User Tools

Site Tools


en:modifications_and_extensions


Part 4 - Modifications and Extensions

For all that follows the same rules apply as written in the Introduction:

  • The main purpose of this part is to collect and describe several recommendable Modifications regarding the Copfilter-Addon for IPCop 1.4.2x (abbreviated: V1) and 1.9.x/2.x (abbreviated: V2).
  • If problems occur during these modifications, please open a new thread in the Copfilter-Forum or send us (karesmakro, severus, fischerm) a PM (Private Message) via Copfilter Forum.
    Any requests for changes or extensions will be taken in account.

Please note:

  • Some of the updates described are already included since Copfilter version 0.84beta5. Please read the Changelogs.
  • The line informations regarding code changes may not necessarily be *absolutely*, so always use search functions for text or code-passages.
  • This comes with absolutely no functional guarantees!

ATTENTION!

  • Extensive knowledge about the working(s) of the IPCop-Firewall and Copfilter in general, plus extensive Linux experiences are an absolute must for the updates and modifications that are described here!
  • This is not for novices to experiment, you need to know what you are doing and what the consequences may be…
  • A full backup, a functioning restore, and the willingness to reinstall a defective IPCop-system are prerequisites!

And as we now seamlessly make our first steps into the area of advanced editing in Copfilter configurations files, another strong recommendation:

  • It is an absolutely must to use a Linux-compatible text editor - on a Linux OS - for all changes to be made!
  • Any other Non-Linux-Editor is readily able to break your Copfilter configuration in the simplest case. Afterwards, Copfilter essential functions are at least impaired, if not totally ineffective.

Another few words in advance:

  • The fundamental problem of all following “enhancements” and “modifications”: the related discussions from the old Copfilter forum have vanished to “Nirvana” with the forum crash of 2009.
  • The same applies to many “I'd like to have a problem …”-discussions related to missing/incorrect or just “wanted” Copfilter functionalities.
  • To put it in a nutshell: once there was a clear reason to use ClamAV (and HAVP) not in “library mode”, but as a TCP socket scanner.
  • In this particular case, one of these reasons still exists - if someone didn't notice yet: the textual/graphical analysis of the “ClamAV anti-virus statistics” on the Copfilter status or antivirus page provides no quite conclusive results, if you use the the library version…
  • But the discussions which resulted in giving the TCP socket scanner a chance are unfortunately gone forever.
  • Other reasons to prefer the Unix (local) socket version, can be found here and here - the TCP or Unix socket could certainly be an alternative for PCs with only 512MB of memory.
  • Therefore the respective manual modifications for switching the different scanner types are described in detail, perhaps becoming more understandable. In the meantime even a patch exists for the GUI for switching from Library scanner to [Unix-local] socket scanner (and vice versa).
  • Where it was possible I've also added at least a brief description, regarding the appropriateness of each patch, to make it - hopefully - understandable.

But most important:

  • There is nothing lost if you don't apply the following patches - stability or reliability may not contribute significantly - sometimes it's just a ~“Nice to Have”…

Ok? Then let's start PuTTY, log in, fire up 'Vi' (or 'nano') - and go:

1. ClamAV (and HAVP) - TCP-Socket-Scanner

Basics

Description

See: http://www.opensource.apple.com/source/SpamAssassin/SpamAssassin-124/clamav/docs/German/clamdoc_de.pdf (german)
or http://www.clamav.net/doc/latest/clamdoc.pdf (english)

Quote:
Clam Server
clamd is a multi-threaded server and uses libclamav in order to check files for viruses. The program uses one of the following two modes of communication:
.. Unix (local) socket
.. TCP socket…

Differences

The socket scanner has a slightly better performance than the library method, but the Internet connection when updating the virus database, or when reloading the database (depending on the setting, normally once per hour), is blocked for a short time. In library mode HAVP uses the database of Clamav directly.

Method

First, backup the following files:

  • /var/log/copfilter/default/opt/havp/etc/havp.config
  • /var/log/copfilter/default/opt/clamav/etc/clamd.conf
  • /var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp

Optional, see below:

  • /var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit
  • /var/log/copfilter/default/opt/monit/etc/monitrc

1. Change the following in '/var/log/copfilter/default/opt/havp/etc/havp.config':

Set ENABLECLAMLIB to 'false':

ENABLECLAMLIB false

Set ENABLECLAMD to 'true':

ENABLECLAMD true

Comment CLAMDSOCKET-option:

# CLAMDSOCKET /var/log/copfilter/default/opt/clamav/var/run/clamd.socket

Uncomment CLAMDSERVER-options:

CLAMDSERVER 127.0.0.1
CLAMDPORT 3310

2. Change the following in '/var/log/copfilter/default/opt/clamav/etc/clamd.conf':

Uncomment TCPSocket:

TCPSocket 3310

Uncomment LOCALSOCKET and adjust path to socket file:

LOCALSOCKET /var/log/copfilter/default/opt/clamav/var/run/clamd.socket

3. Edit '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp':
In section “configure_scanners” adjust “ENABLECLAMLIB” (Line ~436ff).

Change first ENABLECLAMLIB-query to false, second to true:

enableclamlib_false_true
configure_scanners () {

/bin/grep KEEPBACKBUFFER $PRG_PATH/etc/havp.config &>/dev/null
RESULT="$?"
if [ $RESULT != "0" ]; then
    cp -p $PRG_PATH/etc/havp.config.backup $PRG_PATH/etc/havp.config
fi
	PID=`pidof clamd`
RESULT1=$?
if [ -f $BASEDIR/opt/clamav/default/bin/clamdscan -a "x${RESULT1}" = "x0" -a "x${CLAMD_ENABLE}" = "xon" -a "x${HTTP_VIRUS_SCAN_CLAMAV}" = "xon" ]; then       echo $CP_clamav_havp $APPEND
        cp -p $BASEDIR/opt/havp/etc/havp.config /tmp/havp.config.tmp
        cat $BASEDIR/opt/havp/etc/havp.config  |sed -e 's/^ENABLECLAMLIB.*/ENABLECLAMLIB false/' > /tmp/havp.config.tmp
        mv  /tmp/havp.config.tmp $BASEDIR/opt/havp/etc/havp.config
        chown havp.havp $BASEDIR/opt/havp/etc/havp.config
else
        echo $CP_clamav_havp2 $APPEND
        cp -p $BASEDIR/opt/havp/etc/havp.config /tmp/havp.config.tmp
        cat $BASEDIR/opt/havp/etc/havp.config  |sed -e 's/^ENABLECLAMLIB.*/ENABLECLAMLIB true/' > /tmp/havp.config.tmp
        mv  /tmp/havp.config.tmp $BASEDIR/opt/havp/etc/havp.config
        chown havp.havp $BASEDIR/opt/havp/etc/havp.config
fi

  1. Backups of all affected configuration files must be made!
  2. After the necessary changes were made, restart all Copfilter components with button Restart all services on Copfilter status page.
  3. The bold marked lines of the log file outputs indicate the main differences, which one must careful examine to judge whether the conversion was successful.
  4. Pages, where you can test the scanner functions via download can be found here:

Start message from 'clamd.log':
Sat Feb 13 17:25:31 2010 → +++ Started at Sat Feb 13 17:25:31 2010
Sat Feb 13 17:25:31 2010 → clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Sat Feb 13 17:25:31 2010 → Log file size limited to 10485760 bytes.
Sat Feb 13 17:25:31 2010 → Reading databases from /var/log/copfilter/default/opt/clamav/virdb
Sat Feb 13 17:25:31 2010 → Not loading phishing signatures.
Sat Feb 13 17:25:34 2010 → Loaded 570153 signatures.
Sat Feb 13 17:25:34 2010 → TCP: Bound to address 127.0.0.1 on port 3310
Sat Feb 13 17:25:34 2010 → TCP: Setting connection queue length to 15
Sat Feb 13 17:25:34 2010 → LOCAL: Unix socket file /var/log/copfilter/default/opt/clamav/var/run/clamd.socket
Sat Feb 13 17:25:34 2010 → LOCAL: Setting connection queue length to 15
Sat Feb 13 17:25:34 2010 → Limits: Global size limit set to 104857600 bytes.
Sat Feb 13 17:25:34 2010 → Limits: File size limit set to 26214400 bytes.
Sat Feb 13 17:25:34 2010 → Limits: Recursion level limit set to 16.
Sat Feb 13 17:25:34 2010 → Limits: Files limit set to 10000.
Sat Feb 13 17:25:34 2010 → Archive support enabled.
Sat Feb 13 17:25:34 2010 → Algorithmic detection enabled.
Sat Feb 13 17:25:34 2010 → Portable Executable support enabled.
Sat Feb 13 17:25:34 2010 → ELF support enabled.
Sat Feb 13 17:25:34 2010 → Mail files support enabled.
Sat Feb 13 17:25:34 2010 → OLE2 support enabled.
Sat Feb 13 17:25:34 2010 → PDF support enabled.
Sat Feb 13 17:25:34 2010 → HTML support enabled.
Sat Feb 13 17:25:34 2010 → Self checking every 600 seconds.
Sat Feb 13 17:25:34 2010 → Set stacksize to 2158592
Sat Feb 13 17:25:39 2010 → /var/log/copfilter/default/opt/havp/tmp/havp-L0UKXP: Eicar-Test-Signature FOUND


Start message from 'havp_error.log':
13/02/2010 17:09:16 Process ID: 661
13/02/2010 17:25:39 === Starting HAVP Version: 0.91
13/02/2010 17:25:39 Running as user: havp, group: havp
13/02/2010 17:25:39 — Initializing Clamd Socket Scanner
13/02/2010 17:25:39 Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
13/02/2010 17:25:39 — All scanners initialized
13/02/2010 17:25:39 Process ID: 1742

2. ClamAV (and HAVP) - Unix-(local)-Socket-Scanner

Note

See: http://www.copfilter.org/forum/viewtopic.php?p=1095#p1095

Because the library scanner needs a lot of RAM - especially when using ClamAV version 0.96 in conjunction with the 3rd Party Signatures - karesmakro has written a modification, which allows changing the HAVP scanner from library mode to [Unix-local]-socket-scanner and vice versa via GUI!

