exchange may require this, because duplicate mails will be removed silently, if they contain an equal 'Date:...' MIME-header
                                         # bit 0 = 1 ( +1) -> set all bits (1 - 4) to 1 for backward compatibility ( same as 30 -> 2+4+8+16 )
                                         # bit 1 = 1 ( +2) -> force change at CCmail
                                         # bit 2 = 1 ( +4) -> force change at ForwardSpam
                                         # bit 3 = 1 ( +8) -> force change at resend mail
                                         # bit 4 = 1 (+16) -> general disable the automatic detection of a local MS-Exchange MTA by checking the SMTP banner / greeting
                                         ## The default is zero (0), which means: the 'Date:...' MIME-header is not forced to be changed in either case,
                                         ## but it will be changed, if a MS-Exchange MTA is detected using $ExchangeBannerRe against the SMTP banner / greeting.
                                         ## To disable this feature completely - set this value to 16.




2017-09-17
fixed in assp 2.5.5 *Fortress* build 17260:

- Depending on the used perl version the following chinese charsets were not supported by the perl module 'Encode', even the module 'Encode::HanExtra' was 
  installed:  big5plus , euc-tw , gb18030.
  These charsets are now registered to 'Encode' on NON-EBCDIC systems by assp. The installation of the perl module 'Encode::HanExtra' is mandatory to support these
  charsets.

- If an unknown (not registered to Encode) MIME-charset was found in an email, it was possible that the thread died unexpected throwing an UTF-8 fatal error.
  Those mail data are now processed binary, in rare cases the content of such a mail is ignored.


added:

- ASSP_AFC version 4.62 now supports the definiton of custom excutable checks. Special coding in lib/CorrectASSPcfg.pm is required.

our $SkipExeTags = [];  # customized skip tags ('CUST1','CUST2'...) for external executable checks defined in lib/CorrectASSPcfg.pm
                        # usage in 'UserAttach' : ':CUST1',':CUST2'
our $checkExeExternal;  # custom subroutine to check executables external (eg. lib/CorrectASSPcfg.pm) - $ASSP_AFC::checkExeExternal->($self,\$sk,\$buff,$raf,\$pdf) 
                        # if the internal check has not found an executable
                            # self - the ASSP_AFC object for this mail
                          # the following paramters are refences to scalars
                            # sk - active skip tags at runtime
                            # buff - up to first 64 binary bytes of the attachment
                            # raf - complete binary content of the attachment
                            # pdf - decoded binary PDF content, if the attachment is a PDF , otherwise undef

our $checkExeExternalForce; # same as $checkExeExternal - but called weather the internal check has found an executable or not - 
                            # $ASSP_AFC::checkExeExternalForce->($self,\$sk,\$buff,$raf,\$pdf,\$type)
                              # ....
                              # type - contains the previous detected executable type description or undef



2017-09-11
fixed in assp 2.5.5 *Fortress* build 17254:

changed:

- attachment blocking:
  - If a file extension regular expression is wrong defined as (1) '*' (leading asterix) or (2) '?' (leading question mark) the definition no longer fails.
    Instead the regular expression is now corrected to (1) '.*' and (2) '.?' and a waring is written to the maillog.txt.



2017-09-04
fixed in assp 2.5.5 *Fortress* build 17247:

- ASSP_AFC 4.61 is released

- if any of HTML parsers was selected, the modul was not shown in Module Stats screen


changed:

- an new exception switch is added to the 'UserAttach' function - ASSP_AFC 4.61 is required to provided this also for compressed attachments (zip:...)

description changes:
....
  Notice the leading -- in front of the --doc regular expression in the last example. The leading -- removes all occurences of this regular expression from the resulting entry, 
  here from "block-in" (NOT from block!) at configuration time. You would need to define --doc in the "block=>" entry as well, to remove such occurences there.
  Because the -- exceptions are processed at configuration time, such a definition will not overwrite an opposit rule definition: sender > recipient and recipient < sender
  - which are combined at runtime (attachment check).
  If you want assp to process such a "remove extension directive" at runtime (to make the recipient <> sender rule overwrite working for this address),
  use for example -+doc instead of --doc. Be carefull creating weak blocking rules using the -+ directive. Make sure the sender and recipient address can
  NOT be faked (eg. SPF-strict, DKIM)
  ASSP will resolve all extension regular expression templates and all rule tempates and will combine them all in to one resulting domain or user attachment rule.
  ASSP will throw a warning, if a rule template is define multipe times - like: *@domain.com=~~commonRule,~~devRule - here ~~devRule already contains ~~commonRule
  It may happen, that the resulting attachment rule contains one or more extension regular expressions multiple times - this is harmless and will be internaly corrected,
  but try to prevent it.
  
  This feature replaces all of the above level definitions (BadAttachL1 ....L2 ....), if at least one valid (not zip:... from the ASSP_AFC Plugin) attachment blocking 
  or allow rule is found for the envelope sender or the first envelope recipient of a mail!
  good, good-out and good-in - and also - block, block-out and block-in - will be logical OR (pipe '|') combined from the matched rule for the first envelope recipient 
  and the envelope sender - according to the mail flow.
  The defined blocking rules for the envelope sender and the first envelope recipient are than combined together using the same OR logic (pipe '|') at runtime.
  The attachment block rules for a specific email are looking as follows: (replace block with good to get the attachment good rules)
  incoming mail: recipient-block|recipient-block-in|sender-block|sender-block-in
  outgoing mail: sender-block|sender-block-out|recipient-block|recipient-block-out
....



added:

- In the 'config info' section of the left menu, a new link to 'Privat Config Notes' is available. It can be used for general notes and privat documentation.



2017-09-01
fixed in assp 2.5.5 *Fortress* build 17244:

- a domain name in an URL that starts with number and dash like "2017-", was wrong detected as strong obfuscated IP address

changed:

- the over a year existing hidden configuration parameter 'HTMLParser' is now changed to a regular configuration parameter

**** ATTENTION ****
 If you still use this hidden parameter, remove any related code from the startup script or CorrectASSPcfg.pm BEFORE you upgrade to this version!
 Configure the parameter after the first start in the GUI!
*******************

 'HTMLParser','Use this HTML Parser','0:buildin|1:HTML::Strip|2:HTML::TreeBuilder',
 
  Commonly HTML/XML is used in emails. The HTML/XML tags are too variable to use them for Bayesian- and Hidden Markov Model analysis.
  For this reason, these tags are removed from the HTML/XML content to get the clean text of the email.
  The assp buildin regular expression HTML-parser is now used for decades. It got large improvements over the time, how ever - the correctness is only 95%.
  But assp is able to use HTML::Strip or HTML::TreeBuilder, which are powerfull perl modules to parse HTML code nearly 100% correct.
  HTML::Strip and HTML::TreeBuilder are getting there best result, if the full HTML code is provided. In case you select any of the both modules,
  it is recommended to set MaxBytes to 50000 (be carefull on heavy load systems - spam bomb regular expressions will take longer using 50000!).
  HTML::Strip is the fastest module and the default setting, because it is written in C. If you can not install it, use the buildin or HTML::TreeBuilder.
  HTML::TreeBuilder is the slowest way to parse HTML code, the assp buildin processing is three times faster, HTML::Strip is five times faster than HTML::TreeBuilder.
  If you select any of the perl modules and this module is not installed, fails to load or it returns no content, assp falls back to the buildin code.

