For all that follows the same rules apply as written in the Introduction:
Please note:
ATTENTION!
And, as said before…:
Italic quotes are from the original posting - it's unfortunately no longer available.
Hi,
It seems there is a problem with SMTP Auth with the new version of sendEmail. If I test it manually, I get the following message:
root@castor:/tmp # cat /tmp/settings | $SENDEMAIL -xu $SMTP_AUTH_USER -xp $SMTP_AUTH_PASS -f $SENDER_ADR -t $EMAIL_ADR -s "${SMTP_HOST}" -u "[Copfilter] AntiVirus Update: ClamAV" Reading message body from STDIN because the '-m' option was not used. If you are manually typing in a message: - First line must be received within 60 seconds. - End manual input with a CTRL-D on its own line. Nov 14 14:28:15 castor sendEmail[17276]: Message input complete. Nov 14 14:28:19 castor sendEmail[17276]: ERROR => Received: 535 auth failure
Version 1.53 doesn't have this problem.
Enter the following commands on the console:
cd /var/log/copfilter/default/opt/tools/bin mv sendEmail sendEmail-1.55 mv sendEmail-1.53 sendEmail
After this is should be ok.
Regards,
Jens
Its a rather rare problem, but comes up from time to time.
It seems to depend on the respective ISP and the mail server configuration being used.
Italic quotes are from the original posting - it's unfortunately no longer available.
Edit:
'/var/log/copfilter/default/opt/p3scan/etc/p3scan.conf'
Sometimes it helps to raise the 'timeout'-value in 'p3scan.conf':
# # Timeout # # Change the default timeout for sending characters/lines to the # client while processing a message. # # default: 30 seconds timeout = 60
Italic quotes are from the original posting - it's unfortunately no longer available.
1. “corrupted”:
Edit:
'/var/log/copfilter/default/etc2/copfilter_functions'
Replace:
mv $TMPFILE $MAIL_FILTERINFO
with:
cat $TMPFILE | grep -v "^$" > $MAIL_FILTERINFO rm $TMPFILE
Fix is included since Copfilter 0.84beta4!
2. Mails come as source code with no subject:
Install Mail-Update: http://www.it-connect-unix.de/copfilter/mail_update.tar.gz
mail_update.tar.gz | 12 KB |
MD5SUM: | B87D04BA88FF913D8B262AE09DB57796 |
Italic quotes are from the original posting - it's unfortunately no longer available.
'monit' doesn't start automatic, only via GUI
Attention: This error occurs only when you have selected spanish as default language!
Edit:
'/var/log/copfilter/default/langs/es.sh'
in /var/log/copfilter/default/langs/es.sh
line 6 + 7:
CPerr_not_exist= "copfilter no está instalado o el archivo global_settings no se encuentra" CP_warning= "CUIDADO:\n\
must be:
CPerr_not_exist="copfilter no está instalado o el archivo global_settings no se encuentra" CP_warning="CUIDADO:\n\
There are two spaces too much!
30.08.2008: Status solved!
If you want to enable p3scan for orange network, the packets are dropped by IPCop firewall, because of a missing iptable entry in service copfilter_p3scan. This fix replaces your p3scan start service and make a backup of old one.
p3scan_orange_fix.tar.gz | 3 KB |
MD5SUM: | 2D8EAD114F19076FC41D8CDC1501902A |
Quote:
If you have problems in skipping spam tests, although they have a black- or whitelist entry, install this mailscanner-modification!
Description: some mails are sent with multiple sender addresses, which leads to problems on recognizing black- or whitelist entries and skipping spam tests.
Update 11.04.2010:
Added fix from severus for working f-prot correctly and add information about all virus-scanners in quarantine.
Update 20.04.2010:
Added fix from karesmakro and severus - export LC_ALL=en_US.UTF8, because in some cases the environment variable is ignored!
mailscanner_modified.tar.gz | 12 KB |
MD5SUM: | C4A3E42D3D9F857444AB1650C36293F1 |
This is the language patch for the new copfilter release copfilter-0.84beta4.
Without this fix, ipaddress and hostname are missing in the IPCop status page!
copfilter_lang_patch.tar.gz | 348 KB |
MD5SUM: | 571C41BB3E569A451066127B0195E61F |
Privoxy no longer checks traffic if squid cache is cleared by GUI
and squid, havp and monit are restarted by this job.