By this change the average memory usage usually drops by about 20-30%, depending on the databases used:

Socket: Memory graph per day

Even on an IPCop with 1GB RAM you can clearly see the lower memory requirements:

Socket: Memory graph per week

After installing this mod there is a new switch in the GUI under Copfilter HTTP filter available:

HAVP library Option

If switched to “off”, HAVP is working in socket scanner mode.

Download

havp_mod.tar.gz 73 KB
MD5SUM:B14002AC61322589DDCFD19B9D9635D2

Installation proceeds as described in The installation of the software archives, uninstalling is possible using the install script './install'.

If after installation, IPCop hostname is not displayed on the start page, you also need this patch:

havp_mod_lang.tar.gz 77 KB
MD5SUM:66C33C047CF632D53B59E18F23961640

Method

The procedure is essentially identical to the establishment of the TCP socket scanner. The entries for CLAMDSERVER and CLAMDPORT in 'havp.config' and the entry of TCPSocket in 'clamd.conf' however, are not activated:

1. Change the following in '/var/log/copfilter/default/opt/havp/etc/havp.config':

Set ENABLECLAMLIB to 'false':

ENABLECLAMLIB false

Set ENABLECLAMD to 'true':

ENABLECLAMD true

Uncomment CLAMDSOCKET-option:

CLAMDSOCKET /var/log/copfilter/default/opt/clamav/var/run/clamd.socket

Comment CLAMDSERVER-options:

# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310

2. Change the following in '/var/log/copfilter/default/opt/clamav/etc/clamd.conf':

# TCPSocket 3310
LOCALSOCKET /var/log/copfilter/default/opt/clamav/var/run/clamd.socket

3. Edit '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp':
In section “configure_scanners” adjust “ENABLECLAMLIB” (~Line 436ff).

Change first ENABLECLAMLIB-query to false, second to true:

enableclamlib_false_true
configure_scanners () {

/bin/grep KEEPBACKBUFFER $PRG_PATH/etc/havp.config &>/dev/null
RESULT="$?"
if [ $RESULT != "0" ]; then
    cp -p $PRG_PATH/etc/havp.config.backup $PRG_PATH/etc/havp.config
fi
	PID=`pidof clamd`
RESULT1=$?
if [ -f $BASEDIR/opt/clamav/default/bin/clamdscan -a "x${RESULT1}" = "x0" -a "x${CLAMD_ENABLE}" = "xon" -a "x${HTTP_VIRUS_SCAN_CLAMAV}" = "xon" ]; then       echo $CP_clamav_havp $APPEND
        cp -p $BASEDIR/opt/havp/etc/havp.config /tmp/havp.config.tmp
        cat $BASEDIR/opt/havp/etc/havp.config  |sed -e 's/^ENABLECLAMLIB.*/ENABLECLAMLIB false/' > /tmp/havp.config.tmp
        mv  /tmp/havp.config.tmp $BASEDIR/opt/havp/etc/havp.config
        chown havp.havp $BASEDIR/opt/havp/etc/havp.config
else
        echo $CP_clamav_havp2 $APPEND
        cp -p $BASEDIR/opt/havp/etc/havp.config /tmp/havp.config.tmp
        cat $BASEDIR/opt/havp/etc/havp.config  |sed -e 's/^ENABLECLAMLIB.*/ENABLECLAMLIB true/' > /tmp/havp.config.tmp
        mv  /tmp/havp.config.tmp $BASEDIR/opt/havp/etc/havp.config
        chown havp.havp $BASEDIR/opt/havp/etc/havp.config
fi

  1. Backups of all affected configuration files must be made!
  2. After the necessary changes were made, restart all Copfilter components with Button Restart all services on Copfilter status page.
  3. The bold marked lines of the log file outputs indicate the main differences, which one must careful examine to judge whether the conversion was successful.
  4. Pages, where you can test the scanner functions via download can be found here:

Start message from 'clamd.log':
Sat Jun 5 01:48:15 2010 → +++ Started at Sat Jun 5 01:48:15 2010
Sat Jun 5 01:48:15 2010 → clamd daemon devel-20100603 (OS: linux-gnu, ARCH: i386, CPU: i686)
Sat Jun 5 01:48:15 2010 → Log file size limited to 10485760 bytes.
Sat Jun 5 01:48:15 2010 → Reading databases from /var/log/copfilter/default/opt/clamav/virdb
Sat Jun 5 01:48:15 2010 → Not loading PUA signatures.
Sat Jun 5 01:48:44 2010 → Loaded 987996 signatures.
Sat Jun 5 01:48:44 2010 → LOCAL: Unix socket file /var/log/copfilter/default/opt/clamav/var/run/clamd.socket
Sat Jun 5 01:48:44 2010 → LOCAL: Setting connection queue length to 15
Sat Jun 5 01:48:44 2010 → Limits: Global size limit set to 20971520 bytes.
Sat Jun 5 01:48:44 2010 → Limits: File size limit set to 26214400 bytes.
Sat Jun 5 01:48:44 2010 → Limits: Recursion level limit set to 16.
Sat Jun 5 01:48:44 2010 → Limits: Files limit set to 5000.
Sat Jun 5 01:48:44 2010 → Archive support enabled.
Sat Jun 5 01:48:44 2010 → Algorithmic detection enabled.
Sat Jun 5 01:48:44 2010 → Portable Executable support enabled.
Sat Jun 5 01:48:44 2010 → ELF support enabled.
Sat Jun 5 01:48:44 2010 → Mail files support enabled.
Sat Jun 5 01:48:44 2010 → OLE2 support enabled.
Sat Jun 5 01:48:44 2010 → PDF support enabled.
Sat Jun 5 01:48:44 2010 → HTML support enabled.
Sat Jun 5 01:48:44 2010 → Heuristic: precedence enabled
Sat Jun 5 01:48:44 2010 → Self checking every 600 seconds.
Sat Jun 5 01:48:44 2010 → Set stacksize to 2158592
Sat Jun 5 01:48:57 2010 → /var/log/copfilter/default/opt/havp/tmp/havp-gXCsqb: Eicar-Test-Signature FOUND


Start message from 'havp_error.log':
05/06/2010 01:48:56 === Starting HAVP Version: 0.92
05/06/2010 01:48:56 Running as user: havp, group: havp
05/06/2010 01:48:57 — Initializing Clamd Socket Scanner
05/06/2010 01:48:57 Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
05/06/2010 01:48:57 — All scanners initialized

3. ClamAV (and HAVP) - Library-Scanner

This is the default setting after every Copfilter installation.

However, it has the disadvantage of being much more memory-hungry than the socket variants, especially when using the 3rd Party Signatures.

  • Besides that, the Library scanner is the most recommended / preferred method because it provides a stable base and causes no data loss, for example by a ClamAV crash. Performance is somewhat worse - IMHO imperceptible.

Method

First, backup the following files:

  • /var/log/copfilter/default/opt/havp/etc/havp.config
  • /var/log/copfilter/default/opt/clamav/etc/clamd.conf
  • /var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp

Optional, see below:

  • /var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit
  • /var/log/copfilter/default/opt/monit/etc/monitrc

1. Change the following in '/var/log/copfilter/default/opt/havp/etc/havp.config'

Set ENABLECLAMLIB to 'true':

ENABLECLAMLIB true

Set ENABLECLAMD to 'false':

ENABLECLAMD false

Uncomment CLAMDSOCKET-option:

CLAMDSOCKET /var/log/copfilter/default/opt/clamav/var/run/clamd.socket

Comment CLAMDSERVER-options:

# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310

2. Change the following in '/var/log/copfilter/default/opt/clamav/etc/clamd.conf'

Comment TCPSocket:

# TCPSocket 3310

3. Edit '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp'
In section “configure_scanners” adjust “ENABLECLAMLIB” (Line ~436ff).