 **** Switching from the buildin HTML parser to HTML::Strip a 10% faster rebuildspamdb task is expected (for MaxBytes = 50000).
 **** HTML::Strip improves the word processing for Bayesian and HMM, because of a much better language detection in the word stemming engine.
 **** SpamBombs will work more accurate, if HTML::Strip is used

  To provide any of the perl modules HTML::Strip and HTML::TreeBuilder you need to install them using PPM or CPAN.
  The mod_inst.pl and mod_inst_ocr.pl got an update to version 2.03 to install both modules.
  
  ASSP_AFC.pm version 4.60 is available. It got an improvement by an 40 seconds timeout watchdog ($ASSP_AFC::maxProcessTime), to prevent stucking workers.
  

2017-08-31
fixed in assp 2.5.5 build 17243:

- if two email addresses were defined in the from: header tag - like: from: dummy@localdomain.com <sender@senderdomain.org>
  the first address was used by assp instead of the right second. This made spam detection difficult and caused the DKIM check to fail.
  
  
added:

- 'UserAttach' got an enhancement - it is now possible to define and use regular expression templates as well as rule templates
  - the GUI is changed
  .....
  block=> rules cause specific file types to be blocked (but does not block the others).
  good=> rules block all file types except for those specified in the rule.
  ....
  
  It is possible to define templates (see the preceding single tilde ~ ) for extension regular expression and to use them in any entry at any place
  (except other extension regular expression templates) - like:
  
  ~executables => cmd|com|cpl|exe|exe\-bin|lnk|pif
  ~scripts => js|pl|ps1?|sh|vb[es]?|wms|ws[cfh]
  user1@domain.tld => block => ~executables|~scripts|mht|ms[cipt] , block-in =>:MSOM , block-out => :CERTPDF
  [allDomains] => block => ~executables|:CSC
  
  Extension regular expression template names have to start with a single tilde. Allowed name characters are A-Z, a-z, 0-9 and underscrore.

  It is also possible to define rule templates and to use them in combination with any other rule definitions or rule templates.
  Rule templates starts with two tilde (~~template). Allowed name characters are A-Z, a-z, 0-9 and underscrore. For example:
  
  ~~commonRule=>block=>~executables|~scripts|xls,block-in=>:MSOM,block-out=>:CSC
  ~~devRule=>~~commonRule=>block-out=>:WIN|:ELF
  ~~allowALL=>good=>*
  *@domain.com=>~~commonRule
  [IT]=>~~devRule
  user@domain.com=>~~commonRule,~~anySecondRule,~~anyOtherRule=>block=>~anyExt,block-in=>~otherExt|xls|--doc
  
  Notice the leading -- in front of the --doc regular expression in the last example. The -- removes all occurences of this regular expression from the resulting entry,
  here from block-in.
  ASSP will resolve all extension regular expression templates and all rule tempates and will combine them all in to one resulting user attachment rule.
  ASSP will throw a warning, if a rule template is define multipe times - like: *@domain.com=~~commonRule,~~devRule - here ~~devRule already contains ~~commonRule
  It may happen, that the resulting attachment rule contains one or more extension reglar expressions multiple times - this is harmless, but try to prevent it.
  ....
  
  


2017-08-11

assp 2.5.5 build 17223 is released



2017-08-04
fixed in assp 2.5.5 build 17216:

- ASSP_AFC 4.58 : too long filenames (>255 byte in a part) are now a fault and handled as a detected virus

- if 'ccMaxBytes' was set, the stored .eml file was also trunked to 'maxBytes', even 'StoreCompleteMail' was set to a higher value.




2017-07-31
fixed in assp 2.5.5 build 17212:

- angles were missing in the MSGID in blockreports

- assp has done an unexpected restart after the perl auto-perl-module-upgrade, if the rebuild spamdb process was started while the perl auto-perl-module-upgrade was running

- ASSP_AFC 4.56 is released
  - better fallback handling if an extraction methode fails 
  - a new hidden configuration option 'skipLockyCheck' was added (default value is 0)
    if this parameter is set - the detection of zeroday ransomeware JS viruses will be disabled 
# *************************************************************************************************
# skipLockyCheck may be overwritten in lib/CorrectASSPcfg.pm like:  $ASSP_AFC::skipLockyCheck = 1;
# setting this value to any other than zero or undef is HIGHLY NOT RECOMMENDED !!!!
# *************************************************************************************************

changed:

- enhanced SNI support - examples are show in the GUI at 'SSLWEBConfigure' - it is now possible to configure SNI for each listener definition differently

- the code of assp.pl is now compliant to perlcritic severety 4

- improved SPF error output



2017-07-16
fixed in assp 2.5.5 build 17197:

- in case a mail was received from a whitelisted sender, the penalty white update was incorrect and caused ghost handles and memory leaks



2017-07-03
fixed in assp 2.5.5 build 17184:

- changing the webAdminPassword (root) caused some times an exception in Crypt::GOST, because of empty secured files

- a wrong error text was shown in case of an LDAP setup or runtime error

changed:

- the funtionality and the description of the LDAP feature in 'Groups' is improved
  more examples are provided and a small syntax check for the LDAP definition is implemented 





2017-06-25
fixed in assp 2.5.5 build 17176:

- it was possible that assp has blocked 100% well known good NDR (because MSGID tagging is used) by any check
  if a valid ASSP-MSGID-Tag is found in a NDR (No Delivery Report), the mail will be delivered (possibly tagged).
  