Must be restarted manually to work again.
This mod allows to restart havp and privoxy on
clearing squid cache
restart squid
by GUI.
There will only be replaced the files proxy.cgi and, if installed, advproxy.cgi. No further mods are done
besides the integrating of the restart commands for havp and privoxy.
Running the install file with parameter u will restore your current files.
Install the following patch.
(2010-04-18 21:40 v0.01.0)
squid_restart-privoxy_mod.tar.gz | 26 KB |
MD5SUM-File: | squid_restart-privoxy_mod.tar.gz.md5 |
Italic quotes are from the original posting - it's unfortunately no longer available.
I've taken the time tonight to install a brand new IPCop
and found that the bug is still present.
If AVG is installed, 'Frox' is marking everything as a virus - incoming and outgoing.
Edit:
'/var/log/copfilter/default/opt/frox/etc/frox.conf'
So I edited 'frox.conf', changed the order of a few lines and restarted all proxy services.
Original order:
# COPFILTER START - clamav - do not modify VirusScanner '"/var/log/copfilter/default/opt/clamav/default/bin/clamdscan" "%s"' # COPFILTER END - clamav - do not modify # COPFILTER START - avg - do not modify VirusScanner '"LD_LIBRARY_PATH=/var/log/copfilter/default/opt/avg/lib /var/log/copfilter/default/opt/avg/default/bin/avgscan -scan" "%s"' # COPFILTER END - avg - do not modify # COPFILTER START - f-prot - do not modify # VirusScanner # COPFILTER END - f-prot - do not modify
I moved ClamAV a few lines down and now it looks like this and is working.
# COPFILTER START - f-prot - do not modify # VirusScanner # COPFILTER END - f-prot - do not modify # COPFILTER START - avg - do not modify VirusScanner '"LD_LIBRARY_PATH=/var/log/copfilter/default/opt/avg/lib /var/log/copfilter/default/opt/avg/default/bin/avgscan -scan" "%s"' # COPFILTER END - avg - do not modify # COPFILTER START - clamav - do not modify VirusScanner '"/var/log/copfilter/default/opt/clamav/default/bin/clamdscan" "%s"' # COPFILTER END - clamav - do not modify
There is a problem in send_q_mail.sh in new copfilter-0.84beta4 version!
If you want to resend more then one spam mails contained in quarantine folder, you get an error like:
/var/log/copfilter/default/opt/tools/bin/send_q_mail.sh: line 62: [: too many arguments
The error comes from grepping an entry in an if-routine with more then one matches.
Here is the download to fix this problem.
send_q_mail_fix.tar.gz | 3 KB |
MD5SUM: | F4D522FD7ACB389EAEB195F663825D8A |
Another problems were detected in send_q_mail.sh!
Problem 1: virus mails can't be resend
Problem 2: on deleting virus mails, the tmp files wasn't deleted (but was removed by cron)
This fix includes the send_q_mail bugfix from Mar 15, 2009
send_q_mail_virus_fix.tar.gz | 3 KB |
MD5SUM: | 4ABEB6DCFB8AEC4E72ABA45B10E8252A |
monit with smtp port different to 25
The notation smtp.abd.de:26 used by the GUI and other CF core programs is no longer supported by the latest monit version.
It needs a entry set mailserver smtp-abc.de port xy (…) and additional entries for smtp_auth and smtp_aut_secure.
A little change in the copfilter_monit file will set the needed entries though the settings by GUI are done in the current way…
monit_port_mod.tar.gz | 3 KB |
MD5SUM: | 9C8E246E723A7F1DD8D01AEB7188D0E6 |
Please note:
'copfilter_monit'-Fix for Copfilter Version 0.85.2:
copfilter_monit.tgz | 2 KB |
MD5SUM: | F09083D7E43B64682A253950EAB13D05 |
Contains an alternative 'copfilter_monit' file, in case that an alternative SMTP port must be used, but 'monit' won't start.
