I have installed the recent copfilter Version: 0.85.3beta4.
Although the page says that it will rename files with specific extentions (those in the badlist defined in the renattach.conf file, it is renaming ALL files.
How can I change this to work only for the files extentions in the badlist definition in renattach.conf?
Thanks.
renattach renaming all files, not just in badlist
Re: renattach renaming all files, not just in badlist
Hi!
Sorry for any inconvenience - this bug has been fixed.
Please download and apply this fix:
http://www.it-connect-unix.de/copfilter ... v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3
Installation:
HTH
Matthias
Sorry for any inconvenience - this bug has been fixed.
Please download and apply this fix:
http://www.it-connect-unix.de/copfilter ... v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3
Installation:
Code: Select all
wget http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
tar xzf mailscanner-v1-fix.tgz
cd mailscanner-v1-fix
./installMatthias
Re: renattach renaming all files, not just in badlist
Thank you very much for your reply. But, it did not work.
See the attached screen capture, which shows the problems.
Question: where should I put the fix file?
Question: is there a spelling mistake in the script, as in some lines it is trying to create a file in "/var/log/copltere" (note the e after copfilter).
Can you please tell me how to proceed?
Also, I am having another problem: services in ipcop keep stopping (becoming red), and I am forced to reboot ipcop. Did not have the problems in the past with the previous copfilter.
See the attached image. (Sometimes, the IDS on the red interface becomes red)
The series of messages that I get from copfiler are like this (disregarding the monit instance changed messages):
execution failed - Execution failed Service httpd
does not exist - Does not exist Service httpd
does not exist - Does not exist Service spamd
execution failed - Does not exist Service spamd
Any help or suggestion on how to fix or investigate this problem would be much appreciated.
The main problem, is that the internet stops working when there are problems: not emails, no web sites, no IM.
Thanks very much.
Eli
See the attached screen capture, which shows the problems.
Question: where should I put the fix file?
Question: is there a spelling mistake in the script, as in some lines it is trying to create a file in "/var/log/copltere" (note the e after copfilter).
Can you please tell me how to proceed?
Also, I am having another problem: services in ipcop keep stopping (becoming red), and I am forced to reboot ipcop. Did not have the problems in the past with the previous copfilter.
See the attached image. (Sometimes, the IDS on the red interface becomes red)
The series of messages that I get from copfiler are like this (disregarding the monit instance changed messages):
execution failed - Execution failed Service httpd
does not exist - Does not exist Service httpd
does not exist - Does not exist Service spamd
execution failed - Does not exist Service spamd
Any help or suggestion on how to fix or investigate this problem would be much appreciated.
The main problem, is that the internet stops working when there are problems: not emails, no web sites, no IM.
Thanks very much.
Eli
-
karesmakro
- Site Admin
- Posts: 1280
- Joined: 09 Dec 2009 21:17
Re: renattach renaming all files, not just in badlist
Sorry for my mistaken. I'll upload the correct fix this evening!
The mailscanner.sh should be copied to following directory
To your services problems on your ipcop, can you show me your disk space
and the output from
(only relevant lines)
and some lines of
What happens, if you try to start one of the failed services from shell?
For example the webserver?
The mailscanner.sh should be copied to following directory
Code: Select all
/var/log/copfilter/default/opt/tools/binCode: Select all
df -hCode: Select all
dmesgand some lines of
Code: Select all
/var/log/messagesFor example the webserver?
Code: Select all
httpdRe: renattach renaming all files, not just in badlist
Hi!
IMHO 512MB RAM is definitely not enough for using Copfilter.
Consider upgrading to least 1GB RAM.
How did you configure Copfilter - which services are running, which not? Are you using the "Third Party Signatures" and if YES, how much of them?
HTH
Matthias
P.S.: If possible, please post an daily/monthly image of https://[IPCop-IP-Address]:445/cgi-bin/graphs.cgi?graph=memory
IMHO 512MB RAM is definitely not enough for using Copfilter.
Consider upgrading to least 1GB RAM.
How did you configure Copfilter - which services are running, which not? Are you using the "Third Party Signatures" and if YES, how much of them?
HTH
Matthias
P.S.: If possible, please post an daily/monthly image of https://[IPCop-IP-Address]:445/cgi-bin/graphs.cgi?graph=memory
-
karesmakro
- Site Admin
- Posts: 1280
- Joined: 09 Dec 2009 21:17
Re: renattach renaming all files, not just in badlist
Here you will find the right mailscanner-v1-fix version!