Change first ENABLECLAMLIB-query to true, second to false:

enableclamlib_true_false
configure_scanners () {

/bin/grep KEEPBACKBUFFER $PRG_PATH/etc/havp.config &>/dev/null
RESULT="$?"
if [ $RESULT != "0" ]; then
    cp -p $PRG_PATH/etc/havp.config.backup $PRG_PATH/etc/havp.config
fi
	PID=`pidof clamd`
RESULT1=$?
if [ -f $BASEDIR/opt/clamav/default/bin/clamdscan -a "x${RESULT1}" = "x0" -a "x${CLAMD_ENABLE}" = "xon" -a "x${HTTP_VIRUS_SCAN_CLAMAV}" = "xon" ]; then
        echo $CP_clamav_havp $APPEND
        cp -p $BASEDIR/opt/havp/etc/havp.config /tmp/havp.config.tmp
        cat $BASEDIR/opt/havp/etc/havp.config  |sed -e 's/^ENABLECLAMLIB.*/ENABLECLAMLIB true/' > /tmp/havp.config.tmp
        mv  /tmp/havp.config.tmp $BASEDIR/opt/havp/etc/havp.config
        chown havp.havp $BASEDIR/opt/havp/etc/havp.config
else
        echo $CP_clamav_havp2 $APPEND
        cp -p $BASEDIR/opt/havp/etc/havp.config /tmp/havp.config.tmp
        cat $BASEDIR/opt/havp/etc/havp.config  |sed -e 's/^ENABLECLAMLIB.*/ENABLECLAMLIB false/' > /tmp/havp.config.tmp
        mv  /tmp/havp.config.tmp $BASEDIR/opt/havp/etc/havp.config
        chown havp.havp $BASEDIR/opt/havp/etc/havp.config
fi

  1. Backups of all affected configuration files must be made!
  2. After the necessary changes were made, restart all Copfilter components with Button Restart all services on Copfilter status page.
  3. The bold marked lines of the log file outputs indicate the main differences, which one must careful examine to judge whether the conversion was successful.
  4. Pages, where you can test the scanner functions via download can be found here:

Start message from 'clamd.log':
Sat Feb 13 17:09:08 2010 → +++ Started at Sat Feb 13 17:09:08 2010
Sat Feb 13 17:09:08 2010 → clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Sat Feb 13 17:09:08 2010 → Log file size limited to 10485760 bytes.
Sat Feb 13 17:09:08 2010 → Reading databases from /var/log/copfilter/default/opt/clamav/virdb
Sat Feb 13 17:09:08 2010 → Not loading phishing signatures.
Sat Feb 13 17:09:11 2010 → Loaded 570153 signatures.
Sat Feb 13 17:09:11 2010 → LOCAL: Unix socket file /var/log/copfilter/default/opt/clamav/var/run/clamd.socket
Sat Feb 13 17:09:11 2010 → LOCAL: Setting connection queue length to 15
Sat Feb 13 17:09:11 2010 → Limits: Global size limit set to 104857600 bytes.
Sat Feb 13 17:09:11 2010 → Limits: File size limit set to 26214400 bytes.
Sat Feb 13 17:09:11 2010 → Limits: Recursion level limit set to 16.
Sat Feb 13 17:09:11 2010 → Limits: Files limit set to 10000.
Sat Feb 13 17:09:11 2010 → Archive support enabled.
Sat Feb 13 17:09:11 2010 → Algorithmic detection enabled.
Sat Feb 13 17:09:11 2010 → Portable Executable support enabled.
Sat Feb 13 17:09:11 2010 → ELF support enabled.
Sat Feb 13 17:09:11 2010 → Mail files support enabled.
Sat Feb 13 17:09:11 2010 → OLE2 support enabled.
Sat Feb 13 17:09:11 2010 → PDF support enabled.
Sat Feb 13 17:09:11 2010 → HTML support enabled.
Sat Feb 13 17:09:11 2010 → Self checking every 600 seconds.
Sat Feb 13 17:09:11 2010 → Set stacksize to 2158592


Start message from 'havp_error.log':
13/02/2010 17:09:13 === Starting HAVP Version: 0.91
13/02/2010 17:09:13 Running as user: havp, group: havp
13/02/2010 17:09:13 — Initializing ClamAV Library Scanner
13/02/2010 17:09:13 ClamAV: Using database directory: /var/log/copfilter/default/opt/clamav/virdb
13/02/2010 17:09:16 ClamAV: Loaded 569331 signatures (engine 0.95.3)
13/02/2010 17:09:16 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
13/02/2010 17:09:16 — All scanners initialized
13/02/2010 17:09:16 Process ID: 661

4. 'monit' - necessary changes

You can skip theses changes if you set the local socket file in 'havp.config' (CLAMDSOCKET) and 'clamd.conf' (LOCALSOCKET) as described here. The running ClamAV-process is then monitored through the socket file!

For 'monit' to work with the modifications in 1. and 2. and to monitor the 'clamd'-processes correctly, you have to make further adjustments on two 'monit' files:

1. Change the following in '/var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit':

Line ~72-76 (deactivate or delete original lines):

copfilter_monit_socket_mod
if [ -f $BASEDIR/etc/clamd_enable ]; then
            check=`cat $BASEDIR/opt/havp/etc/havp.config  | grep 'ENABLECLAMLIB false'`
               if [ "$check" = "ENABLECLAMLIB false" ]; then
                  unmonitor clamd-lib
                  monitor clamd-socket
               else
                  unmonitor clamd-socket
                  monitor clamd-lib
               fi
            else
                  unmonitor clamd-socket
                  unmonitor clamd-lib
            fi

2. Change the following in '/var/log/copfilter/default/opt/monit/etc/monitrc':

Line ~43-49 (deactivate or delete original lines):

monit_rc_socket_mod
# COPFILTER START - clamd-lib
#XX#   check process clamd with pidfile /var/log/copfilter/default/opt/clamav/var/run/clamd.pid
#XX#   start program = "/var/log/copfilter/default/opt/clamav/etc/init.d/copfilter_clamd start"
#XX#   stop  program = "/var/log/copfilter/default/opt/clamav/etc/init.d/copfilter_clamd stop"
#XX#   if failed unixsocket /var/log/copfilter/default/opt/clamav/var/run/clamd.socket then restart
#XX#   if 5 restarts within 5 cycles then timeout
# COPFILTER STOP - clamd-lib

# COPFILTER START - clamd-socket
#XX#   check process clamd with pidfile /var/log/copfilter/default/opt/clamav/var/run/clamd.pid
#XX#   start program = "/var/log/copfilter/default/opt/clamav/etc/init.d/copfilter_clamd start"
#XX#   stop  program = "/var/log/copfilter/default/opt/clamav/etc/init.d/copfilter_clamd stop"
#XX#   if failed host 127.0.0.1 port 3310 type tcp then restart
#XX#   if 5 restarts within 5 cycles then timeout
# COPFILTER STOP - clamd-socket

Afterwards, stop and restart 'monit'!

/etc/rc.d/init.d/copfilter_monit restart

This applies for all these changes - as always:

  • Please restart Copfilter (Restart all services) and check log files on Copfilter-Tests & Logs-page for errors!

5. Squid and 'monit'

Italic quotes are from the original posting - it's unfortunately no longer available.

Quote:
It can occur in rare cases that the Squid proxy crashes.
Then surfing for the users is no longer possible.
Monit daemon contained in Copfilter allows the addition of other services.
These can be monitored and possibly be restarted. In this case, a mail is sent to the administrator.

1. Edit:
'/var/log/copfilter/default/opt/monit/etc/monitrc'

Add the following lines at the end:

monit_rc_squid_mod
# squid-Proxy
  check process squid with pidfile /var/run/squid.pid
  start program = "/usr/local/bin/restartsquid && /usr/local/bin/copfilter_restarthavp"
  stop  program = "/usr/sbin/squid -k kill"
  if 5 restarts within 5 cycles then timeout
  if cpu usage > 99% for 5 cycles then alert
  if mem usage > 99% for 5 cycles then alert
# squid-Proxy

2. Edit:
'/var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit'

Insert at line ~117:

copfilter_monit_squid_mod
if [ -f /var/run/squid.pid ]; then
                monitor squid
            else
                unmonitor squid
            fi

Afterwards, stop and restart 'monit' via Copfilter GUI.

Screenshot

Monitoring squid

V1-Logo

6. Copfilter and 'logrotate.conf'

See:
http://www.copfilter.org/forum/viewtopic.php?f=4&t=183
http://www.copfilter.org/forum/viewtopic.php?f=4&t=182&p=339#p339

Note:
For a better understanding of the configuration options of 'logrotate' see: http://linuxcommand.org/man_pages/logrotate8.html

Italic quotes are from the original posting - it's unfortunately no longer available.