2017-06-21
fixed in assp 2.5.5 build 17172:

- a typo in a parameter name has prevented a valid SNI configuration from working
  'webSSLRequireCientCert' is change to 'webSSLRequireClientCert' - the old value will be converted

- SNI is now supported for SSL-listeners and TLS connections (SSLWEBConfigure , SSLSTATConfigure , SSLSMTPConfigure)

- BlockReports were not working for all envelope recipients because of missing log lines

  

changed:

- the description of 'SSLWEBConfigure' is changed - a SNI configuration example was added




2017-06-18
fixed in assp 2.5.5 build 17169:

- under certain conditions the final 'QUIT' command was recorded to the end of the  .eml files

- some files were not collected

- under certain conditions spams were not forwarded as configured

- the wrong default value for 'EmailFrom' is corrected from '<spammaster@yourdomain.com>' to 'spammaster@yourdomain.com'

- a HTML mistake in the top10 page is corrected




changed:

- a new set of top menu icons are available

- the default value of 'ccMaxBytes' is changed from set to unset





2017-06-07
fixed in assp 2.5.5 build 17158:

- ASSP_AFC.pm 4.55 is released. It provides failover mechanism, if libarchive fails to extract because of character conversion errors.

- improved LDAP error reporting in maillog.txt

- improved import speed (from several hours to less than 3 minutes) for Global PenaltyBox entries if a RDB (eg.mysql) is used for 'pbdb'

- improved speed for maintenance tasks for all RDB tables

- improved speed for database record-by-record imports (eg. bulk import fails or is disabled)



changed:

- BCC addresses are now detected in outgoing mails

'AddIntendedForHeader','Add Envelope-Recipient Header','0:disabled|1:outgoing|2:incoming and local|3:all',
 Adds (according to the setting) a line "X-Assp-Envelope-From: user@domain" for the envelope sender and a line "X-Assp-Intended-For: user@domain" for each
 envelope recipient to the email header of the mail stream.
 The "X-Assp-Intended-For:" header will not be added for Blind Carbon Copy (BCC:) addresses in outgoing mails, to keep them hidden from external readers.
 BCC addresses are those listed in the BCC: header and - those that are envelope recipients, but not listed in the TO: and CC: header.
 'incoming and local' is the default and recommended.
 Setting this option to any other value than 'disabled' may be required for reporting, analyzing, resend and some other features to work like expected.
 If not set to 'disabled', both header lines will be added for all emails (all addresses - incl. BCC) to all collected .eml files.




2017-05-31
fixed in assp 2.5.5 build 17151:


changed:

AddIntendedForHeader is switched from a checkbox to a listbox in the GUI to support additionally options

'AddIntendedForHeader','Add Envelope-Recipient Header','0:disabled|1:outgoing|2:incoming and local|3:all'
 'Adds (according to the setting) two lines to the email header: "X-Assp-Intended-For: user@domain" and "X-Assp-Envelope-From: user@domain".
 If not disabled, both header lines will be added for all emails to all collected .eml files.



changed:

- ASSP_AFC.pm version 4.52 is released. 
  This version is able to detect maliciouse executable code in PDF attachments
  The following blocking exception can be configured in blocking levels and 'userAttach'
  
 :PDF - adobe PDF file with embedded executable code or microsoft office macros files, JavaScript and bad URIs
  (using the :PDF exception is not recommended as this will disable all PDF executable scanning)
 :CERTPDF - certificate signed adobe PDF file
 :JSPDF - adobe PDF file with JavaScript inside - notice: well known malicious JavaScript combinations will be blocked,
  even this option is defined
 :URIPDF - adobe PDF file with URIs to download exeutables from the web or to open local files
  


2017-05-17
fixed in assp 2.5.5 build 17137:

- Several Perl distributions misses the module Digest::SHA1, which prevent assp from starting.
  To compile the code and to check the code integrety assp is now able to use other SHA modules alternatively.
  How ever, Digest::SHA1 is required by several other modules and is installed by the asp modules installer.

- improved MIME word decoding and other minor code improvements




2017-05-09
fixed in assp 2.5.5 build 17129:

- since build 17114 the logging of short mails (shorter than 'maxBytes') was unexpected skipped



2017-05-08
fixed in assp 2.5.5 build 17128:

- setting 'checkFilePermOnStart' to ON if assp was running as root caused file permission warnings like:
  Owner id of file ...... is 501 - should be 0 
  The setting of 'checkFilePermOnStart' is now ignored, if assp is running as root.

- if a flat file was used for the BackScatter-DNS option, on fast systems an "Illegal division by zero" happens
 ... [Worker_10000] Error: Worker_10000: Illegal division by zero at sub main::mergeBackDNS line 58, <$f> line 1004.



2017-05-07
fixed in assp 2.5.5 build 17127:

- If a domain entry was removed from 'localdomains', the temporary domain enries in 'ldaplistdb' were not corrected.
  This caused in some cases, that the removed domains were detected as local local domains until a LDAP crosscheck
  was forced. The obsolete domain entries are now removed from ldaplistdb if 'localdomains' is changed. How ever,
  to remove outdated email addresses from ldaplistdb, a 'forceLDAPcrossckeck' must be sheduled manually after removing
  a domain from 'localdomains' 



2017-04-24
fixed in assp 2.5.5 build 17114:

- forwarding spam mails depends no longer on collecting the mail

- the 'ExportMysqlDB' function provides now the creation of a support summary

changed:

- the default value of 'StoreASSPHeader' is changed to 'ON'

'StoreASSPHeader','Store Assp-Header into Spam Collection'


2017-04-18
fixed in assp 2.5.5 build 17108:

- the assp headers in a forwarded spam mail were not updated, if the mail was blocked by a Plugin or DKIM full check



2017-04-13
fixed in assp 2.5.5 build 17103:

- RFC2231 UTF-8 encoded attachment file names caused a warning about "Wide character" usage 
  "Warning: unable to encode string to base64 - Wide character in subroutine entry at sub main::assp_encode_B line 4."



2017-04-12
fixed in assp 2.5.5 build 17102:

- ASSP_AFC.pm version 4.47 fixes an internal UTF8 encoding problem for the reply and the maillog.txt in a very special case
  "Warning: unable to encode string to base64 - Wide character in subroutine entry at sub main::assp_encode_B line 4."

- the import/merge of the Backscatter DNS-file was very slow if 'pbdb' used a external database engine (like mysql),
  the merge is now finished in less than 10 seconds
  
- if an admin requested the resend of a virus infected mail, the maintthread (10000) was running to an endless resend loop

- if a client announced the mail size in the 'mailfrom:' command and the size reached the npSize value, it was possible that
  the noprocessing flag was set to a wrong priority, which caused skipping all checks, instead of skipping only the body content checks
  


2017-03-14
fixed in assp 2.5.5 build 17073:

- perl 5.24 is no longer experimental, it can be used for production

- released for public usage


2017-03-01
fixed in assp 2.5.5 build 17060:

- ASSP_AFC v4.46 fixes a problem where mail above 'npSize' were not processed by the plugin

- the description of 'UserAttach' in relation to the level definitions was wrong
...   This feature replaces all of the above level definitions, if at least one valid 
      (not zip:... from the ASSP_AFC Plugin) attachment blocking or allow rule is found for the sender or
      recipient of a mail!.....

