****************************************************************************************** CHANGELOG Copfilter v2 (2012..year 02.month 19..day) the names in () supplied fixes, reported bugs or suggested improvements 20120218 - fixed the timing for loading the firewall rules after boot process (thanks to Falconcrest for reporting) - fixed Squid binary backup problem in setup_util (thanks to Falconcrest for reporting) - fixed monit and proxsmtpd problem and remove existing pidfile on startup - added a first step instruction after copfilter installation (thanks to FischerM) 20120211 - C-ICAP SVN 836 - sqlite 3.7.10 - fixed well known fpscand problem in copfilter_antivirus.cgi (thanks to FischerM) hint: for all Copfilter Users, who restores a created backup and using C-ICAP, you have to enable C-ICAP explicit, because of some new options on gui 20120206 - added database info option for mail body/header in antivirus gui (thanks to Severus) 20120204 - PHP 5.3.10 - Imspector CVS 2012-01-22 - updated some Perl Modules - note: if you want to use c-icap, havp and privoxy, manage the actions for privoxy on the havp configuration page - privoxy: removed statically linked pcre (because of safety concerns) - use external one - extended/reworked C-ICAP Selftest 20120129 - some preparations for upcoming IPCop 2.0.3 - added new features to c-icap configuration page: * textarea for destination virusscan exception domains * textarea for client source ip virusscan exceptions * textarea for client source ip urlfilter exceptions * added button, to run c-icap only with urlfilter (and e.g. havp as a virus scanner) 20120114 - fixed permission problem on Copfilter 2.0.91beta1 with using "Copfilter Whitelist-Manager" (thanks to Moshari_3 for reporting) 20120113 -PHP security fix and migration from PHP 5.2.x to PHP 5.3.9 20120106 - clamstats.pl adaptations for c-icap log file analyses 20120105 - some optimizations to clamav and 3rd Sigs updates (reduces the hard disk access extremely) - changed used Squid port from port 800 to IPCop regulary port 8080 20120101 - added ClamAV dbreload to check-updates_clamav.sh for C-ICAP 20111231 - added black- and whitelist textareas for c-icap 20111226 - added french C-ICAP templates (thanks to ShelbyGT500) - added debug modus to c-icap init script - added workaround to setup_util, to generate a "blacklist deactivated" global_setting backup file (to prevent loading empty databases on restore configs and restarting all services) 20111222 - Monit 5.3.2 20111217 - C-ICAP SVN 834 (fixed) 20111204 - not use PATH in setup_util to generate .profile, which is a problem by reinstalling Copfilter without rebooting IPCop - Privoxy 3.0.18 20111129 - added sendEmail 1.56 version to sendEmail.versions directory (thanks to andydld from copfilter forum) 20111126 - libiconv 1.14 - Berkeley DB 5.2.36 - SQLite-3.7.8 - removed SQLite-2.7.x 20111123 - added reload function to spamd for ruleset updates - added C-ICAP blacklist sources and update function 20111113 - added fields to SMTP Filter gui, to set your own ports (internal and external) - added spamassassin's short circuit function 15.10. - 01.11.2011 - added some fixes for f-prot versions without daemon (personal version) - extended the functionality for C-ICAP URL filter - monit 5.3.1 - ClamAV 0.97.3 20111011 - added c-icap 0.1.7 20110928 - fixed button problem on Copfilter Status page with some browsers 20110924 - all copfilter startup scripts got a third status output (ON, OFF, NOT ACTIVATED) - added possibiliity to deactivate c-icap scans on multimedia streams - fixed wrong update time for clamd and f-prot (reported by Kermit2) 20110722 - removed anomy and all entries, which belongs to anomy and p3pmail - added squid restart workaround for privoxy, to work correctly - added missing rm command, to remove the test.txt in tmp path 20110715 - removed p3pmail, which isn't used anymore 20110617 - added c-icap to copfilter v2! At this moment, without https scanning To use C-ICAP, it's needed to replace the squid binary by a new compiled one, because icap protocoll is not integrated by default! So I think it may be better, that the user decides to replace, or not. You can do this by calling setup_util with the -W or --c-icap option in future copfilter versions! 20110603/04 - removed the rest of the openprotect part (tmp1 & tmp2) in check-updates_rulesdujour.sh - corrected the turner for new used tmpfs path (tmp/havp to /havp/tmp) in copfilter_havp (thanks to FischerM for reporting) 20110528 - havp optimazations for downloads (thanks to sebastian from copfilter forum) 20110527 - fixed setup_util and copfilter cgi's, because I missed the correct way, to add menu entries in IPCop, which leads to a missing copfilter menu, after changing a network card, for example (thanks to FischerM for reporting) 20110522 - fixed uninstall routine in setup_util, added workaround for removing entries in squid.conf and proxy.cgi, if no modification was done (for example you install and uninstall copfilter, without using it), the complete content of squid.conf and proxy.cgi was deleted (also a bug in Copfilter 0.84betax and higher) - fixed freespace check in mailscanner.sh for later ipcop releases 20110519/21 - NetAddr::IP updated to 4.044, which fixed our well known spamassassin issue 'netset: cannot include xx.xx.xx.xx/xx as it has already been included' in Copfilter 2.0.90beta7x and later (unpublished test releases) - fixed some small user dependencies for copfilter services (thanks to ron for tests and reporting) 20110517 - removed openprotect channel from spamassassin rule upates, because all rules comes from spamassasin.org - added some new options to local.cf, which should save CPU in bayes scoring 20110516 - freeing ~ 20MB disk space on removing perl modules, by using additional i486 lib path in copfilter perl scripts - created completely new user and group architecture for working correctly with dropped privileges of most copfilter services (thanks to ron for reporting denied access from clamav on p3scan directories) 20110507 - changed clamav privileges from root to clamav and added user havp to group clamav to work correctly with dropped privileges - set permissions after restore copfilter settings with setup_util, because the permission get wrong rights after dropping the privileges 20110506 - added the perl lib path a little bit earlier in sa-learn from spamassassin and IMAPClient.pm in 2.0.90beta7a test release after a completely rebuild (2.0.90beta6 not affected by this issue!) (thanks to Frank from copfilter forum for reporting) 20110502 - added sqlite-3.6.0.2 for imspector seperately (3.x required by imspector) - added responder to imspector, to advice user that a IM logger is active sqlite logging is still not usable! it seems that if a message was dropped, sqlite-plugin is repeating the message until you stop service, means it's writing the same message about ca. 20x per seconds! On the other hand, the responder plugin is working quite well, although it's using same sqlite library. 20110501 - fixed copfilter_imspector status part, where there missed some ports (thanks to Severus for reporting) - added workaround for copfilter_proxsmtp, if $MAILSERVER is not declared, to remove egrep errors on startup 20110430 - fixed imspector cgi for displaying real time logviewer on same page correctly - fixed absolute button position in copfilter_status.cgi 20110428 - removed grep part from monit config_fwrules, which leads to an error on system start up and did not opened port 446 20110416/17 - changed ownership from p3scan, proxsmtp and spamassassin to spam, to work correctly with mailscanner.sh, when whitelist mail was detected and event should go to spamd.log (thanks to mrutenbeck for reporting) 20110415 - disabled debug messages in copfilter cgi files - disabled sqlite feature for imspector, cause of a bug (should find place in beta7 ... thanks to fragarach for reporting) - added new language files (thanks to FischerM) 20110414 - fixed f-prot update cron part, searching for folder, which do not exist in newer versions (thanks to forumuser fragarach for reporting) 20110412 - fixed copfilter antispam page, where date choice for spamassassin statistics was not displayed correctly - fixed clamav logrotate file 20110409 - moved copfilter menu entries to right location - added new imspector gui (at this moment, without real time log) - clamav configuration optimation - monit update to 5.2.5 - imspector with sqlite database use - fixed whitelist double entries in mailscanner.sh, if whitelist command mode is used - rsync updated to 3.0.8 20110326 - because squid 3.x is used in newer ipcop v2 svn release, some adjustments were necessary 20110317 - fixed copfilter_havp init script, for comment CLAMDSOCKET only once, after saving HAVP gui in library mode (this leads to not starting havp in socket mode, after using the library mode!) 20110220 - added prepared mailscanner.sh - updated extract_emal_addresses.awk scripts with new tld's (important part) 20110216 - cleaning up stop_fwrules from copfilter_proxsmtp (completely rewritten) - decrease SERVERNUMBER from 20 to 8 and setting