Edit:
'/etc/logrotate.conf'

Tony,
you can of course rotate the logs (which is better than deleting anyway).
You just have to adjust this in the logrotate.conf.

I have added the following entries:


custom_logrotate_conf
# Custom copfilter log rotation
/var/log/copfilter/default/opt/clamav/var/log/freshclam.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
}
/var/log/copfilter/default/opt/tools/var/log/renattach.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
}
/var/log/copfilter/default/opt/p3scan/var/log/p3scan.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
postrotate
        if [ -f /var/log/copfilter/default/opt/p3scan/var/run/p3scan.pid ]; then
            /etc/rc.d/init.d/copfilter_p3scan restart
        fi
endscript
}
/var/log/copfilter/default/opt/mail-spamassassin/etc/.razor/razor-agent.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
}
/var/log/copfilter/default/opt/mail-spamassassin/var/log/spamd.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
postrotate
        if [ -f /var/log/copfilter/default/opt/mail-spamassassin/var/run/spamd.pid ]; then
            /etc/rc.d/init.d/copfilter_spamd restart
        fi
endscript
}
/var/log/copfilter/default/opt/proxsmtp/var/log/proxsmtpd.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
postrotate
        if [ -f /var/log/copfilter/default/opt/proxsmtp/var/run/proxsmtpd.pid ]; then
            /etc/rc.d/init.d/copfilter_proxsmtpd restart
        fi
endscript
}
/var/log/copfilter/default/opt/anomy/1.70/testcases/results.def/*.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
}
/var/log/copfilter/default/opt/havp/var/log/*.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
postrotate
        if [ -f /var/log/copfilter/default/opt/havp/var/run/havp.pid ]; then
            /etc/rc.d/init.d/copfilter_havp reload
        fi
endscript
}
/var/log/copfilter/default/opt/frox/var/log/frox.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
postrotate
        if [ -f /var/log/copfilter/default/opt/frox/var/run/frox.pid ]; then
            /etc/rc.d/init.d/copfilter_frox restart
        fi
endscript
}
/var/log/copfilter/default/opt/php/var/log/error.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
}
/var/log/copfilter/default/opt/monit/var/log/monit.log {
monthly
rotate 3
copytruncate
compress
notifempty
missingok
postrotate
        if [ -f /var/log/copfilter/default/opt/monit/var/run/monit.pid ]; then
            /etc/rc.d/init.d/copfilter_monit restart
        fi
endscript
}
# Custom copfilter log rotation - END

This will rotate all the Copfilter-related logs I found. But be aware that this actually breaks the functionality of the SPAM-statistics.

Regards,

Jens

P.S.: In your case the entried for spamd.log and proxsmtpd.log should
be the most important ones. You do not need to implement all the log
rotations.

7. Show Squid 'cache.log' in "Test & Logs"

Being bored that I had to open a console each time I wanted to look for Squids 'cache.log' file, I added a link to Copfilter Tests & Logs page to display the contents of
'/var/log/squid/cache.log'.

Edit:
/home/httpd/cgi-bin/copfilter_testlog.cgi

Method:

1. First, create new symlink in directory '/var/log/copfilter/default/log':

ln -s /var/log/squid/cache.log /var/log/copfilter/default/log/squid_cache.log

It should look like this:

lrwxrwxrwx 1 root root 24 2008-10-03 11:33 squid_cache.log -> /var/log/squid/cache.log

2. Add following line in '/home/httpd/cgi-bin/copfilter_testlog.cgi (0.84beta3a: line ~402, 0.84beta4: line ~426, 2.0.91beta1: line ~452):

<br /><a href='/copfilterlog/squid_cache.log' target='_blank'>squid_cache.log</a>

Result:

.
.
<br /><a href='/copfilterlog/httpd_access.log' target='_blank'>httpd_access.log</a>
    <br /><a href='/copfilterlog/httpd_error.log' target='_blank'>httpd_error.log</a>
    <br /><a href='/copfilterlog/squid_cache.log' target='_blank'>squid_cache.log</a>
.
.

Done.

After reloading the Copfilter "Tests & Logs"-page (or hitting “F5” in your browser) - there's a new link available, which opens '/var/log/squid/cache.log' in a new browser page ('squid'-log must be enabled under “Log Settings” in squid-GUI):

Squid - 'cache.log'

8. Bayes: Autolearning (Spamassassin)

Italic quotes are from the original posting - it's unfortunately no longer available.

Edit:
'/var/log/copfilter/default/opt/mail-spamassassin/etc/init.d/copfilter_spamd'

Replace

if [ "X${IMAP_ENABLE}" = "xon" ]; then[size]

with

if [ true ]; then

then restart 'spamd'.

The file 'local.cf' (/var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf) should now contain “use_bayes 1” and “bayes_autolearn 1”. I'm testing this for a week and Autolearn is functional.

Regards
Taurus

Edit: For Copfilter 0.83beta3a, not tested with older versions!

Tested with Copfilter version 0.84beta4: ok!

9. Whitelist User Manager

Description

Now script is finished and user could be added by typing 'whitelist_user –add' and deleted with 'whitelist_user –del'

After installation, set a link from copfilter whitelist-manager webgui to every users desktop, who should have access to it.

Description: this script seperates the webgui users database of ipcop; for allowing user to manage the white-/blacklist of spamassassin.
It's based on htaccess for authorize only described area of ipcop.

There is no need to uninstall previous version. Previous version is automatically detected and updated!

Download

whitelist_user_v0.2.tar.gz 4 KB
MD5SUM:1DB2A1DCE8F295EF0E53FF5CECEEF8D9

Installation

10. 3rd Party Signatures

  • Since Copfilter version 0.85.3beta3x and 2.0.9x user-rights have been changed - version 0.55.2 is no longer compatibel with Copfilter versions >0.85.2 and 2.0.9x. Use 0.55.3 instead!

Note

This mod replaces the former *check_clamav* released by karesmakro. As this mod is no longer required, it will be removed automatically.

Thanks to karesmakro for releasing his uninstall files.

Description

See: http://www.copfilter.org/forum/viewtopic.php?f=3&t=215&start=0

Its absolutely necessary to follow the configuration instructions given there!

I'm glad to introduce a new mod for copfilter-0.84beta4 and higher (ipcop/copfilter v2 supported) for using additional signature files for clamav to protect your clients against spam, phishing and more.

The mod I'll offer you supports files from Sanesecurity, SecuriteInfo, Porcupine, Bofhland, Malware-Patrol and Andrew Lewis, Julian Field, CRDF and OITC.

Hardware minimum:

  • Pentium 1 GHz
  • 1 GB RAM (if all signatures are being used and ClamAV is running in library mode: 3GB)
  • 8 GB HDD

Changelog

2011-01-24 0.50.3

  • Support for IPCop v2 added
  • Mail notification for all signature updates available (optional).
  • Splitted up the cron.daily to three files depending to the allowed downloads per day by the different distributors:
  • cron.daily for the current copfilter jobs and the SecuriteInfo databases
  • cron.4hourly for the Malware Patrol database
  • cron.hourly for the databases distributed by Sanesecurity (Sanesecurity, OITC, Andrew Lewis, Julian Field, Bill Landry) and MSRBL
  • Refreshed copfilter_functions and the cgi-files for use with IPCop v2.
  • Added Karesmakros changes to the replacing cgi files to prevent most of the error messages in the httpd_error.log (v1.4.x and v2).
  • Added support for imspector GUI, added to copfilter V2 by karesmakro
  • Added new CRDF database.
  • Added new jurlbl.ndb and spamattach.hdb databases.

This script based version is no longer developed in favour of the GUI based version!

Supporting copfilter v1 up to 0.85.2 and v2 lower than 2.0.90
2011-03-10 0.55.0

  • Modify process GUI based
  • Possible use of separate databases with libclamav library scanner with havp (not while using clamd socket scanner!)
  • cgi-files and copfilter_havp therefore modified
  • Modify process running with a separate cron job with copfilter_3pcron added
  • Added 2 new sanesecurity databases
  • Some minor changes and fixes
  • Added copfilter_mail.cgi, imap_run_now.sh and check-updates_rulesdujour.sh for disabling/enabling update mail notifications by email-GUI
  • Some minor changes to logging
  • Some minor changes to copying files to havp virdb in libclamav mode
  • Some *cosmetical surgery* to GUI
  • Added links to the websites of the distributors of the databases and to the new sanesecurity status site to the antivirus GUI
  • Some minor changes to language files and cgi files

2011-03-31 0.55.1
Changes

  • Updated rsync to v3.0.8
  • Modified language files for imspector support in V2

2011-04-18 0.55.2
Changes

  • Added modified copfilter_functions for use without header/footer mail infos but adjusted to the modified update files (Thanks to moshari_3 for reporting problems.)
  • Some minor fixes and changes

2012-02-02 0.55.2.1
Changes

  • Added switch to GUI for enabling/disabling additional database infos to scanned mail's header/footer.

