For all that follows the same rules apply as written in the Introduction:

• The main purpose of this part is to collect and describe Bugfixes regarding the Copfilter-Addon for IPCop 1.4.2x (abbreviated: V1) and 1.9.x/2.x (abbreviated: V2).
• If there are problems regarding this Bugfixes, please open a new thread in the Copfilter-Forum, write a report on Copfilter-Bugtracker or send us (karesmakro, severus, fischerm) a PM (Private Message) via Copfilter Forum.
  Any requests for changes or extensions will be taken in account.

Please note:

• Some of the updates described are already included since Copfilter version 0.84beta5. Please read the Changelogs.
• The line informations regarding code changes may not necessarily be *absolutely*, so always use search functions for text or code-passages.

• This comes with absolutely no functional guarantees!

ATTENTION!

• Extensive knowledge about the working(s) of the IPCop-Firewall and Copfilter in general, plus extensive Linux experiences are an absolute must for the updates and modifications that are described!

• This is not for novices to experiment, you need to know what you are doing and what the consequences may be…

• A full backup, a functioning restore, and the willingness to reinstall a defective IPCop-system are prerequisites!

And, as said before…:

• It is an absolutely must to use a Linux-compatible text editor - on a Linux OS - for all changes to be made!

Italic quotes are from the original posting - it's unfortunately no longer available.

Hi,
It seems there is a problem with SMTP Auth with the new version of sendEmail. If I test it manually, I get the following message:

root@castor:/tmp # cat /tmp/settings | $SENDEMAIL -xu $SMTP_AUTH_USER
-xp $SMTP_AUTH_PASS -f $SENDER_ADR -t $EMAIL_ADR -s "${SMTP_HOST}" -u
"[Copfilter] AntiVirus Update: ClamAV"

Reading message body from STDIN because the '-m' option was not used.

If you are manually typing in a message:

- First line must be received within 60 seconds.

- End manual input with a CTRL-D on its own line.

Nov 14 14:28:15 castor sendEmail[17276]: Message input complete.

Nov 14 14:28:19 castor sendEmail[17276]: ERROR => Received: 535 auth
failure

Version 1.53 doesn't have this problem.

Enter the following commands on the console:

cd /var/log/copfilter/default/opt/tools/bin
mv sendEmail sendEmail-1.55
mv sendEmail-1.53 sendEmail

After this is should be ok. Regards,

Jens

Italic quotes are from the original posting - it's unfortunately no longer available.

Edit:
'/var/log/copfilter/default/opt/p3scan/etc/p3scan.conf'

Sometimes it helps to raise the 'timeout'-value in 'p3scan.conf':

#
# Timeout
#
#   Change the default timeout for sending characters/lines to the
#   client while processing a message.
#
#   default: 30 seconds
timeout = 60

Italic quotes are from the original posting - it's unfortunately no longer available.

1. “corrupted”:

Edit:
'/var/log/copfilter/default/etc2/copfilter_functions'

Replace:

mv $TMPFILE $MAIL_FILTERINFO

with:

cat $TMPFILE | grep -v "^$" > $MAIL_FILTERINFO
rm $TMPFILE

Fix is included since Copfilter 0.84beta4!

2. Mails come as source code with no subject:

Install Mail-Update: http://www.it-connect-unix.de/copfilter/mail_update.tar.gz

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

Italic quotes are from the original posting - it's unfortunately no longer available.

'monit' doesn't start automatic, only via GUI

Attention: This error occurs only when you have selected spanish as default language!

Edit:
'/var/log/copfilter/default/langs/es.sh'

in /var/log/copfilter/default/langs/es.sh
line 6 + 7:

CPerr_not_exist= "copfilter no está instalado o el archivo global_settings no se encuentra"
CP_warning= "CUIDADO:\n\

must be:

CPerr_not_exist="copfilter no está instalado o el archivo global_settings no se encuentra"
CP_warning="CUIDADO:\n\

There are two spaces too much!

30.08.2008: Status solved!

If you want to enable p3scan for orange network, the packets are dropped by IPCop firewall, because of a missing iptable entry in service copfilter_p3scan. This fix replaces your p3scan start service and make a backup of old one.

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

See: http://www.copfilter.org/forum/viewtopic.php?p=583#p583

Quote:
If you have problems in skipping spam tests, although they have a black- or whitelist entry, install this mailscanner-modification!
Description: some mails are sent with multiple sender addresses, which leads to problems on recognizing black- or whitelist entries and skipping spam tests.