Installation:
Create backup:
cp /root/copfilter/opt/monit/etc/init.d/copfilter_monit /root/copfilter/opt/monit/etc/init.d/copfilter_monit.orig
Extract:
tar xzf copfilter_monit.tgz -C /root/copfilter/opt/monit/etc/init.d
Subsequently, save email settings and restart 'monit'.
Installation proceeds as described in The installation of the software archives:
See: http://www.copfilter.org/forum/viewtopic.php?f=3&t=71
and
http://www.copfilter.org/forum/viewtopic.php?p=263#p263
Hi all,
this morning when I tried to have a look at the Quarantine list I got this error:
Software error: Unknown encoding 'gb2312' at /home/httpd/cgi-bin/copfilter_status.cgi line 93
Install fix for 'copfilter_status.cgi'.
copfilter_status_cgi_fix.tar.gz | 9 KB |
MD5SUM: | B1049B818D1E3584A04A948F8ED8A64E |
Heise Newsticker, 01.01.2010:
http://www.heise.de/newsticker/meldung/Jahr-2010-Problem-im-Spam-Filter-von-GMX-Update-894258.html
Quote:
Anyone who has an e-mail account at GMX should also look into today's spam folder.
The spam filter has apparently a Year 2010 problem
and many e-mails are marked as spam. You can see this by a header like this:
X-GMX-Antispam: 5 (Score=6.300;BAD_ENC_HEADER,FH_DATE_PAST_20XX);
The text FH_DATE_PAST_20XX indicates the problem: The filter should apparently sort out mail which is “suspiciously in the future”.
Now future has caught up with this filter rule.
Discussion and solution, see:
http://www.copfilter.org/forum/viewtopic.php?f=4&t=13 (German)
http://www.copfilter.org/forum/viewtopic.php?f=3&t=14 (Englisch)
ruleset-update.tar.gz | 1 KB |
MD5SUM: | 67A961D9DEB0A4A075D8CF72CC40BBCB |
Installation proceeds as described in The installation of the software archives - with a small modification:
Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=699#p699 (already included since Copfilter-Version 0.85.2).
The 'privoxy' service starts without errors, but when you call the' privoxy' configuration page, it still seems to point out that 'privoxy' is not running.
Adjustments needed in 'privoxy'-config-file.
Edit:
'/var/log/copfilter/default/opt/privoxy/etc/config'
Replace:
listen-address :8118
With:
listen-address 127.0.0.1:8118
Replace:
forward / :10080
With:
forward / 127.0.0.1:10080
In addition, Bugfix for 'privoxy'-Start should be installed!
Situation:
1. Neither F-PROT nor AVG are installed as additional virus scanners.
Nevertheless, with each update process, error messages are written to '/var/log/copfilter/0.84beta4/opt/tools/var/log/copfilter_cron.log' regarding nonexistent files and directories:
/var/log/copfilter/default/opt/tools/bin/check-updates_avg.sh: line 25: /var/log/copfilter/default/opt/avg/default/bin/avgscan: No such file or directory /var/log/copfilter/default/opt/tools/bin/check-updates_avg.sh: line 27: /var/log/copfilter/default/opt/avg/default/bin/avgupdate: No such file or directory /var/log/copfilter/default/opt/tools/bin/check-updates_avg.sh: line 29: /var/log/copfilter/default/opt/avg/default/bin/avgscan: No such file or directory /var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 26: /var/log/copfilter/default/opt/f-prot/default/fpscan: No such file or directory /var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 28: /var/log/copfilter/default/opt/f-prot/default/fpupdate: No such file or directory /var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 30: /var/log/copfilter/default/opt/f-prot/default/fpscan: No such file or directory /var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh: line 31: /var/log/copfilter/default/opt/f-prot/default/fpscan: No such file or directory
2. Periodic error messages in '/var/log/copfilter/0.84beta4/opt/tools/var/log/copfilter_cron.log':
find: /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/: No such file or directory