2012-02-11 0.55.2.2
Changes

  • Added new sanesecurity database: sanesecurity.ftm containing mail type infos. Use required for better performance.
  • Fixed f-prot bug in antivirus.cgi files (Thanks ShelbyGT500 for reporting).

2012-02-21 0.55.2.3
Changes

  • Added three new bofhland databases: bofhland_cracked_URL.ndb, bofhland_malware_URL.ndb, bofhland_phishing_URL.ndb.

2012-02-28 0.55.2.4
Changes

  • Replaced cp command wherever possible by rsync command to spare bandwidth as well as cpu and hdd usage.
  • Updated rsync to version 3.0.9.
  • Modified clam_db_check.sh file for only checking new or changed files with clamscan for better performance and less cpu usage.

Supporting copfilter v1 0.85.3 or higher and v2 2.0.90 or higher!
2011-07-17 0.55.3
Changes

  • Modified for Copfilter 0.85.3betaX and 2.0.90

2012-02-10 0.55.3.1
Changes

  • Added switch to GUI for enabling/disabling additional database infos to scanned mail's header/footer.

2012-02-11 0.55.3.2
Changes

  • Added new sanesecurity database: sanesecurity.ftm containing mail type infos. Use required for better performance.
  • Fixed f-prot bug in antivirus.cgi files (Thanks ShelbyGT500 for reporting).

2012-02-21 0.55.3.3
Changes

  • Added three new bofhland databases: bofhland_cracked_URL.ndb, bofhland_malware_URL.ndb, bofhland_phishing_URL.ndb.

2012-02-28 0.55.3.4
Changes

  • Replaced cp command wherever possible by rsync command to spare bandwidth as well as cpu and hdd usage.
  • Updated rsync to version 3.0.9.
  • Modified clam_db_check.sh file for only checking new or changed files with clamscan for better performance and less cpu usage.


2012-11-23 0.56.0 for copfilter 0.84 up to 0.85.2
2012-11-23 0.60.0 for copfilter 0.85.3 and higher and 2.0.91 and higher

Copfilter 2.0.90 is no longer supported. Please update to version 2.0.91!

Changes

  • Switched back to the original filenames. Therefore in any case uninstall previous versions first!
  • Fixed numerous possible issues when using the mod as an update to copfilter 2.0.91 and higher.
  • Implemented fix for possible f-prot bug in copfilter_cron.
  • Added to the cron files multiple *wait* commands to ensure there will always run only one process for updating clamav databases in time to prevent unwanted interactions between the various processes. (i.e. check-updates_clamav.sh, 3rdp_modify.sh, cron.daily, cron.4hourly, cron.hourly)
  • Added another if-request to copfilter_3pcron for the same purpose.
  • Some changes to the cron files for better logging.
  • Some changes to the cron files for better performance.
  • Added some commands to copfilter_functions for preventing leftover files in /tmp directory
  • Fixed some bugs (Thanks to FischerM for reporting)
  • Fixed a bug in mailscanner.sh: when using spamattach all attached files were declared as “bad”. (Thanks to Frank for reporting)
  • Fixed some issues due to missunderstandings between the developers in setup_util of 2.0.91beta3 release
  • Fixed possible f-prot bugs in copfilter_cron file (Thanks to ShelbyGT500 for reporting)
  • Changed the options of ls commands in copfilter_functions and copfilter_antivirus.cgi because of strange behaviour on some machines, due to LANG settings.
  • Splitted the header/footer switch into two switches for header and footer separate.
  • Added cat| sed command to the cron.* files to shorten logs and mail notifications.
  • Added some new features (due to ShelbyGT500 request) as
  • Selection of bytecode and safebrowsing databases by GUI
  • Added status bars for the scanners
  • Added new french language files (Thanks to ShelbyGT500 for the translation)
  • Fixed some mismatch in the language files
  • Added a couple of files to make up for differencies in the script files of the various copfilter versions.
  • Removed MSRBL databases (server is finally down) MSRBL-Images-FULL-SoN.hdb and MSRBL-SPAM.ndb
  • Removed Bill Landry database INetMsg-SpamDomains-2w.ndb (no longer developed)
  • Added Porcupine databases phishtank.ndb and porcupine.ndb
  • Added OITC database winnow_bad_cw.hdb
  • Added Sanesecurity database blurl.ndb
  • Added some highlighting to the switch range on antivirus GUI
  • Blacklisted mails will be quarantined and a notification will be sent instead of
  • Fixed a minor bug in antivirus.cgi with website links.
  • Fixed a bug caused by proxsmtpd: Adding header information broke the mails and delivered them without 'from, to, subject' information (thanks to FischerM for reporting)
  • Replaced an invalid email address in the file for spam testmails
  • Introduced an new one-file directory “/tmp/dbtest_do_not_remove” with one file “test_file_do_not_remove” with only a three-line string to shorten the database check before updating the current files and to minimize cpu and RAM use and bandwidth.
  • Some minor fixes and changes
  • Please use carefully on productive systems!
  • Please report any bugs.

2013-01-20 0.56.1 for copfilter 0.84 up to 0.85.2
2013-01-20 0.60.1 for copfilter 0.85.3 and higher and 2.0.91 and higher

Changes

  • Added status bars for havp and privoxy to copfilter_http.cgi
  • Fixed some issues in the initializing files for correct display of the GUI's
  • Adjusted copfilter_http.cgi for smoothly use with Shelby's privoxy mod
  • Added new SecuriteInfo database spam_marketing.ndb
  • Added new bofhland database bofhland_malware_attach.hdb (currently downloaded by wget as not yet mirrored by sanesecurity!)
  • Shortened the logs and the mail notification to essential information
  • Added translations for logs and notification mails.
  • Improved error management
  • Enabled mail notification only in case of errors during download process
  • Minor fixes and improvements


2013-03-02 0.56.3 for copfilter 0.84 up to 0.85.2
2013-03-02 0.60.3 for copfilter 0.85.3 and higher and 2.0.91 and higher

Changes

  • Improved http GUI for compatibility with ShelbyGT500 privoxy mod
  • Improved GUI for antivirus, testlog and http
  • Some minor fixes and changes
  • Improved the cronfiles for better error catching
  • Fixed copfilter_havp file for proper use on havp with TMPFS


2013-03-29 0.56.4 for copfilter 0.84 up to 0.85.2
2013-03-29 0.60.4 for copfilter 0.85.3 and higher and 2.0.91 and higher

Changes

  • Added 3rp_party_mod update notification
  • Some changes to mailscanner.sh and new file for better handling of german umlauts
  • Fixed wrong paths in 3rdp_modify files
  • Minor changes in copfilter_clamd and cron files to spare cpu usage and bandwidth in case clamav and/or 3rp party sigs are disabled
  • Made the *copfilter_3pcron_clear* file slightly more verbose for better replication of errors
  • Addeb blacklist info to mail header
  • Added a timeout option to wget commands for better preventing hangig downloads
  • Fixed some bugs in the lang.sh files due to wrong or missing quotes or backslashes
  • minor fix in blacklist section of mailscanner.sh
  • Changed cron.daily for correctly working find commands for deleting quarantine files
  • fixed a typo in copfilter_functions (thanls to FischerM for reporting and fixing)
  • fixed a misspelling in fr.pl files (thanls to ShelbyGT500 for reporting)
  • added missing restart of c-icap and privoxy in antivirus.cgi V2
  • echo “whitelist_from $ii” $BASEDIR/etc/cp_spam_whitelist/local_webgui.cf =⇒ echo “whitelist_from $ii” » $BASEDIR/etc/cp_spam_whitelist/local_webgui.cf
  • added two missing right arrows to mailscanner.sh
  • Fixed a bug in fr.sh for V1
  • Several fixes to the install files, copying/moving to wrong directories or filenames
  • Several fixes, improvements and changes to GUI and cron files
  • Implemented the copfilter_antiviruscgi files from *under_construction* *severus_quarantine*
  • splitted the /tmp/clamdatabases directory for temporary files to three directories named (/tmp/clamdatabases/mb; /tmp/clamdatabases/sa; /tmp/clamdatabases/si)
  • for spare of CPU time and bandwidth during integrity check
  • Added remove command for /tmp/test.txt file to copfilter_antivirus.cgi
  • Replaced the language files by the *current* ones from FTP
  • Some small improvements to the AV GUI
  • Changed colour of some GUI display
  • Fixed wrong reference in antispam and antivirus GUI
  • Added two space characters to en.pl
  • Added hint about mails in quarantine to antivirus and antispam GUI
  • Added count of files to the switches on antivirus and antispam GUI like ever done on status GUI
  • Enabled using umlaut character on the show quarantine buttons of status, antispam and antivirus GUI (Thanks to FischerM who hassled me to do so.)
  • Fixed missing quotes on translation strings for correct display of the quarantine buttons for staus, antispam and antivirus GUI (Thanks to ShelbyGT500 for reporting.)
  • improved date display on quarantine guis


2013-04-25 0.56.5 for copfilter 0.84 up to 0.85.2
2013-04-25 0.60.5 for copfilter 0.85.3 and higher and 2.0.91 and higher

For this release it is strictly recommended to uninstall previous versions first!

Changes

  • Changed check-updates_rulesdujour.sh for compatibility with new rulesets
  • Changed the check-updates_rulesdujour.sh for compatibility with the mod for new rules by karesmakro
  • Added changes to language files due to ShelbyGT500 modification
  • modified antivirus.cgi for use without 3rd_party_mod
  • Foxhole databases now online on the mirrors!
  • Changed the value check in antivirus.cgi for compatibility with copfilter without 3rd_party_mod.
  • Added three new Sanesecutity databases: foxfole_generic.cdb, foxhole_filename.cdb and foxhole_all.cdb
  • Fixed some minor issues in antivirus.cgi
  • Added logo to 0.60.5 cgi files
  • Updated language files and http.cgi for compatibility with upcoming privoxy mod by ShelbyGT500.
  • Thanks to Shelby for updating these files.
  • Some minor changes to fr.pl for nicer display of status GUI
  • Changed link to Malware Patrol site.
  • Changed links to new Sanesecurity web site and entries in language files corresponding with the links.
  • Added link to Sanesecurity statistics and news site.
  • Splitted cron.daily ⇒ cron.daily.core and cron.daily for separating copfilter tasks and 3rd_party tasks
  • Added new OITC database winnow_extended_malware.hdb
  • Switched bofhland_malware_attach.hdb from wget-download to rsync-download because it's now mirrored by Sanesecurity.
  • Changed filename of temporary file /tmp/count.txt to /tmp/count.aid to ensure a singular filename
  • Implemented changes from ShelbyGT500 (thanks a lot) to fr.sh files
  • Fixed typos in language files
  • Added correct version check to copfilter_http.cgi for use with ShelbyGT500 privoxy mod
  • Changed filename of temporary file “/tmp/test.txt” for counting quarantined files to “/tmp/count.txt” because original filename is too common and may raise issues.
  • Added a missing 'fi' to cron files
  • Fixed wrong filenames in some cron files.
  • Changed cron files to prevent possible issues in case of deleted temporary directories.
  • Changed request for current and latest version in antivirus gui again because of errors in httpd log
  • (Thanks to FischerM for reporting)
  • Changed request for current and latest version in antivirus gui
  • Added two commands for creating a symlink, forgotten in the .4 versions
  • Changed langs due to improving antispam gui, demanded by ShelbyGT500
  • Added notification for beta versions to langs and 3rdp_mail_notif.sh
  • Language files on FTP updated
  • Moved the text strings from 3rdp_mail_notif.sh file to the language files
  • Language files on FTP updated
  • Reworked the information files CHANGES, README and STRUCTURES


2013-05-12 0.56.6 for copfilter 0.84 up to 0.85.2
2013-05-12 0.60.6 for copfilter 0.85.3 and higher and 2.0.91 and higher

Changes

  • Added update option to install file
  • Changed the way to display squid informations on status GUI
  • Changed command order in cron files
  • Changed runtime for 3rdp_modify.sh in root.orig
  • Changed display for version of clamav and remaining time to updates
  • Changed the output for “…until next update” on antivirus GUI for better overview
  • Replaced the descriptions for german umlauts by the code used by ipcop.
  • Added new log to testlog.cgi for use with upcoming admin mod from ShelbyGT500
  • Added new language items from ShelbyGT500 to .pl files
  • Added status.cgi and modifications to copfilter_monit and monitrc to monitor squid and display its state; modified language files.
  • Added an option –time-style=long-iso to ls command to ensure identical date format and forcing sed and cut commands to work properly.
  • Changed the check-updates_rulesdujour.sh for shortening logs and mails.
  • Added some missing code to copfilter_testlog.cgi
  • Added saupdate.log to testlog.cgi and changed the check-updates_rulesdujour.sh for logging

New Beta Releases


Currently no new beta releases planned.

The 3rd_party_mod is implemented in Copfilter releases 2.0.91 and higher!
Please install the fitting mods below on these releases as an update!

Download

IPCop 1.4.x ONLY (don't use with Copfilter 0.85.3): V1-Logo
(Severus 2010-09-05 00:40 mod v 0.25.1)


IPCop 1.4.x / 1.9.x (don't use with Copfilter 0.85.3 and 2.0.90): V2-Logo V1-Logo
(Severus 2011-01-24 18:20 mod v 0.50.3)


IPCop 1.4.x / 1.9.x (don't use with Copfilter 0.85.3 and 2.0.90): V2-LogoV1-Logo
(Severus 2012-02-28 12:00 mod v 0.55.2.4)


IPCop 1.4.x (Copfilter 0.85.3betaX and higher) / IPCop 2.0.x and Copfilter 2.0.90 and higher: V2-LogoV1-Logo
(Severus 2012-02-28 12:00 mod v 0.55.3.4)


IPCop 1.4.x (Copfilter 0.84 up to 0.85.2): V1-Logo
(Severus 2013-05-12 12:00 mod v 0.56.6)


IPCop 1.4.x (Copfilter 0.85.3betaX and higher) / IPCop 2.0.x and Copfilter 2.0.91 and higher: V2-LogoV1-Logo
(Severus 2013-05-12 12:00 mod v 0.60.6)

New Beta Releases

Currently no beta releases planned

Installation

Installation proceeds as described in The installation of the software archives - apart from deleting the unpacked installation files:

  • To uninstall only the file 'install' is required! All other files and directories under the installation directory can be deleted.
  • Configuration of the “3rd party signatures” is controlled by the Copfilter anti-virus GUI.
  • For this purpose, please follow the forum posting and the 'Readme' in the installation archive!
  • With v 0.55 and higher please do NOT use the Mod Turn off E-Mail notifications as an extra! This feature is already included!
  • During testing, please note:
    The mirrors reserve the right to block your IP address, if you are downloading too many times per hour or are abusing their servers/bandwidth in any way.”
    Workaround: If possible use an internet access where your ISP assigns you a different IP at every login and disconnect/reconnect between your tries!

Screenshots

3rd-Party-Mod in action (Thumbnails, click to enlarge):

GUI: Antivirus 0.50.x GUI: Antivirus 0.56.x - 0.60.x GUI: HTTP Filter 0.55.x GUI: Antivirus 0.56.x - 0.60.x without switches GUI: Email 0.55.x
GUI: AntiVirus 0.50.x (de) GUI: AntiVirus (switches displayed) 0.56.x/0.60.x GUI: HTTP Filter 0.55.x GUI: Antivirus (switches faded out) 0.56.x/0.60.x GUI: Email (new option marked) 0.55.x

11. IMSpector - exporting Real Time Logviewer

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=2995#p2995

I wonder if it is possible to export the page Real Time LogViewer?

Description

After install, you'll find a new link named “Download conversation” on IMSpector GUI!

Select a date in the dropdown menu from IMSpector Real Time log and select a user conversation, you want to export. As long as you are viewing the different user conversations, the 'conversation.txt' file will be extended!

If you want to clear the 'conversation.txt' file, you have to reload the whole imspector page and a new conversation.txt file is created.

Download

IPCop 1.4.x / 1.9.x / 2.x: V2-Logo V1-Logo

V1:copfilter_imspector_logdownload.tgz6 KB
MD5SUM: 986823BAF91ACBB18D66CEF334F199EA

Installation

Problem

V2-Footer no longer shows the actual average load - this can only be seen on the System Status page in the “Uptime and Users” section.

Solution

1. First, make Backup copy of '/usr/lib/ipcop/header.pl':

cp -pfT /usr/lib/ipcop/header.pl /usr/lib/ipcop/header.pl.org

For those who always wanted to know, the used 'cp'-options:

-p (–preserve) = preserve the specified attributes (default: mode,ownership,timestamps), if possible additional attributes: context, links, xattr, all
-f (–force) = if an existing destination file cannot be opened, remove it and try again (redundant if the -n option is used)
-T (–no-target-directory) = treat DEST as a normal file

2. Edit:
'/usr/lib/ipcop/header.pl'

Replace (line ~382):

$status = &General::connectionstatus() . "<br />" . `/bin/date "+%Y-%m-%d %H:%M:%S"`. "<br /><br />$status" if ($connected ne 'skip_connected');

With:

header_pl_mod
$status = &General::connectionstatus() . "<br />" . `/bin/date "+%Y-%m-%d"`. "<br />" . `/usr/bin/uptime` . "<br /><br />$status" if ($connected ne 'skip_connected');

Screenshot

V2-Footer originalV2-Footer modded
Before After

V2-Logo

13. Daily Graphs: customize x-axis time-labels (V2)

A big “Thanks!” goes to Allan Kissack, who kindly sent me this mod!