- the PTR and MX record check returned 'OK' if a non authoritive DNS-Server answer has set the 'SERVFAIL'
  error flag in case a record was not found. The checks fail now if this happens.
  

added:

'DoReversedSPFOK','Do Reversed Lookup for SPF passed Mails'
'Do reversed lookup also for mails that have passed the SPF check. Default is unchecked.
Which means, that the PTR check will be skipped, if the mail has passed the SPF check'



2017-02-19
fixed in assp 2.5.5 build 17050:

- sender addresses with leading '*' (like: *user@domain.com) caused a LDAP query error

- warings about a possibly incorrect setting for the GID in the filesystem are now only shown
  if 'MaintenanceLog' is set to diagnostic
  

changed:

- '^\*' is added to the default value of 'bombSenderRe'

  

2017-02-12
fixed in assp 2.5.5 build 17043:
  
changed:

- folder and file permissions on nix systems are only set at startup, if they are not meet the minimum
  required permission (and owner)
  

2017-02-05
fixed in assp 2.5.5 build 17036:

- the TopTen statistics were somehow inconsistent - 24 hours after an upgrade to this version
  all mistakes will be corrected

- if the Perl-Module autoupdate was unable to update a large module distribution (for example Moose) the update
  process has taken a very long time
  
- ASSP_WordStem.pm version 2.02 is released
  It was possible, that a language, which can't be stemmed (eg. no stemmer module available), was primary
  detected - but an alternative language with a similar probability was available.
  For example: primary detected BG (Bulgarien) 34% - secondary detected RU (Russian) 29%
  In this case, the alternative.language is now used to stem words.



2017-01-26
fixed in assp 2.5.5 build 17026:

- If 'runAsUser' and/or 'runAsGroup' were used on a nix OS, it was possible that assp has created folders and
  files at startup as 'root', which became unaccessible to the switched user/group. This caused unexpected behavior 
  in several functions and checks. Some files may caused crashes.
  Now, if any of 'runAsUser' or 'runAsGroup' is configured, assp corrects the owner id, group id and the permission
  of all created folders and files before the process is switched to the configured user/group.
  
NOTICE:
  This does NOT replace the requirement to run 'chown -R user:group *' for the assp folder before the next start,
  if any of 'runAsUser' or 'runAsGroup' was changed!
  Instead of running this command, setting 'setFilePermOnStart' to ON, will do the same at the next startup.
  BUT !!! - depending on the count of corpus files, this startup may take very much longer than expected!

changed:

- the code integrity check failed, if the first line of assp.pl was changed to use another perl interpreter



2017-01-22
fixed in assp 2.5.5 build 17022:

- IPv4-compatible IPv6 address (::0:IPv4) and IPv4-mapped IPv6 address (::FFFF:IPv4) were not
  processed as IPv4 addresses in some check engines - so some IP checks were not working in this case

- large reduce of memory usage and much less leaked memory for the Perl module autoupdater -
  most of the upgrade functions are moved in to a new process 

- the rebuild spamdb task has not ignored DMARC reports, which was leading in to wrong HELO database entries

changed:

- if a database parameter (for example : whitelistdb) is changed from a filename to 'DB'
  the used file is copied to the importdb folder, to provide an database import at the next assp start



2017-01-13
fixed in assp 2.5.5 build 17013:

- the mobile GUI view was no longer working

- incoming DMARC reports were no longer detected

- the automatic perl module update function was not working in Service/AsADaemon mode using CPAN,
  if newer CPAN modules were installed
  
- the new browser history function in the GUI was only working in browsers with a webkit available 

- the IP-address links in the top-ten statistic were not working in every case


changed:

- 'noModuleAutoUpdate' is changed from a checkbox to a multi value option

'noModuleAutoUpdate','No Automatic Perl Module update',
'0:no skip - update all | 1:skip all | 2:skip installed but not used by assp'
'If set, ASSP will skip the automatic Perl module update for the selected.
  On NIX systems this value is ignored, if runAsUser is used!
  The automatic perl module upgrade is only done, if assp is running as OS user 'root'.



2017-01-05
fixed in assp 2.5.5 build 17005:

- the assp.pl autoupdate feature was STILL somehow brocken after 2.5.3 build 16363

  
added:

- copy ham, copy spam and the resend feature have failed, if the 8BITMIME SMTP-extension was required by the
  mail content, but were not announced by the MTA
  the hidden configuration parameter 'CCignore8BitMIME' is added to ignore this issue - default is '0'
  $main::CCignore8BitMIME = 0; 
  # (0/1) CCham, ForwardSpam and resend will ignore a missing 8BITMIME extension


- copy ham, copy spam and the resend feature have failed on some MS-Exchange MTA's, because duplicate mails
  (Message-ID, Date [, To]) were silently delete by the Exchange SPAM protection
  If this parameter is set to '1', the 'Date:' headerline will be changed to the current action time.
  default is '0'
  $main::CCchangeMSGDate = 0;
  # (0/1) change the date: header on CC.. ForwardSpam and resend - MS-Exchange may require this,
    because duplicate mails may removed silently
  


2017-01-04
fixed in assp 2.5.5 build 17004:

- the assp.pl autoupdate feature was somehow brocken after 2.5.3 build 16363


2017-01-02
fixed in assp 2.5.5 build 17002:

There are no functional changes in this release!

- code changes to prevent several perl warning at startup and compile time
  for the same reason ASSP_AFC, ASSP_OCR and ASSP_FakeMX got an update to the next minor version number 2016-12-31
fixed in assp 2.5.5 build 16366:

- improved handling of the internal caches

- some minor GUI changes

- improved attachment level handling


2016-12-23
fixed in assp 2.5.3 build 16358:

- some minor changes to prevent perl warnings

changed:

The GUI got a new design. ASSP will try to download and to install the updates contained in the images folder.
If this fails, please download and extract 'images/images.zip' manualy.

the major changes are: 

- several hard coded CSS styles are moved from assp.pl to images/assp.css
- extended context help in the GUI 
- top menu with icons and more functions - simply move the cursor over the icons for information 
- left top menu with icons - simply move the cursor over the icons for information 
- the GUI records the last 20 user actions in a history cookie - the history can be accessed from both top menus and can be used as short link 
- the left menu expands at mouseover 
 
 
2016-12-12
fixed in assp 2.5.3 build 16347:

changed:
- improved 'DoNoFrom' check - the existence of the email address in the FROM: header line is now also checked


2016-12-08
fixed in assp 2.5.3 build 16343:

- the attachment detection is optimized
  attachments will be detected, even in malformed MIME parts - ASSP_AFC 4.44 implements the same fix

changed:

- equal DNS server definitons are now eliminated internaly


added:

- ASSP has now a buildin code integrity check.
  It will fail to start, if the code integrity check fails.
  To start a changed assp.pl code, the commandline switch
  
  nointchk:=1 
  
  must be used or the internal integrity signature must be updated.
  The autoupdate feature also checks the code integrity of the new assp.pl script - if this
  check fails, the autoupdate will be skipped.
  The current code integrity status is shown in the 'server information' GUI page at 'Info and Stats'.
  


