renattach renaming all files, not just in badlist

This forum is for all copfilter support related questions in English.

renattach renaming all files, not just in badlist

Postby elinap » 08 Sep 2011 20:35

I have installed the recent copfilter Version: 0.85.3beta4.
Although the page says that it will rename files with specific extentions (those in the badlist defined in the renattach.conf file, it is renaming ALL files.
How can I change this to work only for the files extentions in the badlist definition in renattach.conf?

Thanks.
elinap
 
Posts: 10
Joined: 08 Sep 2011 20:29

Re: renattach renaming all files, not just in badlist

Postby FischerM » 08 Sep 2011 21:08

Hi!

Sorry for any inconvenience - this bug has been fixed.

Please download and apply this fix:

http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3

Installation:
Code: Select all
wget http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
tar xzf mailscanner-v1-fix.tgz
cd mailscanner-v1-fix
./install

HTH
Matthias
FischerM
Site Admin
 
Posts: 544
Joined: 09 Dec 2009 19:24
Location: Rheinbach

Re: renattach renaming all files, not just in badlist

Postby elinap » 13 Sep 2011 00:38

Thank you very much for your reply. But, it did not work.
See the attached screen capture, which shows the problems.
Image

Question: where should I put the fix file?
Question: is there a spelling mistake in the script, as in some lines it is trying to create a file in "/var/log/copltere" (note the e after copfilter).

Can you please tell me how to proceed?

Also, I am having another problem: services in ipcop keep stopping (becoming red), and I am forced to reboot ipcop. Did not have the problems in the past with the previous copfilter.
See the attached image. (Sometimes, the IDS on the red interface becomes red)
Image

The series of messages that I get from copfiler are like this (disregarding the monit instance changed messages):
execution failed - Execution failed Service httpd
does not exist - Does not exist Service httpd
does not exist - Does not exist Service spamd
execution failed - Does not exist Service spamd

Any help or suggestion on how to fix or investigate this problem would be much appreciated.
The main problem, is that the internet stops working when there are problems: not emails, no web sites, no IM.

Thanks very much.

Eli
elinap
 
Posts: 10
Joined: 08 Sep 2011 20:29

Re: renattach renaming all files, not just in badlist

Postby karesmakro » 13 Sep 2011 08:08

Sorry for my mistaken. I'll upload the correct fix this evening!
The mailscanner.sh should be copied to following directory
Code: Select all
/var/log/copfilter/default/opt/tools/bin


To your services problems on your ipcop, can you show me your disk space
Code: Select all
df -h
and the output from
Code: Select all
dmesg
(only relevant lines)
and some lines of
Code: Select all
/var/log/messages

What happens, if you try to start one of the failed services from shell?
For example the webserver?
Code: Select all
httpd
karesmakro
Site Admin
 
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: renattach renaming all files, not just in badlist

Postby FischerM » 13 Sep 2011 18:27

Hi!

IMHO 512MB RAM is definitely not enough for using Copfilter.

Consider upgrading to least 1GB RAM.

How did you configure Copfilter - which services are running, which not? Are you using the "Third Party Signatures" and if YES, how much of them?

HTH
Matthias

P.S.: If possible, please post an daily/monthly image of https://[IPCop-IP-Address]:445/cgi-bin/graphs.cgi?graph=memory
FischerM
Site Admin
 
Posts: 544
Joined: 09 Dec 2009 19:24
Location: Rheinbach

Re: renattach renaming all files, not just in badlist

Postby karesmakro » 13 Sep 2011 20:28

Here you will find the right mailscanner-v1-fix version!
It is tested and working now

http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3

description:
Code: Select all
wget http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
tar xzf mailscanner-v1-fix.tgz
cd mailscanner-v1-fix
./install
karesmakro
Site Admin
 
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: renattach renaming all files, not just in badlist

Postby elinap » 13 Sep 2011 20:33

Interesting point about the memory. Here is the image for the memory usage.
Image
It can be seen in the image when I did the upgrade (a week ago), and then the usage went significantly up.
Could it be that there are double services running?
elinap
 
Posts: 10
Joined: 08 Sep 2011 20:29

Re: renattach renaming all files, not just in badlist

Postby elinap » 13 Sep 2011 20:43

karesmakro wrote:Sorry for my mistaken. I'll upload the correct fix this evening!
The mailscanner.sh should be copied to following directory
Code: Select all
/var/log/copfilter/default/opt/tools/bin



I will wait for your modified files, as you suggested.

karesmakro wrote:To your services problems on your ipcop, can you show me your disk space
Code: Select all
df -h
and the output from

Here it is:
root@ipcopIBM:~ # df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 7.9G 306M 7.6G 4% /
/dev/root 7.9G 306M 7.6G 4% /
/dev/harddisk1 16M 3.5M 12M 24% /boot
/dev/harddisk2 29G 445M 27G 2% /var/log
root@ipcopIBM:~ #

karesmakro wrote:
Code: Select all
dmesg
(only relevant lines)
and some lines of
Code: Select all
/var/log/messages


I dont know what you mean by relevant lines. Here is a link to the complete messages current file.
http://www.dlm-enterprises.com/messages.txt
karesmakro wrote:What happens, if you try to start one of the failed services from shell?
For example the webserver?
Code: Select all
httpd


I have not tried this yet.

Have you seen my previous post about the memory issues that were suggested?
Thanks for the comments and for the help.
Eli
elinap
 
Posts: 10
Joined: 08 Sep 2011 20:29

Re: renattach renaming all files, not just in badlist

Postby karesmakro » 13 Sep 2011 21:46

Can you please remove your messages log file, because you can see the mail addresses!
Next step would be, to deactivate snort on your machine, because it is no longer supported for years and 2. it costs a lot of memory and system ressources!
After them increase your swap file a little bit by executing following commands:
Code: Select all
swapoff /swapfile
rm /swapfile
dd if=/dev/zero of=/swapfile bs=1024k count=500
mkswap /swapfile
swapon / swapfile
chmod 600 /swapfile

were count should be in MB ! This will help to keep up your Cop

and here you will find the the new fix: viewtopic.php?f=3&t=587#p2791
(We was writing the same time! :D )
Reboot your machine and check the service status page again!

What's about your graph's? On week 33 - 35 was there running the old copfilter version and the memory increased with the new one?
karesmakro
Site Admin
 
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: renattach renaming all files, not just in badlist

Postby elinap » 14 Sep 2011 00:51

Thanks for your reply.

I have done everything you suggested:
1. removed the messages file (thanks for telling me...)
2. deactivation of snort: I assume this is the IDS on the red,green and blue interfaces. Is my system still protected? Should I just deactivate it, or remove it completely (if yes, how do I do it?)?
3. increased the size of the swapfile as per: "dd if=/dev/zero of=/swapfile bs=1024k count=500" (as your suggested)
4. going to reboot now, but first will finish this post

With respect to the graph of memory usage, yes, one of the was the previous version of copfilter, and then I did the upgrade.
It is strange that the memory usage increased so much.

Thanks very much, and lets hope it will be ok now.
elinap
 
Posts: 10
Joined: 08 Sep 2011 20:29

Next

Return to English Copfilter Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron