14 Feb 2001

Following the failure of version 1.00 to block the VBS/OnTheFly (Anna
Kournikova) visual basic virus this week, patch 1 is released as a quick
fix to the problem.

This fix works by inspecting the file name of the attachment and blocking
any that have double extensions (such as MyPicture.gif.vbs) and any that
have *.vb? extensions. This modification is required because VB scripts
arrive as pure text, and have no magic header that m_file can identify.
This update should be considered temporary.

27 July 2001

I have had a number of requests and questions about reviving rejected
attachments, so I have carried the revive utility from the 1.01-beta1
version into 1.00.2, and re-released with a document on reviving files.

6 Sept 2001

A number of people have reported core dumps and empty mails, and I have
obtained sample messages to reproduce. The problem has been corrected,
and 1.00.3 released today.

27 November 2001

I have had a report of a "Win32.Aliz" trojan breaking through
protector's defences. Investigation shows that this has been done by
(apparently) deliberately corrupting the mail message headers in such a
way the protector can find the boundary string in the Content-Type
header. I have add some simple checks to the unquote() function in
headers.c which aborts when mismatched quotes are found in the boundary
string. It's a quick fix - but should work. In the longer term I need a
better sub-header parser than the one currently used.
The changed software will be 1.00.4.

16 July 2002 - 1.00.6

Following e-mail exchanges with Dirk Schouten <schoutdi@knoware.nl>, I
find that the name checking on the Content-disposition header field isnt
working due to a confusion of environment variable names - fixed in 1.00.6.

27  Sept 2002 - 1.00.7

Problem found - Content-type: header with value on a continuation line
is not properly detected - fixed.