2016-12-06
fixed in assp 2.5.3 build 16341:

- this build and ASSP_AFC version 4.43 fixes a problem, were the last MIME part of a multi multipart
  MIME mail was not detected - most times this was an attachment

- an IPv6 peer was ignored by the configuration sync feature

- the MXA check failed, if the MX had only an IPv6 address/host defined

- Blockreport request forwarding was not working, if the target host was an IPv6 only host

- if SSL: was defined for a Blockreport forwrding target and the port was not defined
  assp may has been used the wrong target port 25 instead of 465
  
  
changed:

- syslog now supports the usage TCP instead of UDP, if this is needed

- syslog now supports IPv6 target hosts

  

2016-12-05
fixed in assp 2.5.3 build 16340:

changed:

- purr:// is now a valid protocol definition in URIBL

- enhanced obfuscated IP (v4 and V6) address detection in URIBL
  for example: 0x9A3F0800CEBF9E37 or 0xCE.191.0236.0x37
  URIBL fails, if such an obfuscated IP is detected, even the configured HIT's are not reached 

- better error detection and maillog output, if the user address verification using VRFY does not work

- assp bypassed several checks, if the RWL (DNSWL) check reported a medium trust level
  this is now only be done, if the reported RWL trust level is the highest (3)

- more functional implementation of lists.dnswl.org and equivalent local RWL providers

'RWLServiceProvider','RWL Service Providers*'
 Host Names of RWLs to use separated by "|".
 Examples are:
 list.dnswl.org|query.bondedsender.org|cml.anti-spam.org.cn|iadb.isipp.com|hul.habeas.com 
 
If you use a local provider of the list.dnswl.org zone, your local provider zone name has to contain 
'list.dnswl.org' - for example: list.dnswl.org.yourdns.local
 because list.dnswl.org provides special return codes (127.0.X.Y)
 where X defines the category and Y the trust value!
 
For list.dnswl.org or any equivalent local provider, it is possible to override the reported trust value based
on the reported category. To do this, use the following syntax in the service provider definition:
 serviceprovider:category=>trust_value[,category_from-category_to=>-trust_value][,*=>+trust_value]
 * is used, if no other match is found. Any or all categories may be defined for the override. If no override
 is found for a category, the reported trust value is used.
 + and - are math operations to the reported trust value.
 
The currently by dnswl.org provided categories are:
 2 = Financial services
 3 = Email Service Providers
 4 = Organisations
 5 = Service/network providers
 6 = Personal/private servers
 7 = Travel/leisure industry
 8 = Public sector/governments
 9 = Media and Tech companies
 10 = some special cases
 11 = Education, academic
 12 = Healthcare
 13 = Manufacturing/Industrial
 14 = Retail/Wholesale/Services
 15 = Email Marketing Providers
 
 The returned trust values by list.dnswl.org are:
 0 = none
 1 = low
 2 = medium
 3 = high
 
 override example: list.dnswl.org:15=>0,2=>+1,5=>-2
 For list.dnswl.org set the trust for category 15 to zero regardless the reported trust value, increase the trust value by one for category 2 and decrease the trust value for the category 5 by 2.
  

2016-11-20
fixed in assp 2.5.3 build 16325:

- libarchive was some times unable to decompress multibyte charset filesnames - ASSP_AFC 4.41 solves this

- improved handling of the ESMTP SIZE extension
  if 'maxSize' and/or 'maxSizeExternal' is configured:
  - SIZE is announced in the EHLO reply if the MTA does not
  - the SIZE value is changed, if the assp limits are lower than the MTA announcement
  - an additional check for all SIZE limits is done after the DATA command is received

- MIME uuencoded filesnames of attachments were wrong or not decoded in some cases 
example : filename*=GB2312''My%20own%A1%AF%20Annual%20Report%202016.pages



2016-11-13
fixed in assp 2.5.3 build 16318:

- the encrypted configuration export caused an endless loop, if an include file was used in a secured
  configuration file

- a 'Wide character in syswrite' exception may caused worker restarts in some cases


changed:

- design improvement for the left 'search index' in the GUI - two new icon files are available

images/nosearchIcon.png  
images/searchIcon.png  



2016-11-09
fixed in assp 2.5.3 build 16314:

- This build and ASSP_AFC.pm version 4.40 solves a problem, where attachments are not detected, if the
  'Content-Disposition' header is (faulty) missing in the mail.
  
- depending on the configuration it was possible that orphaned connection data were detected and removed
  'ghosthandle detected' was logged
  


2016-10-28
fixed in assp 2.5.3 build 16302:

- if the connection to a peer used SSL/TLS and
 - a mail was larger than the maximum SSL-send-buffer-size
 - and 8BITMIME was enabled and used with any charset
 - or the mail was malformed encoded in any part
 - or a regex match contained UTF8 multibyte characters and the result was added to the X-ASSP headers
 - and also some other rare cases
the IO-byte-count provided by IO::Socket::SSL and the IO-buffer-content recalculation done by assp was inconstent.
This may have caused malformed 8BITMIME mails and destroyed attachments.

- after an upgrade of ASSP to the latest version without upgrading the perl modlues to the recommended version
  for example Net::DNS::Question::name is missing and causes an exception
  ASSP is changed to use Net::DNS::Question::qname, which is also available in older versions of this module!
  HOW EVER, it is strongly recommended to keep ALL used perl modules at least at the recommended version level

changed:

'ExportMysqlDB','export all tables from the database and plain hash files'
......
......
 If possible, assp will compress the config files, option files and the AdminUsersRight and AdminUsers to 
 the file 'config.zip' in the  "exportDBDir" directory
 If possible, assp will encrypt the config.zip to config.zip.aes using openssl or Crypt::CBC.
 To decrypt this file, use the OS commandline:
 
 openssl enc -d -aes-256-cbc -in config.zip -out config.zip.aes -pass pass:PASSWORD
 
 NOTICE: The password / key, used for the export encryption function, may change at the next assp start
 or if the assp.cfg gets an external update! Record the password after each export!
 