Update 11.04.2010:
Added fix from severus for working f-prot correctly and add information about all virus-scanners in quarantine.

Update 20.04.2010:
Added fix from karesmakro and severus - export LC_ALL=en_US.UTF8, because in some cases the environment variable is ignored!

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

This is the language patch for the new copfilter release copfilter-0.84beta4.

Without this fix, ipaddress and hostname are missing in the IPCop status page!

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

Privoxy no longer checks traffic if squid cache is cleared by GUI
and squid, havp and monit are restarted by this job.
Must be restarted manually to work again.

This mod allows to restart havp and privoxy on
clearing squid cache
restart squid
by GUI.
There will only be replaced the files proxy.cgi and, if installed, advproxy.cgi. No further mods are done
besides the integrating of the restart commands for havp and privoxy.
Running the install file with parameter u will restore your current files.

Install the following patch.

(2010-04-18 21:40 v0.01.0)

• This patch replaces the existing 'proxy.cgi' or - if installed - the existing 'advproxy.cgi'.
• It creates backups of old files, the 'install' script offers a “replace” - and a “restore” function.
• User-specific changes are lost during the installation!
• After updating 'advproxy', you have to reinstall this patch.

Italic quotes are from the original posting - it's unfortunately no longer available.

I've taken the time tonight to install a brand new IPCop
and found that the bug is still present.

If AVG is installed, 'Frox' is marking everything as a virus - incoming and outgoing.

Edit:
'/var/log/copfilter/default/opt/frox/etc/frox.conf'

So I edited 'frox.conf', changed the order of a few lines and restarted all proxy services.
Original order:

# COPFILTER START - clamav - do not modify
VirusScanner '"/var/log/copfilter/default/opt/clamav/default/bin/clamdscan" "%s"'
# COPFILTER END - clamav - do not modify

# COPFILTER START - avg - do not modify
VirusScanner '"LD_LIBRARY_PATH=/var/log/copfilter/default/opt/avg/lib /var/log/copfilter/default/opt/avg/default/bin/avgscan -scan" "%s"'
# COPFILTER END - avg - do not modify

# COPFILTER START - f-prot - do not modify
# VirusScanner
# COPFILTER END - f-prot - do not modify

I moved ClamAV a few lines down and now it looks like this and is working.

frox_conf_mod

# COPFILTER START - f-prot - do not modify
# VirusScanner
# COPFILTER END - f-prot - do not modify

# COPFILTER START - avg - do not modify
VirusScanner '"LD_LIBRARY_PATH=/var/log/copfilter/default/opt/avg/lib /var/log/copfilter/default/opt/avg/default/bin/avgscan -scan" "%s"'
# COPFILTER END - avg - do not modify

# COPFILTER START - clamav - do not modify
VirusScanner '"/var/log/copfilter/default/opt/clamav/default/bin/clamdscan" "%s"'
# COPFILTER END - clamav - do not modify

There is a problem in send_q_mail.sh in new copfilter-0.84beta4 version!

If you want to resend more then one spam mails contained in quarantine folder, you get an error like:

/var/log/copfilter/default/opt/tools/bin/send_q_mail.sh: line 62: [: too many arguments

The error comes from grepping an entry in an if-routine with more then one matches.

Here is the download to fix this problem.

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

Another problems were detected in send_q_mail.sh!

Problem 1: virus mails can't be resend

Problem 2: on deleting virus mails, the tmp files wasn't deleted (but was removed by cron)

This fix includes the send_q_mail bugfix from Mar 15, 2009

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

See: http://www.copfilter.org/bugtracker/view.php?id=23

monit with smtp port different to 25
The notation smtp.abd.de:26 used by the GUI and other CF core programs is no longer supported by the latest monit version.
It needs a entry set mailserver smtp-abc.de port xy (…) and additional entries for smtp_auth and smtp_aut_secure.
A little change in the copfilter_monit file will set the needed entries though the settings by GUI are done in the current way…

Please note:
'copfilter_monit'-Fix for Copfilter Version 0.85.2:

Contains an alternative 'copfilter_monit' file, in case that an alternative SMTP port must be used, but 'monit' won't start.

Installation:
Create backup:

cp /root/copfilter/opt/monit/etc/init.d/copfilter_monit /root/copfilter/opt/monit/etc/init.d/copfilter_monit.orig

Extract:

tar xzf copfilter_monit.tgz -C /root/copfilter/opt/monit/etc/init.d

Subsequently, save email settings and restart 'monit'.