Problem

In IPCop V1 time labeling of the x-axis of the system daily graphs was made in increments of two-hour steps:

V1-Graph original

In IPCop V2 this division was set to six-hour steps:

V2-Graph original

This diversion is IMHO a bit rough - the temporal allocation of certain events is sometimes a bit difficult.

Solution

Edit (don't forget Backup!)
'/usr/local/bin/makegraphs'

In sub-routine 'sub rrd_header' (below line ~92):

...
push @$result, ("--font", "TITLE:0:sans mono bold oblique");
push @$result, ("--color", "SHADEA$Header::boxcolour");
push @$result, ("--color", "SHADEB$Header::boxcolour");
push @$result, ("--color", "BACK$Header::boxcolour");
...

insert the following lines:

makegraphs_axis_mod_01
if ( $period eq 'day' ) {
       push @$result, ("--x-grid", "MINUTE:30:HOUR:1:HOUR:2:0:%H:%M");
            }

Result:

Or, as an alternative:

makegraphs_axis_mod_02
if ( $period eq 'day' ) {
       push @$result, ("--x-grid", "HOUR:1:HOUR:2:HOUR:2:0:%l%P");
            }

Result:

V2-Logo

14. SMP-CPU Graphs (V2)

Problem

Although I'm using a Dual-processor-PC for IPCop, only a single CPU graph is created, which shows the average utilization of both cores.

But I wanted to see the differential utilization of CPU0 and CPU1.

Solution

First, backup the following files:

  • /usr/local/bin/makegraphs
  • /home/httpd/cgi-bin/graphs.cgi

1. Edit 'makegraphs':

Between Sub-Routines updatecpudata and updatememgraph insert (Line ~187) additional Sub-Routines (updatecpu0graph, updatecpu0data, updatecpu1graph and updatecpu1data):

01_makegraphs_cpu0_cpu1
# Modifikation BEGIN (cpus)
# Modifikation cpu0 BEGIN
sub updatecpu0graph {
    my $period = $_[0];
    my @rrd = ();

    my $col_width = length($Lang::tr{'user cpu0 usage'});
    $col_width = length($Lang::tr{'system cpu0 usage'}) if (length($Lang::tr{'system cpu0 usage'}) > $col_width);
    $col_width = length($Lang::tr{'idle cpu0 usage'})   if (length($Lang::tr{'idle cpu0 usage'}) > $col_width);
    $col_width += 2;

    push @rrd, @{&rrd_header("cpu0", $period, "$Lang::tr{'cpu0 usage'} ($Lang::tr{$period})", 0, 100)};

    push @rrd, "DEF:user0=$rrdlog/cpu0.rrd:user0:AVERAGE";
    push @rrd, "DEF:system0=$rrdlog/cpu0.rrd:system0:AVERAGE";
    push @rrd, "DEF:idle0=$rrdlog/cpu0.rrd:idle0:AVERAGE";
    push @rrd, "CDEF:total0=user0,system0,idle0,+,+";
    push @rrd, "CDEF:userpct0=100,user0,total0,/,*";
    push @rrd, "CDEF:systempct0=100,system0,total0,/,*";
    push @rrd, "CDEF:idlepct0=100,idle0,total0,/,*";
    push @rrd, "AREA:userpct0#0000FF:$Lang::tr{'user cpu0 usage'}" . (" " x ($col_width - length($Lang::tr{'user cpu0 usage'})));
    push @rrd, "GPRINT:userpct0:MAX:$Lang::tr{'maximal'}\\:%6.2lf %%";
    push @rrd, "GPRINT:userpct0:AVERAGE:$Lang::tr{'average'}\\:%6.2lf %%";
    push @rrd, "GPRINT:userpct0:LAST:$Lang::tr{'current'}\\:%6.2lf %%\\j";
    push @rrd, "AREA:systempct0#FF0000:$Lang::tr{'system cpu0 usage'}"
            . (" " x ($col_width - length($Lang::tr{'system cpu0 usage'})) . ":STACK");
    push @rrd, "GPRINT:systempct0:MAX:$Lang::tr{'maximal'}\\:%6.2lf %%";
    push @rrd, "GPRINT:systempct0:AVERAGE:$Lang::tr{'average'}\\:%6.2lf %%";
    push @rrd, "GPRINT:systempct0:LAST:$Lang::tr{'current'}\\:%6.2lf %%\\j";
    push @rrd, "AREA:idlepct0#00FF00:$Lang::tr{'idle cpu0 usage'}"
            . (" " x ($col_width - length($Lang::tr{'idle cpu0 usage'})) . ":STACK");
    push @rrd, "GPRINT:idlepct0:MAX:$Lang::tr{'maximal'}\\:%6.2lf %%";
    push @rrd, "GPRINT:idlepct0:AVERAGE:$Lang::tr{'average'}\\:%6.2lf %%";
    push @rrd, "GPRINT:idlepct0:LAST:$Lang::tr{'current'}\\:%6.2lf %%\\j";

    push @rrd, @{&rrd_lastupdate()};
    RRDs::graph (@rrd);

    $ERROR = RRDs::error;
    print "Error in RRD::graph for cpu0: $ERROR\n" if $ERROR;
}

sub updatecpu0data {
    if (!-e "$rrdlog/cpu0.rrd") {
        RRDs::create(
            "$rrdlog/cpu0.rrd",                 "--step=300",
            "DS:user0:COUNTER:600:0:500000000", "DS:system0:COUNTER:600:0:500000000",
            "DS:idle0:COUNTER:600:0:500000000", "RRA:AVERAGE:0.5:1:576",
            "RRA:AVERAGE:0.5:6:672",           "RRA:AVERAGE:0.5:24:732",
            "RRA:AVERAGE:0.5:144:1460"
        );
        $ERROR = RRDs::error;
        print "Error in RRD::create for cpu0: $ERROR\n" if $ERROR;
    }

    my ($cpu0, $user0, $nice0, $system0, $idle0);

    open STAT, "/proc/stat";
    while (<STAT>) {
        chomp;
        /^cpu0/ or next;
        ($cpu0, $user0, $nice0, $system0, $idle0) = split /\s+/;
        last;
    }
    close STAT;
    $user0 += $nice0;

    RRDs::update("$rrdlog/cpu0.rrd", "-t", "user0:system0:idle0", "N:$user0:$system0:$idle0");
    $ERROR = RRDs::error;
    print "Error in RRD::update for cpu0: $ERROR\n" if $ERROR;
}
# Modifikation cpu0 END

# Modifikation cpu1 BEGIN
sub updatecpu1graph {
    my $period = $_[0];
    my @rrd = ();

    my $col_width = length($Lang::tr{'user cpu1 usage'});
    $col_width = length($Lang::tr{'system cpu1 usage'}) if (length($Lang::tr{'system cpu1 usage'}) > $col_width);
    $col_width = length($Lang::tr{'idle cpu1 usage'})   if (length($Lang::tr{'idle cpu1 usage'}) > $col_width);
    $col_width += 2;

    push @rrd, @{&rrd_header("cpu1", $period, "$Lang::tr{'cpu1 usage'} ($Lang::tr{$period})", 0, 100)};

    push @rrd, "DEF:user1=$rrdlog/cpu1.rrd:user1:AVERAGE";
    push @rrd, "DEF:system1=$rrdlog/cpu1.rrd:system1:AVERAGE";
    push @rrd, "DEF:idle1=$rrdlog/cpu1.rrd:idle1:AVERAGE";
    push @rrd, "CDEF:total1=user1,system1,idle1,+,+";
    push @rrd, "CDEF:userpct1=100,user1,total1,/,*";
    push @rrd, "CDEF:systempct1=100,system1,total1,/,*";
    push @rrd, "CDEF:idlepct1=100,idle1,total1,/,*";
    push @rrd, "AREA:userpct1#0000FF:$Lang::tr{'user cpu1 usage'}" . (" " x ($col_width - length($Lang::tr{'user cpu1 usage'})));
    push @rrd, "GPRINT:userpct1:MAX:$Lang::tr{'maximal'}\\:%6.2lf %%";
    push @rrd, "GPRINT:userpct1:AVERAGE:$Lang::tr{'average'}\\:%6.2lf %%";
    push @rrd, "GPRINT:userpct1:LAST:$Lang::tr{'current'}\\:%6.2lf %%\\j";
    push @rrd, "AREA:systempct1#FF0000:$Lang::tr{'system cpu1 usage'}"
            . (" " x ($col_width - length($Lang::tr{'system cpu1 usage'})) . ":STACK");
    push @rrd, "GPRINT:systempct1:MAX:$Lang::tr{'maximal'}\\:%6.2lf %%";
    push @rrd, "GPRINT:systempct1:AVERAGE:$Lang::tr{'average'}\\:%6.2lf %%";
    push @rrd, "GPRINT:systempct1:LAST:$Lang::tr{'current'}\\:%6.2lf %%\\j";
    push @rrd, "AREA:idlepct1#00FF00:$Lang::tr{'idle cpu1 usage'}"
            . (" " x ($col_width - length($Lang::tr{'idle cpu1 usage'})) . ":STACK");
    push @rrd, "GPRINT:idlepct1:MAX:$Lang::tr{'maximal'}\\:%6.2lf %%";
    push @rrd, "GPRINT:idlepct1:AVERAGE:$Lang::tr{'average'}\\:%6.2lf %%";
    push @rrd, "GPRINT:idlepct1:LAST:$Lang::tr{'current'}\\:%6.2lf %%\\j";

    push @rrd, @{&rrd_lastupdate()};
    RRDs::graph (@rrd);