It is tested and working now
http://www.it-connect-unix.de/copfilter ... v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3
description:
It is tested and working now
http://www.it-connect-unix.de/copfilter ... v1-fix.tgz
md5sum: 1acdf10c23b983df8cea825ab14b23e3
description:
Code: Select all
wget http://www.it-connect-unix.de/copfilter/mailscanner-v1-fix.tgz
tar xzf mailscanner-v1-fix.tgz
cd mailscanner-v1-fix
./installRe: renattach renaming all files, not just in badlist
Interesting point about the memory. Here is the image for the memory usage.
It can be seen in the image when I did the upgrade (a week ago), and then the usage went significantly up.
Could it be that there are double services running?
It can be seen in the image when I did the upgrade (a week ago), and then the usage went significantly up.
Could it be that there are double services running?
Re: renattach renaming all files, not just in badlist
I will wait for your modified files, as you suggested.karesmakro wrote:Sorry for my mistaken. I'll upload the correct fix this evening!
The mailscanner.sh should be copied to following directoryCode: Select all
/var/log/copfilter/default/opt/tools/bin
Here it is:karesmakro wrote:To your services problems on your ipcop, can you show me your disk spaceand the output fromCode: Select all
df -h
root@ipcopIBM:~ # df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 7.9G 306M 7.6G 4% /
/dev/root 7.9G 306M 7.6G 4% /
/dev/harddisk1 16M 3.5M 12M 24% /boot
/dev/harddisk2 29G 445M 27G 2% /var/log
root@ipcopIBM:~ #
I dont know what you mean by relevant lines. Here is a link to the complete messages current file.karesmakro wrote:(only relevant lines)Code: Select all
dmesg
and some lines ofCode: Select all
/var/log/messages
http://www.dlm-enterprises.com/messages.txt
I have not tried this yet.karesmakro wrote: What happens, if you try to start one of the failed services from shell?
For example the webserver?Code: Select all
httpd
Have you seen my previous post about the memory issues that were suggested?
Thanks for the comments and for the help.
Eli
-
karesmakro
- Site Admin
- Posts: 1280
- Joined: 09 Dec 2009 21:17
Re: renattach renaming all files, not just in badlist
Can you please remove your messages log file, because you can see the mail addresses!
Next step would be, to deactivate snort on your machine, because it is no longer supported for years and 2. it costs a lot of memory and system ressources!
After them increase your swap file a little bit by executing following commands:
were count should be in MB ! This will help to keep up your Cop
and here you will find the the new fix: viewtopic.php?f=3&t=587#p2791
(We was writing the same time!
)
Reboot your machine and check the service status page again!
What's about your graph's? On week 33 - 35 was there running the old copfilter version and the memory increased with the new one?
Next step would be, to deactivate snort on your machine, because it is no longer supported for years and 2. it costs a lot of memory and system ressources!
After them increase your swap file a little bit by executing following commands:
Code: Select all
swapoff /swapfile
rm /swapfile
dd if=/dev/zero of=/swapfile bs=1024k count=500
mkswap /swapfile
swapon / swapfile
chmod 600 /swapfileand here you will find the the new fix: viewtopic.php?f=3&t=587#p2791
(We was writing the same time!
)Reboot your machine and check the service status page again!
What's about your graph's? On week 33 - 35 was there running the old copfilter version and the memory increased with the new one?
Re: renattach renaming all files, not just in badlist
Thanks for your reply.
I have done everything you suggested:
1. removed the messages file (thanks for telling me...)
2. deactivation of snort: I assume this is the IDS on the red,green and blue interfaces. Is my system still protected? Should I just deactivate it, or remove it completely (if yes, how do I do it?)?
3. increased the size of the swapfile as per: "dd if=/dev/zero of=/swapfile bs=1024k count=500" (as your suggested)
4. going to reboot now, but first will finish this post
With respect to the graph of memory usage, yes, one of the was the previous version of copfilter, and then I did the upgrade.
It is strange that the memory usage increased so much.
Thanks very much, and lets hope it will be ok now.
I have done everything you suggested:
1. removed the messages file (thanks for telling me...)
2. deactivation of snort: I assume this is the IDS on the red,green and blue interfaces. Is my system still protected? Should I just deactivate it, or remove it completely (if yes, how do I do it?)?
3. increased the size of the swapfile as per: "dd if=/dev/zero of=/swapfile bs=1024k count=500" (as your suggested)
4. going to reboot now, but first will finish this post
With respect to the graph of memory usage, yes, one of the was the previous version of copfilter, and then I did the upgrade.
It is strange that the memory usage increased so much.
Thanks very much, and lets hope it will be ok now.