MAXSERVERS in havp.conf to safe ram 20110215 - fixed iptable entry removing in copfilter_monit 20110214 - fixed p3scan pidfile path in p3scan.conf - copfilter_p3scan iptables rewritten - fixed copfilter_proxsmtpd iptable rules (thanks to ron for reporting) - added recompiled clamav 0.97, which should save ram (update your Copfilter-2.0.90beta4) 20110213 - fixed test for free disc space in mailscanner.sh - fixed HAVP pid file name (thanks to FischerM) - added clamstat.pl (ClamAV Overview) 20110212 - moved logrotate entries in right location /etc/logrotate.d and spend each service a logrotate file - Generally searching for ClamAV and used system memory 20110202 - fixed copfilter_p3scan init script (download copfilter_p3scan patch for copfilter-2.0.90beta4) ************************************************************************************************************************************ 20110123 - Copfilter 2.0.90beta release date ************************************************************************************************************************************ 20110122 - fixed cgi files for f-prot to fpscand, for finding daemon (thanks to Severus a. FischerM) 20110118 - removed all avg code from copfilter v2 - added changed language files (thanks to FischerM) 20110116 - compiled imspector again with standard openssldir 20110112 - fixed start_squid script, there was a wrong option, which leads the proxy not to restart 20110111 - updated PHP to verstion 5.2.17, because of a bug in Floating-Point - fixed havp init-, start_squid, start_squid_transparent skripts, for configure advanced proxy (this scripts are used, if a user do not specify port 800, or missing transparent mode in squid.conf, although havp uses transparent mode) - recompiled/added a lot of perl modules, which are missing/changed on newer ipcop builds (this leads to not use Mail::SPF perl module for spamassassin for example) - removed all installed man dokus, for freeing space (perl modules header files following) - uploaded minor fixes test release 20110110 - forgot to copy the libraries for BerkeleyDB to the copfilter package, which leads spamassassin not to use bayes - renewed language files, some newer descriptions, delete dead links (thanks to FischerM) 20110106 - added missing language files - small graphical redesign for copfilter status page - copfilter-2.0.90beta3 published as last testrelease 20110104 - workaround in setup_util for rsyslogd added (restart daemon) - added imspector to monitrc configuration file 20110101 - added iptables for new imspector protocol (Jabber, Jabber TLS/SSL, Gadu-Gadu) - made some tests with imspector Jabber SSL/TLS + created a sqlite database - at this time, no success to get Jabber running over TLS/SSL. A certificate is createt on the fly by Imspector, but get no authentication access to a Jabber server (communication is right well, until it come's to a timeout) 20101231 - added some missing global_settings, which leads to not start some services on fresh installation - added ssl feature to imspector (you'll find a prepared config file in /var/log/copfilter/default/opt/imspector/etc/imspector.conf.ssl and also self signed certificates in etc/keys) - start logs are going to /var/log/messages and protocol messages goes to usual place on imspector path - added some perl modules, which are missing on hardened IPCop 20101230 - added config page for imspector, activate, or deactivate on green, blue and orange - added language values for imspector (only in German and English at this moment) 20101227 - added imspector start/stop button in copfilter_status page to activate/deactivate service - added LD_LIBRARY_PATH to impspector start script 20101224 - fixed proxsmtp system up issue (starting proxsmtp/monit in background and let do ipcop's jobs) - fixed update procedure for ClamAV signature database on copfilter installation 20101216 - enabled monit in proxsmtp (boomer) 20101212 - fixed ip-subnet scripts - created init script and service binaries for assp 20101106 - added ssl feature for bayes imap training - added switch in antispam gui for ssl setting - degraded NetAddr-IP perl module to v4.033, cause of a bug - added new language us 20101101 - fixed gui problem belongs to p3scan on restarting service, which produce a zombie and a hanging site (which is a buffer problem related to p3scan output on starting service), redirect output to /dev/null fixed this problem - fixed most gui's, which produced a lot of errors to apache.log - modification for bayes training over imap client with ssl connections enabled