    $ERROR = RRDs::error;
    print "Error in RRD::graph for cpu1: $ERROR\n" if $ERROR;
}

sub updatecpu1data {
    if (!-e "$rrdlog/cpu1.rrd") {
        RRDs::create(
            "$rrdlog/cpu1.rrd",                 "--step=300",
            "DS:user1:COUNTER:600:0:500000000", "DS:system1:COUNTER:600:0:500000000",
            "DS:idle1:COUNTER:600:0:500000000", "RRA:AVERAGE:0.5:1:576",
            "RRA:AVERAGE:0.5:6:672",           "RRA:AVERAGE:0.5:24:732",
            "RRA:AVERAGE:0.5:144:1460"
        );
        $ERROR = RRDs::error;
        print "Error in RRD::create for cpu1: $ERROR\n" if $ERROR;
    }

    my ($cpu1, $user1, $nice1, $system1, $idle1);

    open STAT, "/proc/stat";
    while (<STAT>) {
        chomp;
        /^cpu1/ or next;
        ($cpu1, $user1, $nice1, $system1, $idle1) = split /\s+/;
        last;
    }
    close STAT;
    $user1 += $nice1;

    RRDs::update("$rrdlog/cpu1.rrd", "-t", "user1:system1:idle1", "N:$user1:$system1:$idle1");
    $ERROR = RRDs::error;
    print "Error in RRD::update for cpu1: $ERROR\n" if $ERROR;
}
# Modifikation cpu1 END
# Modifikation END (cpus)

Section '### System Graphs' (line ~544) is extended:

01_makegraphs_system_graphs
# Modifikation BEGIN (cpus)
updatecpu0data();
updatecpu0graph("day");
updatecpu0graph("week");
updatecpu0graph("month");
updatecpu0graph("year");

updatecpu1data();
updatecpu1graph("day");
updatecpu1graph("week");
updatecpu1graph("month");
updatecpu1graph("year");
# Modifikation END (cpus)

2. Edit 'graphs.cgi':

Change (line ~64):

&Header::openbigbox('100%', 'left');

if ($cgigraphs[1] =~ /(GREEN|BLUE|ORANGE|RED|cpu|memory|diskuse|disk)/) {
    # Display 1 specific graph

to:

02_graphs_cgi_01
&Header::openbigbox('100%', 'left');

if ($cgigraphs[1] =~ /(GREEN|BLUE|ORANGE|RED|cpu|cpu0|cpu1|memory|diskuse|disk)/) {
    # Display 1 specific graph

Change (line ~75f):

    else {
        $title = $Lang::tr{'cpu usage'} if ($graph eq 'cpu');
        $title = $Lang::tr{'memory usage'} if ($graph eq 'memory');

to:

02_graphs_cgi_02
    else {
        $title = $Lang::tr{'cpu usage'} if ($graph eq 'cpu');
        $title = $Lang::tr{'cpu0 usage'} if ($graph eq 'cpu0');
        $title = $Lang::tr{'cpu1 usage'} if ($graph eq 'cpu1');
        $title = $Lang::tr{'memory usage'} if ($graph eq 'memory');

Change (line ~159ff):

    # Display system graphs

    &disp_graph("$Lang::tr{'cpu usage'} $Lang::tr{'graph'}", "cpu", "cpu-$Lang::tr{'day'}");

to:

02_graphs_cgi_03
    # Display system graphs

    &disp_graph("$Lang::tr{'cpu usage'} $Lang::tr{'graph'}", "cpu", "cpu-$Lang::tr{'day'}");
    &disp_graph("$Lang::tr{'cpu0 usage'} $Lang::tr{'graph'}", "cpu0", "cpu0-$Lang::tr{'day'}");
    &disp_graph("$Lang::tr{'cpu1 usage'} $Lang::tr{'graph'}", "cpu1", "cpu1-$Lang::tr{'day'}");

3. Create language files:

Create at least two language files (de/en) in directory '/var/ipcop/addons/lang/' (Owner: root, 0444):

'mycpus.de.pl':

mycpus.de.pl
%tr = (%tr,
'cpu0 usage' => 'CPU0-Nutzung',
'cpu1 usage' => 'CPU1-Nutzung',
'user cpu0 usage' => 'Benutzer CPU0',
'user cpu1 usage' => 'Benutzer CPU1',
'system cpu0 usage' => 'System-CPU0-Nutzung',
'system cpu1 usage' => 'System-CPU1-Nutzung',
'idle cpu0 usage' => 'Leerlauf CPU0-Nutzung',
'idle cpu1 usage' => 'Leerlauf CPU1-Nutzung',
);

'mycpus.en.pl':

mycpus.en.pl
%tr = (%tr,
'cpu0 usage' => 'CPU0-Usage',
'cpu1 usage' => 'CPU1-Usage',
'user cpu0 usage' => 'User CPU0',
'user cpu1 usage' => 'User CPU1',
'system cpu0 usage' => 'System CPU0-Usage',
'system cpu1 usage' => 'System CPU1-Usage',
'idle cpu0 usage' => 'Idle CPU0-Usage',
'idle cpu1 usage' => 'Idle CPU1-Usage',
);

4. Rebuild language files:

After creating language files, enter the command 'rebuildlangtexts' on the console, which will call &Lang::BuildAddonLang to assemble all texts for a language in one file.
(See: '/usr/lib/ipcop/lang.pl').

Screenshot

SMP-Diagrams

V2-Logo V1-Logo

15. 3rdP Rules for privoxy

Last version: 1.3.8

See: http://www.copfilter.org/forum/viewtopic.php?f=3&t=911 (engl.)

For further details, installation requirements and changelogs read this posting prior to installation!

Description

Privoxy is a proxy server, which increases the user's privacy while surfing the web. It makes it possible to filter out and rewrite all accessed pages. The 3rd party rules extend it with additional, arbitrary signature files.

Thus, this mod wants to prevent tracking and increase privacy. It is for Copfilter V1 and V2.

Screenshot

Download

Version 1.3.8 is for Copfilter V1 0.85.3beta4 and higher, Copfilter V2 2.1.92beta3 and higher.

3rdP_rules_privoxy_1.3.8.tar.gz 297 KB
MD5SUM: D14602EE8BCCB2F84C554A8F1028DD7B

Version 1.3.4 is for Copfilter V2 2.1.92beta2.

Outdated - no longer supported!
3rdP_rules_privoxy_1.3.4.tar.gz 294 KB
MD5SUM: 992680837138AC4CB10271B4DDEDA656

Version 1.3.1 is for Copfilter V2 2.0.91beta3/beta4.

Outdated - no longer supported!
3rdP_rules_privoxy_1.3.1.tar.gz 296 KB
MD5SUM: D1AEB08CDFA53DFA25D6CB237E0BF54B

Installation

Please follow the installation requirements in the forum thread!

Installation proceeds as described in The installation of the software archives, uninstalling is possible using the install script './install':

16. Additional SpamAssassin Rules

2013-04-27 0.02.1 for copfilter 0.84 and higher

New features:

  • Added database from MalwarePatrol
  • Added MIME validation database
  • Added ZMI database (german language setting only)

2013-05-12 0.03.0 for copfilter 0.84 and higher

Changes:

  • Fixed some bugs and added uninstall routine.
  • Added display of rulesets version on antispam and status GUI
  • Changed display for until next update
  • Added language files and antispam gui for current display.
  • Added an option –time-style=long-iso to ls command to ensure identical date format and forcing sed and cut commands to work properly.
  • Changes the check-updates_rulesdujour.sh for shortening logs and mails.
  • Added some missing code to 'copfilter_testlog.cgi'
  • Added log rotation for 'saupdate.log' to install file
  • Added saupdate.log to 'copfilter_testlog.cgi' and changes the 'check-updates_rulesdujour.sh' for logging
  • Added copfilter_testlog.cgi to package to display the 'saupdates.log'
  • Added the possibility to update
  • Added logfile to sa updating

New Beta Releases

Currently no new beta releases planned.

Download

IPCop 1.4.x (Copfilter 0.84 and higher) / IPCop 2.0.x and Copfilter 2.0.91 and higher: V2-LogoV1-Logo
(Severus 2013-05-12 12:15 mod v 0.03.0)

Installation

en/modifications_and_extensions.txt · Last modified 2014/08/30 22:07 by fischerm