 
 2016-10-20
fixed in assp 2.5.3 build 16294:

- some 5XX replies in the handshake part of a SMTP connection were some times ignored and not sent to the client 
 

2016-10-17
fixed in assp 2.5.3 build 16291:

- unexpected changes of 'useNetDNS' were logged
  because Net::DNS is required to be installed, the setting of 'useNetDNS is ignored 
  

2016-10-16
fixed in assp 2.5.3 build 16290:

- uncleaned DNS UDP sockets may caused a file descriptor overload in perl. This caused assp to become
  unresponsive for IPv4 on some linux/mac systems. This applies to Net::DNS 1.03 and higher.

- STARTTLS with Net::SMTP was not working in every case - assp has shown an error
....Undefined subroutine Net::SMTP::starttls at sub main::email_send_X line 41 ....


changed:

'PerformanceLog','Enable Performance logging' - is removed from configuration dialogs, it is no longer used


2016-10-08
fixed in assp 2.5.3 build 16282:

- on some systems assp was unable to retrieve the system TCPsend and TCPreceive buffer size

changed:

- 'exportDBDir' and 'ExportMysqlDB' are now stored encrypted and only visible to 'root'

- 'ExportMysqlDB': the export function is changed

'ExportMysqlDB','export all tables from the database and plain hash files'
 All tables of the database and all plain hash files will be exported to the "exportDBDir" directory.
 Please define the directory above, before using the export function!
 In addition the running configuration and all encrypted option files in use will be exported.
 If you plan to upgrade the OS or perl, or you plan to move to a new system or a different OS - 
 it is recommended to do an export first!
 NOTICE: both encrypted tables/hashes, AdminUsersRight and AdminUsers, will be exported unencrypted
 (eg. in plain text), the same applies to the exported configuration file and the exported option files!

- The 'EnableHighPerformance' GUI text is changed to:

If set, the SMTP-Worker-Threads will get new pending connections faster - 
using less wait states. The speed to interrupt the workers by the 
MainThread is increased. Using this feature will increase the CPU usage of 
the system! An too high setting, may lead in to stuck workers, or in worth 
case, in to a much lower perfomance.
  <AND IN RED>
If there is any doubt about this setting, leave this feature off!

- the database import function now allows to import unencrypted exports of AdminUsersRight and AdminUsers

- using local language filenames for option files is now also possible on windows


added:

the hidden config variable is added - default is 1
our $removePersBlackOnAutoWhite = 1;     
# (0/1) remove the PersBlack entry for autowhite addresses in outgoing mails



2016-10-06
fixed in assp 2.5.3 build 16280:

- if a hostname was used in an IP list, this hostname was not resolved at startup

- improved thread handling to prevent connection transfer problems from the MainThread to the Workers

- the [NWLI] option for weighted regular expressions was not working in every case like expected

- the configuration sync failed, if an existing empty file was changed

- if a hostname was removed from an IP list and other hostnames were used in other configuration
  parameters, the time to relaod the configuration was not changed based on the remaining hostname TTL's
  
   

2016-10-03
fixed in assp 2.5.3 build 16277:

changed:

- for all SSL/TLS connection a 'read ahead' mechanism is implemented to speed up mail processing
  for small SSL-frame size (< 8kB) - at least by ten times

added:

- 'neverQueueSize','Never internaly Queue Mails larger than this Size'
 Default is 20971520 (20MB) - lowest possible value is 1000000. 
 Any mail that is announced to be or grows larger than this size in byte, will not be queued for actions 
 and checks that requires the complete mail to be internaly queued.
 skipped actions are: DKIM signature generation and charset conversions
 skipped checks are: all Plugins in level 2 (complete mail) and the full mail DKIM check
 Please also check npSize and npSizeOut.

removed:

- the hidden config parameter 'neverQueueSize' is now moved to the GUI

- 'OutgoingBufSizeNew' is removed from the code


2016-09-26
fixed in assp 2.5.1 build 16270:

- some not required code is removed from the outqueue processing

- spamlover score overrides for low-limit and limit were ignored by failed Plugins

- performance optimizaton for large mails

- the automatic creation of empty option files has shown a wrong file path in maillog.txt

- the new return values '56' and '57' provided by senderbase.org are no longer causing a warning in assp


changed:

- If the usage of AUTH is forbidden for amy reason for incoming connections, but the AUTH command is used,
the message and IP is scored with 'autValencePB'

- An microseond timestamp is added to all debug lines.

- the maillog.txt lines for closed connections are expanded by some more information

- the values 25 and 50 are added to the max. result count selection in the MaillogTail dialog


added:

- hidden parameter to disable the RFC2047 check completely
our $disableRFC2047 = 0;
# (0/1) disable the RFC2047 check - undecoded subject contains non printable characters


2016-09-12
fixed in assp 2.5.1 build 16256:

- the X-ASSP-DKIM: header line was not added in every case

- adding our header lines may has destroyed attachments


changed:

- the default (IO::Socket::SSL) version and cipher are now shown in the GUI
  These defaults will be used, if SSL_version and SSL_cipher_list are unconfigured (empty)

- a recommendation is given, if the perl module Convert::Scalar is not available

- if ConnectionLog is set to verbose or diagnostic, the size of the allocated memory for the mail is show
  in maillog.txt
  
  

2016-09-06
fixed in assp 2.5.1 build 16250:

- on a new installation, the path to the HMMdb was wrong set by assp, even 'spamdb' was correctly configured

- assp has some times thrown warnings about 'wide characters' in calls to the MIME encoding routines

- code compilation has been failed or runtime exception occured on Perl 5.24.0
  assp can now be used together with Perl 5.24.x

- some times the database caching engine has retured wrong values, if 'DBCacheSize' was set to a value > 0
  
- if 'SyslogFormat' was set to 'rfc5424', the UTF-8-BOM (byte order mark) was missing in the message send to
  the syslog server

- under rar conditions it was possible, that a single or the first of multiple base64 encoded attachments
  were destroyed, because some bytes were missing
  this was mainly happen on SSL/TLS connections

changed:

- the default value of 'IOEngine' is changed from 'IO::Poll' to 'IO::Select' for all Strawberry Perl version on
  windows
  IT IS RECOMMENDED to change this configuration parameter to 'IO::Select', if you use this perl distribution
  on windows