That's true - this directory doesn't exist…
To avoid these harmless, but unnecessary error messages, the file '/usr/local/bin/copfilter_cron' has to be adjusted:
1. - Adjust AVG-Update-Routine (Line ~39):
Change:
if [ -e /var/ipcop/red/active ]; then $BASEDIR/opt/tools/bin/check-updates_avg.sh # reset counter variable rm -f $BASEDIR/etc/avg_counter cp -p $BASEDIR/etc/avg_counter.conf $BASEDIR/etc/avg_counter else echo "No internet connection available, so no Updates will be downloaded." fi
to:
if [ -e /var/ipcop/red/active ] && [ -e $BASEDIR/etc/avg_enable ]; then $BASEDIR/opt/tools/bin/check-updates_avg.sh # reset counter variable rm -f $BASEDIR/etc/avg_counter cp -p $BASEDIR/etc/avg_counter.conf $BASEDIR/etc/avg_counter else if [ -e $BASEDIR/etc/avg_enable ]; then echo "No internet connection available, so no Updates will be downloaded." fi fi
1. - Adjust F-PROT-Update-Routine (Line ~62):
Change:
if [ -e /var/ipcop/red/active ]; then $BASEDIR/opt/tools/bin/check-updates_f-prot.sh # reset counter variable rm -f $BASEDIR/etc/fprot_counter cp -p $BASEDIR/etc/fprot_counter.conf $BASEDIR/etc/fprot_counter else echo "No internet connection available, so no Updates will be downloaded." fi
to:
if [ -e /var/ipcop/red/active ] && [ -e $BASEDIR/etc/fprotd_enable ]; then $BASEDIR/opt/tools/bin/check-updates_f-prot.sh # reset counter variable rm -f $BASEDIR/etc/fprot_counter cp -p $BASEDIR/etc/fprot_counter.conf $BASEDIR/etc/fprot_counter else if [ -e $BASEDIR/etc/fprotd_enable ]; then echo "No internet connection available, so no Updates will be downloaded." fi fi
Thus, the scripts 'check updates_avg.sh' and 'check-updates_f prot.sh' are only started if the corresponding scanners are installed.
2. - Adjust P3Scan-Routine (Line ~98):
Change:
if [ $(cat $BASEDIR/etc/p3scan_rm_counter) -gt 0 ]; then echo $(($(cat $BASEDIR/etc/p3scan_rm_counter)-5)) > $BASEDIR/etc/p3scan_rm_counter else find /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/ -mtime +21 -type f -exec rm -f {} \; rm -f $BASEDIR/etc/p3scan_rm_counter # reset counter variable rm -f $BASEDIR/etc/p3scan_rm_counter cp -p $BASEDIR/etc/p3scan_rm_counter.conf $BASEDIR/etc/p3scan_rm_counter fi
to:
if [ $(cat $BASEDIR/etc/p3scan_rm_counter) -gt 0 ]; then echo $(($(cat $BASEDIR/etc/p3scan_rm_counter)-5)) > $BASEDIR/etc/p3scan_rm_counter else if [ `ls -1a /var/log/copfilter/default/opt/p3scan/quarantine | wc -l` -gt 5 ]; then #find /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/ -mtime +21 -type f -exec rm -f {} \; find /var/log/copfilter/default/opt/p3scan/quarantine/ -mtime +21 -type f -exec rm -f {} \; rm -f $BASEDIR/etc/p3scan_rm_counter # reset counter variable rm -f $BASEDIR/etc/p3scan_rm_counter cp -p $BASEDIR/etc/p3scan_rm_counter.conf $BASEDIR/etc/p3scan_rm_counter else exit fi fi
Update to HAVP-Version 0.92a, see:
A lack of a “dot” the supplied white list can be exploited to sneak malware on antivirus proxy HAVP.
'/var/log/copfilter/default/opt/havp/etc/whitelist contains the entry *sourceforge.net/*clamav-*.
Because of a missing dot in front of sourceforge, HAVP unfortunately doesn't check any content coming from domains which end on sourceforge.net, for example www.malwarefromsourceforge.net.
Add a preceding dot: *.sourceforge.net/*clamav-*.
There was declared the wrong iptable rules for removing the entries, if service is stopped and found some writing errors in orange network rules!
Install the following patch.
IPCop 1.9.x ONLY:
V2: | copfilter_p3scan.patch | 5 KB |
MD5SUM: | F2E2E2D498877AC5971B5E9FFE34DFE5 |
Copy 'copfilter_p3scan_patch' to an arbitrary directory (eg. to '/tmp') and enter the following command on the console::
patch -p0 < copfilter_p3scan.patch