Page 1 of 2

renattach renaming all files, not just in badlist

Posted: 08 Sep 2011 20:35
by elinap
I have installed the recent copfilter Version: 0.85.3beta4.
Although the page says that it will rename files with specific extentions (those in the badlist defined in the renattach.conf file, it is renaming ALL files.
How can I change this to work only for the files extentions in the badlist definition in renattach.conf?

Thanks.

Re: renattach renaming all files, not just in badlist

Posted: 08 Sep 2011 21:08
by FischerM
Hi!

Sorry for any inconvenience - this bug has been fixed.

Please download and apply this fix:

http://www.it-connect-unix.de/copfilter ... v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3

Installation:

Code: Select all

wget http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
tar xzf mailscanner-v1-fix.tgz
cd mailscanner-v1-fix
./install
HTH
Matthias

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 00:38
by elinap
Thank you very much for your reply. But, it did not work.
See the attached screen capture, which shows the problems.
Image

Question: where should I put the fix file?
Question: is there a spelling mistake in the script, as in some lines it is trying to create a file in "/var/log/copltere" (note the e after copfilter).

Can you please tell me how to proceed?

Also, I am having another problem: services in ipcop keep stopping (becoming red), and I am forced to reboot ipcop. Did not have the problems in the past with the previous copfilter.
See the attached image. (Sometimes, the IDS on the red interface becomes red)
Image

The series of messages that I get from copfiler are like this (disregarding the monit instance changed messages):
execution failed - Execution failed Service httpd
does not exist - Does not exist Service httpd
does not exist - Does not exist Service spamd
execution failed - Does not exist Service spamd

Any help or suggestion on how to fix or investigate this problem would be much appreciated.
The main problem, is that the internet stops working when there are problems: not emails, no web sites, no IM.

Thanks very much.

Eli

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 08:08
by karesmakro
Sorry for my mistaken. I'll upload the correct fix this evening!
The mailscanner.sh should be copied to following directory

Code: Select all

/var/log/copfilter/default/opt/tools/bin
To your services problems on your ipcop, can you show me your disk space

Code: Select all

df -h
and the output from

Code: Select all

dmesg
(only relevant lines)
and some lines of

Code: Select all

/var/log/messages
What happens, if you try to start one of the failed services from shell?
For example the webserver?

Code: Select all

httpd

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 18:27
by FischerM
Hi!

IMHO 512MB RAM is definitely not enough for using Copfilter.

Consider upgrading to least 1GB RAM.

How did you configure Copfilter - which services are running, which not? Are you using the "Third Party Signatures" and if YES, how much of them?

HTH
Matthias

P.S.: If possible, please post an daily/monthly image of https://[IPCop-IP-Address]:445/cgi-bin/graphs.cgi?graph=memory

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 20:28
by karesmakro
Here you will find the right mailscanner-v1-fix version!
It is tested and working now

http://www.it-connect-unix.de/copfilter ... v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3

description:

Code: Select all

wget http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
tar xzf mailscanner-v1-fix.tgz
cd mailscanner-v1-fix
./install

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 20:33
by elinap
Interesting point about the memory. Here is the image for the memory usage.
Image
It can be seen in the image when I did the upgrade (a week ago), and then the usage went significantly up.
Could it be that there are double services running?

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 20:43
by elinap
karesmakro wrote:Sorry for my mistaken. I'll upload the correct fix this evening!
The mailscanner.sh should be copied to following directory

Code: Select all

/var/log/copfilter/default/opt/tools/bin
I will wait for your modified files, as you suggested.
karesmakro wrote:To your services problems on your ipcop, can you show me your disk space

Code: Select all

df -h
and the output from
Here it is:
root@ipcopIBM:~ # df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 7.9G 306M 7.6G 4% /
/dev/root 7.9G 306M 7.6G 4% /
/dev/harddisk1 16M 3.5M 12M 24% /boot
/dev/harddisk2 29G 445M 27G 2% /var/log
root@ipcopIBM:~ #
karesmakro wrote:

Code: Select all

dmesg
(only relevant lines)
and some lines of

Code: Select all

/var/log/messages
I dont know what you mean by relevant lines. Here is a link to the complete messages current file.
http://www.dlm-enterprises.com/messages.txt
karesmakro wrote: What happens, if you try to start one of the failed services from shell?
For example the webserver?

Code: Select all

httpd
I have not tried this yet.

Have you seen my previous post about the memory issues that were suggested?
Thanks for the comments and for the help.
Eli

Re: renattach renaming all files, not just in badlist

Posted: 13 Sep 2011 21:46
by karesmakro
Can you please remove your messages log file, because you can see the mail addresses!
Next step would be, to deactivate snort on your machine, because it is no longer supported for years and 2. it costs a lot of memory and system ressources!
After them increase your swap file a little bit by executing following commands:

Code: Select all

swapoff /swapfile
rm /swapfile
dd if=/dev/zero of=/swapfile bs=1024k count=500
mkswap /swapfile
swapon / swapfile
chmod 600 /swapfile
were count should be in MB ! This will help to keep up your Cop

and here you will find the the new fix: viewtopic.php?f=3&t=587#p2791
(We was writing the same time! :D )
Reboot your machine and check the service status page again!

What's about your graph's? On week 33 - 35 was there running the old copfilter version and the memory increased with the new one?

Re: renattach renaming all files, not just in badlist

Posted: 14 Sep 2011 00:51
by elinap
Thanks for your reply.

I have done everything you suggested:
1. removed the messages file (thanks for telling me...)
2. deactivation of snort: I assume this is the IDS on the red,green and blue interfaces. Is my system still protected? Should I just deactivate it, or remove it completely (if yes, how do I do it?)?
3. increased the size of the swapfile as per: "dd if=/dev/zero of=/swapfile bs=1024k count=500" (as your suggested)
4. going to reboot now, but first will finish this post

With respect to the graph of memory usage, yes, one of the was the previous version of copfilter, and then I did the upgrade.
It is strange that the memory usage increased so much.

Thanks very much, and lets hope it will be ok now.