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
   Answer query with “i”.
7. Installation ok?
8. Deleting the installation directories (optional)

See: http://www.copfilter.org/forum/viewtopic.php?f=3&t=71
and
http://www.copfilter.org/forum/viewtopic.php?p=263#p263

Hi all,

this morning when I tried to have a look at the Quarantine list I got this error:

Software error:
Unknown encoding 'gb2312' at /home/httpd/cgi-bin/copfilter_status.cgi line 93

Install fix for 'copfilter_status.cgi'.

Installation proceeds as described in The installation of the software archives:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
6. Starting the installation
7. Installation ok?
8. Deleting the installation directories (optional)

Heise Newsticker, 01.01.2010:
http://www.heise.de/newsticker/meldung/Jahr-2010-Problem-im-Spam-Filter-von-GMX-Update-894258.html

Quote:
Anyone who has an e-mail account at GMX should also look into today's spam folder.
The spam filter has apparently a Year 2010 problem
and many e-mails are marked as spam. You can see this by a header like this:

X-GMX-Antispam: 5 (Score=6.300;BAD_ENC_HEADER,FH_DATE_PAST_20XX);

The text FH_DATE_PAST_20XX indicates the problem: The filter should apparently sort out mail which is “suspiciously in the future”.
Now future has caught up with this filter rule.

Discussion and solution, see:
http://www.copfilter.org/forum/viewtopic.php?f=4&t=13 (German)
http://www.copfilter.org/forum/viewtopic.php?f=3&t=14 (Englisch)

Installation proceeds as described in The installation of the software archives - with a small modification:

1. Login
2. Download
3. Check MD5 sum
4. Extract the installation archive
5. Change to installation directory
   Enter following command here:

   ./ruleset-update

   [ENTER]
   

• After update process has finished, restart spamassassin.
• The remaining part corresponds to the usual procedure: Installation ok? and Deleting the installation directories (optional)
  

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=699#p699 (already included since Copfilter-Version 0.85.2).

The 'privoxy' service starts without errors, but when you call the' privoxy' configuration page, it still seems to point out that 'privoxy' is not running.

Adjustments needed in 'privoxy'-config-file.

Edit:
'/var/log/copfilter/default/opt/privoxy/etc/config'

Replace:

listen-address :8118

With:

listen-address  127.0.0.1:8118

Replace:

forward / :10080

With:

forward / 127.0.0.1:10080

In addition, Bugfix for 'privoxy'-Start should be installed!

Situation:

1. Neither F-PROT nor AVG are installed as additional virus scanners.

Nevertheless, with each update process, error messages are written to '/var/log/copfilter/0.84beta4/opt/tools/var/log/copfilter_cron.log' regarding nonexistent files and directories:

/var/log/copfilter/default/opt/tools/bin/check-updates_avg.sh: line 25: /var/log/copfilter/default/opt/avg/default/bin/avgscan: No such file or directory
/var/log/copfilter/default/opt/tools/bin/check-updates_avg.sh: line 27: /var/log/copfilter/default/opt/avg/default/bin/avgupdate: No such file or directory
/var/log/copfilter/default/opt/tools/bin/check-updates_avg.sh: line 29: /var/log/copfilter/default/opt/avg/default/bin/avgscan: No such file or directory
/var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 26: /var/log/copfilter/default/opt/f-prot/default/fpscan: No such file or directory
/var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 28: /var/log/copfilter/default/opt/f-prot/default/fpupdate: No such file or directory
/var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 30: /var/log/copfilter/default/opt/f-prot/default/fpscan: No such file or directory
/var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 31: /var/log/copfilter/default/opt/f-prot/default/fpscan: No such file or directory

2. Periodic error messages in '/var/log/copfilter/0.84beta4/opt/tools/var/log/copfilter_cron.log':

find: /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/: No such file or directory

That's true - this directory doesn't exist…

To avoid these harmless, but unnecessary error messages, the file '/usr/local/bin/copfilter_cron' has to be adjusted:

1. - Adjust AVG-Update-Routine (Line ~39):