- the used perl version (like 5.020000) is now removed from the spamDB and HMMdb version string

- the perl module 'Mail::SPF::Query' (perl SPF V1) is no longer loaded per default on new installations
  for existing installations it is recommended to disable 'useMailSPFQuery' in the configuration 

- if any configuration option is configured to use a file (file:files/name.txt) or an included file, 
  an empty file is now created automatically - until now a warning was shown in the maillog.txt,
  that the file is missing



2016-08-23
fixed in assp 2.5.1 build 16236:

- 'SysLogFac' was ignored by assp

changed:

- if 'strictSPFRe' ('blockstrictSPFRe') was set and detected and there was a DNS error or no SPF record was defined
  the mail was scored or blocked, this is no longer the case, instead a warning is written to the maillog.txt

- if 'strictSPFRe' ('blockstrictSPFRe') is set and is detected, DNS queries are done without any SPF processing
  limits

added:

- the syslog format can now be setup using the hidden configuration parameter 'SysLogFormat'
our $SysLogFormat = '';
# possible values are '' , 'rfc3164' and 'rfc5424' - '' is default



2016-08-20
fixed in assp 2.5.1 build 16233:

- the MIME encoding of some notification emails was wrong

- copying over a backup assp.cfg, which contained a different 'webAdminPassword', destroyed the resulting
  configuration
  
- attachment with no filename extension were blocked





2016-07-25
fixed in assp 2.5.1 build 16207:

- the connection screen has some times shown orphaned connection data

- the Mail::SPF version 2.008 has done lookups using the DNS 'SPF'-type first, which caused DNS timeouts

- assp was not following truncated UDP DNS answers using TCP connections

- an unexpected exeption was thrown. if the connection to the ClamAV daemon has been failed
  this is change to LOG only 

- under certain conditions the RBL-cache was not cleanedup, if the RBL service providers were changed


changed:

'noDKIMAddresses','Do not any DKIM Check for these Addresses *'
  Mail from or to any of these envelope addresses will not be tagged and checked for DKIM.
  Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).
- changed from: Mail from any of these addresses ....
- changed   to: Mail from or to any of these envelope addresses ....

- the recommended version of Mail::SPF is change to 2.009


added:

- the hidden parameter 'DKIMpassAction' is added to be able to define action on successfull DKIM verifications
until now the the action was the same like the default value (7) - all three action
$DKIMpassAction = 7;                 
# (0..7) if DKIM pass: bit-0 = set rwlok, bit-1 = skip penaltybox-check, bit-2 = set IP-score to zero 


2016-06-25
fixed in assp 2.5.1 build 16177:

- customized language files wre not processed correctly

version published

2016-06-22
fixed in assp 2.5.1 build 16174:

changed:

- 'TCPBufferSize' is moved to the 'Server Setup' section of the GUI
- the maximum value for 'TCPBufferSize' is changed to 9999999 byte

- the ASSP_AFC plugin 4.31 supports an option file 'assp/Plugins/nodecompress.txt', which allows
  the definition of file extensions, that should be ingnored by the decompress engine
  

2016-06-06
fixed in assp 2.5.1 build 16158:


added:

'TCPBufferSize','TCP and SSL Read/Write Buffer Size'
  'Define the buffer size in byte used for TCP- and SSL socket read and write operations - defaults to empty.
  Any or all of the following four values can be defined:
  
  tcprcv - TCP receive buffer size
  tcpsnd - TCP send buffer size
  sslrcv - SSL receive buffer size
  sslsnd - SSL send buffer size
  
  Multiple value definition have to be separated by comma or pipe, like: tcprcv = 65536, tcpsnd = 65536, ...
  Possible size values are 8192-999999 , special value for sslrcv and sslsnd is zero.
  If a value is not specified for tcprcv or tcpsnd, the according TCP buffer size reported by the system
  is used - but at least 8192 byte.
  If a value is not specified for sslrcv or sslsnd, a value of 16384 byte is used, which is the maximum 
  size of a single SSL frame of the SSL layer.
  If a value of zero is specified for sslrcv or sslsnd, the according system TCP socket buffer size is used.
  Under normal conditions any setting here will be not required. But, if you notice a bad SSL transmission
  performance in relation to the speed of plan TCP sockets, it may help to set both SSL buffer size to 
  the size of the according system TCP buffer.
  
  like: sslrcv = 0, sslsnd = 0
 


2016-06-01
fixed in assp 2.5.1 build 16153:

- returned report notifications contained some times a wrong MIME encoded subject

- Global PenaltyBox library- and Plugin updates were not working for all files

changed:

- if a module or Plugin was installed/updated by the Global PenaltyBox update, the restart
  recommendation is shown in the ASSP-Status GUI
  


2016-05-31
fixed in assp 2.5.1 build 16152:

- in service or daemon mode, it was possible that some of called system commands used in several features returned
  no output to STDOUT
  ASSP_AFC.pm 4.30, 3.35 and ASSP_OCR.pm 2.21 are updated to solve the same issue
 
- if VRFY was used to verify local mail addresses and the queried MTA replied with a 4XX code (because it was
  unable to process the request), the address was detected as invalid in every case, even 'LDAPfail' was not set
  



2016-05-21
fixed in assp 2.5.1 build 16142:

NOTICE: extensive tests have shown that AMAVIS is incompatbile with ASSP and several other mail servers
        IF you use postfix together with ASSP V2, disable or uninstall the AMAVIS plugin from postfix.
        If enabled, AMAVIS may destroy attachments.


2016-05-16
fixed in assp 2.5.1 build 16137:

- the termination reply, if 'preHeaderRe' matched, was send to the wrong peer



2016-05-12
fixed in assp 2.5.1 build 16133:


- domain validation failed, if the host name of an envelope sender address was valid but
  the domain nearest to the TLD was invalid, like in 'co.delaware.pa.us' where 'delaware.pa.us' is invalid

added:

- the ASSP_AFC Plugin version 4.28 is now able to use 'libarchive' for attachment decompression
  the following modules have to be installed to support 'libarchive'
  Alien::Libarchive
  Archive::Libarchive::XS
  (windows user: install Alien::Libarchive via ppm (repo ASSP2) and Archive::Libarchive::XS via cpan)

- the ASSP_AFC Plugin version 4.28 is now able to decompress attachments with unrar and 7z executables
  the following modules have to be installed to support this decompression modes
  IPC::Run
  Archive::Tar (unrar.exe and 7z.exe are included for windows)
  (NON windows user: install unrar and 7z executables for your OS first)


2016-05-11
fixed in assp 2.5.1 build 16132:

- The correction of wrong line endings like [CR][CR][CR] was not working correctly and caused some times a
  a SMTP syntax error 50X at the end of a SMTP session. It is possible, that the same issue caused destroyed
  attachments and SMTP timeouts.


2016-05-09
fixed in assp 2.5.1 build 16130:

- long running task in the maintenance thread were not ending if assp was in shutdown mode

- unexpected terminated or incomplete web or stat sessions caused a warning to be logged
  Warning: MainThread found socket without SocketCalls!

- if the mail data of a notspam mail were fully sent and correctly terminated by [CR][LF].[CR][LF] -
  but for any reason the SMTP session was not terminated by the QUIT command, the .eml file was removed by assp


changed:
'EmailVirusReportsTo','Send Virus Report To These Addresses',
'If set, an email containing the Message ID, Remote IP, Message Subject, Sender email address, Recipient
 email address, and the virus detected will be sent to these addresses. For example: admin@domain.com .
 It is possible to define multiple addresses separated by pipe (|) e.g: admin@domain.com|virusalert@domain.com .
 In addition, a leading 'IN:' or 'OUT:' can be specified in front of each address for incoming or outgoing/local
 mails. e.g: commonvirusalert@domain.com|IN:inboundvirusalert@domain.com|OUT:localvirusalert@domain.com
 The literals 'USER' and 'DOMAIN' will be replaced by the user part and domain part of the sender
 for outgoing/local mails and the recipient for incoming mails.


2016-04-26
fixed in assp 2.5.1 build 16117:

- if the low ports 0-1023 were resticted by the OS for the assp user, the send- and receive buffer was set
  too low, which caused high CPU usage

- if 'DoDKIM' was set and a mail has passed the DKIM body check, the .eml file was moved to the 'notspam'
  every time, even the mail was blocked or OK before
  

changed:

- 'debugCode' is now stored encrypted in the configuration



2016-04-20
fixed in assp 2.5.1 build 16111:

- some header lines were missing in virus admin reports

- failed write operations on SMTP sockets caused a high CPU load on some systems

- if a postfix (amavis) was used as MTA, mails were received in some cases with destroyed attachments


2016-04-15
fixed in assp 2.5.1 build 16106:

- the header tag 'X-Google-DKIM-Signature:' was detected as valid DKIM signature

- a config sync request was some times processed twice (by each high worker)




2016-04-13
fixed in assp 2.5.1 build 16104:

- ASSP_AFC.pm 4.26 and 3.34 fixes a problem where the replacement of bad attachment part was not working
  if the attachment was a subpart of an alternative/mixed MIME structure
  

- globalized file listing was not working on some nix systems - BlockReports were possibly no longer working

   
- removed several limitations for Spam/Ham and Analyze Reports because of 'MaxBytesReports'


changed:

the following is removed from the configuration:

'MaxBytesReports','Error Max Bytes'
How many bytes of an error report message will ASSP look at.
 
 
 
2016-04-09
fixed in assp 2.5.1 build 16100:

- assp fails to start with an error
  "setting up modules....Can't call method "VERSION" on an undefined value at sub main::init line 312."
  if the ClamAVd is not available.



2016-04-06
fixed in assp 2.5.1 build 16097:

- the 'DoRFC822' failed, if the host name of a envelope sender address was valid but
  the domain nearest to the TLD was invalid, like in 'co.delaware.pa.us' where 'delaware.pa.us' is invalid



2016-04-05
fixed in assp 2.5.1 build 16096:

- improved performance for high workload systems

- better garbage detection for the HMM and Bayesian engine



changed:

- if a message is scored in SMTP-handshake and/or header and noprocessing and/or whitelisting is detected
  in the body check, the message scrore is reduced to prevent false positives




2016-04-02
fixed in assp 2.5.1 build 16093:

- stored files were scanned for viruses even 'ClamAVLogScan' was set to 'scan resend folder only'

- some file action on unicode filenames caused a SEGV on some systems


changed:

- the default values for 'FileLogScan' and 'ClamAVLogScan' are changed from
  'scan resend folder only'(1) to 'scan resend folder and collected files'(2)
  
- it is now posssible to define more than one ClamAV-Host (AvClamdPort) 
  .....
  It is possible to define multiple hosts to balance the workload - define them separated by pipe (|) 
  - example: clamhost:3310|192.168.0.1:3310
  If multiple hosts are defined, they are used in a random round-robin mode.
  
- if early SMTP-handshake checks are configured (e.g. HELO ...) and noprocessing and/or
  whitelisting is detected in the header check, the message score will be reduced to prevent
  false positives
  


2016-03-31
fixed in assp 2.5.1 build 16091:

- better performance for large mails


changed:

- If the ASSP_AFC plugin is installed and configured, all resend mails are scanned for viruses and
  bad attachments using the configured rules - except, that bad parts are replaced and the cleanedup
  mail is resent every time.
  To force the resend of the infected mail, the MIME-header tag 'X-ASSP-ForceResend:' has to be 
  manualy added to the file. It is also possible for admins to force the resend ba adding something
  like 'force' or 'do not scan', don't scan for attachment at the end of a resend request line like:
  ### file_to_be_resend ### do not scan 
  If a resend could not be done for any reason, the user will get a notification mail about this.



2016-03-30
fixed in assp 2.5.1 build 16090:

- Large performance improvement for systems under havy and very havy workload with 10 or more configured
  SMTP workers 'NumComWorkers'. The thread handling and logging mechanism is changed.

  Notice: the performance impact for debugging and enhanced logging settings, in relation to the default
  (now increased) performance, can be higher than in previous versions! 
  


2016-03-29
fixed in assp 2.5.1 build 16089:

- under certain conditions it was possible, that mails blocked by any Plugin were not correctly
  collected and the final file name was not written to the maillog.txt


2016-03-23
fixed in assp 2.5.1 build 16083:

- the resend link in BlockReports was missing, if a collected file was moved from 'spam' to 'discarded'


2016-03-21
fixed in assp 2.5.1 build 16081:

- internal folder content listings were not working, if the foldername contained spaces

- the collection of mails blocked by the ASSP_AFC Plugin was not working
  ASSP_AFC 3,33 or 4.25 are required to solve this problem
 

2016-03-20
fixed in assp 2.5.1 build 16080:

- 'enhancedOriginIPDetect wrong detected tunneled IPv4 addresses

- the SSLfailed-Cache was not cleanedup from invalid IP-addresses if 'noBanFailedSSLIP' was changed


changed:

- faster SSL-linstener handling improves DoS and DDoS handling of SSL-negotiation attacks

- 'MaxAllowedDups' acts more aggressive to keep the configured duplicate filenames