Change:

if [ -e /var/ipcop/red/active ]; then
		$BASEDIR/opt/tools/bin/check-updates_avg.sh
		# reset counter variable
		rm -f $BASEDIR/etc/avg_counter
		cp -p $BASEDIR/etc/avg_counter.conf $BASEDIR/etc/avg_counter
	else
	echo "No internet connection available, so no Updates will be downloaded."
fi

to:

copfilter_cron_avg_mod

if [ -e /var/ipcop/red/active ] && [ -e $BASEDIR/etc/avg_enable ]; then
		$BASEDIR/opt/tools/bin/check-updates_avg.sh
		# reset counter variable
		rm -f $BASEDIR/etc/avg_counter
		cp -p $BASEDIR/etc/avg_counter.conf $BASEDIR/etc/avg_counter
	else
		if [ -e $BASEDIR/etc/avg_enable ]; then
		echo "No internet connection available, so no Updates will be downloaded."
		fi
fi

1. - Adjust F-PROT-Update-Routine (Line ~62):

Change:

if [ -e /var/ipcop/red/active ]; then
		$BASEDIR/opt/tools/bin/check-updates_f-prot.sh
		# reset counter variable
		rm -f $BASEDIR/etc/fprot_counter
		cp -p $BASEDIR/etc/fprot_counter.conf $BASEDIR/etc/fprot_counter
	else
	echo "No internet connection available, so no Updates will be downloaded."
fi

to:

copfilter_cron_fprot_mod

if [ -e /var/ipcop/red/active ] && [ -e $BASEDIR/etc/fprotd_enable ]; then
		$BASEDIR/opt/tools/bin/check-updates_f-prot.sh
		# reset counter variable
		rm -f $BASEDIR/etc/fprot_counter
		cp -p $BASEDIR/etc/fprot_counter.conf $BASEDIR/etc/fprot_counter
	else
		if [ -e $BASEDIR/etc/fprotd_enable ]; then
		echo "No internet connection available, so no Updates will be downloaded."
		fi
fi

Thus, the scripts 'check updates_avg.sh' and 'check-updates_f prot.sh' are only started if the corresponding scanners are installed.

2. - Adjust P3Scan-Routine (Line ~98):

Change:

if [ $(cat $BASEDIR/etc/p3scan_rm_counter) -gt 0 ]; then
	echo $(($(cat $BASEDIR/etc/p3scan_rm_counter)-5)) > $BASEDIR/etc/p3scan_rm_counter
else
         find /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/ -mtime +21 -type f -exec rm -f {} \;
        rm -f $BASEDIR/etc/p3scan_rm_counter
        # reset counter variable
	rm -f $BASEDIR/etc/p3scan_rm_counter
        cp -p $BASEDIR/etc/p3scan_rm_counter.conf $BASEDIR/etc/p3scan_rm_counter
fi

to:

copfilter_cron_p3scan_mod

if [ $(cat $BASEDIR/etc/p3scan_rm_counter) -gt 0 ]; then
	echo $(($(cat $BASEDIR/etc/p3scan_rm_counter)-5)) > $BASEDIR/etc/p3scan_rm_counter
else
    if [ `ls -1a /var/log/copfilter/default/opt/p3scan/quarantine | wc -l` -gt 5 ]; then
         #find /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/ -mtime +21 -type f -exec rm -f {} \;
         find /var/log/copfilter/default/opt/p3scan/quarantine/ -mtime +21 -type f -exec rm -f {} \;
        rm -f $BASEDIR/etc/p3scan_rm_counter
        # reset counter variable
	rm -f $BASEDIR/etc/p3scan_rm_counter
        cp -p $BASEDIR/etc/p3scan_rm_counter.conf $BASEDIR/etc/p3scan_rm_counter
    else
        exit
    fi
fi

Update to HAVP-Version 0.92a, see:

1. http://www.heise.de/security/meldung/Sicherheits-Update-fuer-Antivirenproxy-HAVP-1133173.html
   
2. http://www.copfilter.org/forum/viewtopic.php?f=3&t=373 (Copfilter-Forum / englisch)
   

A lack of a “dot” the supplied white list can be exploited to sneak malware on antivirus proxy HAVP.

'/var/log/copfilter/default/opt/havp/etc/whitelist contains the entry *sourceforge.net/*clamav-*.

Because of a missing dot in front of sourceforge, HAVP unfortunately doesn't check any content coming from domains which end on sourceforge.net, for example www.malwarefromsourceforge.net.

Add a preceding dot: *.sourceforge.net/*clamav-*.

There was declared the wrong iptable rules for removing the entries, if service is stopped and found some writing errors in orange network rules!

Install the following patch.

IPCop 1.9.x ONLY:

Copy 'copfilter_p3scan_patch' to an arbitrary directory (eg. to '/tmp') and enter the following command on the console::

patch -p0 < copfilter_p3scan.patch