User Tools

Site Tools


en:v2_-_bugfixes


Copfilter V2 - Bugfixes

  • The main purpose of this part is to collect and describe several Bugfixes regarding the Copfilter-Addon for IPCop 1.9.x/2.x (abbreviated: V2).
  • The respective currently affected Copfilter release is given in brackets.
  • If there are problems regarding this guidances, please open a new thread in the Copfilter-Forum, write a report on Copfilter-Bugtracker or send us (karesmakro, severus, fischerm) a PM (Private Message) via Copfilter Forum.
    Any requests for changes or extensions will be taken in account.

Please note:

  • These problems were found unfortunately only after the publication of the respective version.
  • The line informations on code changes may not necessarily be *absolutely*, so always use search functions for text or code-passages.
  • This comes with absolutely no functional guarantees!

ATTENTION!

  • Extensive knowledge about the working(s) of the IPCop-Firewall and Copfilter in general, plus extensive Linux experiences are an absolute must for the updates and modifications that are described!
  • This is not for novices to experiment, you need to know what you are doing and what the consequences may be…
  • A full backup, a functioning restore, and the willingness to reinstall a defective IPCop-system are prerequisites!

And, as said before…:

  • It is an absolutely must to use a Linux-compatible text editor - on a Linux OS - for all changes to be made!

1. Incorrect updatetime for ClamAV and F-PROT (2.0.90)

Problem

See: http://www.copfilter.org/forum/viewtopic.php?p=2695#p2695 (german):

The counter for ClamAV + F-Prot jumps from 0 to 120 minutes - despite being set to 4 hours = 240 minutes.

Cause

Incorrect multiplier value in '/home/httpd/cgi-bin/copfilter_antivirus.cgi'.

Solution

Edit:
'/home/httpd/cgi-bin/copfilter_antivirus.cgi'

Replace: (Line ~628 and line ~651)

$clamd_updateperiod = $copfiltersettings{'CLAMD_UPDATE_VALUE'} * 30; }

With:

$clamd_updateperiod = $copfiltersettings{'CLAMD_UPDATE_VALUE'} * 60; }

Afterwards settings of the antivirus Copfilter page must be saved through WebGUI - no restart required.

2. POP3S not receiving emails (2.0.90)

Problem

See: http://www.copfilter.org/forum/viewtopic.php?p=2855#p2855:

Receiving Emails through POP3S is not working.

Cause

Commented line in '/var/log/copfilter/default/opt/p3scan/etc/init.d/copfilter_p3scan'.

Solution

Edit:
'/var/log/copfilter/default/opt/p3scan/etc/init.d/copfilter_p3scan'

Delete hash-sign at line ~84.

Replace:

#$IPTABLES_BIN -t nat -A SCAN_POP3_PREROUTING -p tcp -i $GREEN_1_DEV --dport 995 -j REDIRECT --to 8110 > /dev/null 2>&1

With:

$IPTABLES_BIN -t nat -A SCAN_POP3_PREROUTING -p tcp -i $GREEN_1_DEV --dport 995 -j REDIRECT --to 8110 > /dev/null 2>&1

Afterwards restart P3SCAN-service.

3. TMPFS is mounted multiple times (2.0.90)

See: http://www.copfilter.org/forum/viewtopic.php?p=2854#p2854 (german)
and http://www.copfilter.org/forum/viewtopic.php?p=2875#p2875 (german)

…I had just noticed that /var/log/copfilter/2.0.90/opt/havp/tmp is mounted 6 times…

Cause

Error in '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp'

Solution

See: http://www.copfilter.org/forum/viewtopic.php?f=10&t=547&p=2879#p2879

If several mounted tmpfs's are already present, they can individually be removed with the following command:
(Leave one TMPFS-instance!)

/bin/umount /var/log/copfilter/default/opt/havp/tmp

Next, install the following patch.

Download

copfilter-2.0.90_havp-tmpfs.patch 3 KB
MD5SUM:95DE7EDF917207909015F4C92B92C981

Installation

Choose TMP-directory and download patch:

cd /tmp
wget http://www.it-connect-unix.de/copfilter/ipcop-v2/copfilter-2.0.90_havp-tmpfs.patch

Enter the following command on the console:

patch -p0 < copfilter-2.0.90_havp-tmpfs.patch

Afterwards restart HAVP service.

4. F-PROT not updating (2.0.90)

Problem

No F-PROT Updates (free version) are performed - counter is always at the same time, although all fixes were applied.

Cause

File '/var/log/copfilter/default/etc/fprotd_enable' is missing.

Solution

Edit:
'/home/httpd/cgi-bin/copfilter_antivirus.cgi'

Replace:

if ( -e "${copfilter_swroot}/opt/f-prot/default/fpscand" ) {

With:

if ( -e "${copfilter_swroot}/opt/f-prot/default/fpscan" || -e "${copfilter_swroot}/opt/f-prot/default/fpscand" ) {

Afterwards, settings of the antivirus Copfilter page must be saved once through WebGUI - no restart required.

If 3rd Party Signaturen have been installed, the following fix must be applied:

copfilter_antivirus.cgi-v1.tgz 13 KB
MD5SUM: 441EBAD676A5BB3C822A1A0BBB628FC9

Installation:

tar xzf copfilter_antivirus.cgi-v1.tgz -C /home/httpd/cgi-bin

5. HAVP and HTTPS traffic (2.0.90)

Problem

While opening a HTTPS-Site, user receives error message: “Proxy server refused the connection”

Solution

Apply patch.

Please use at first the TMPS patch above before using this patch!

Download

copfilter-2.0.90_havp_SSL.patch 749 B
MD5SUM:E23B602D48A26C0BA2FF261E8993E5C9

Installation

Choose TMP-directory and download patch:

cd /tmp
wget http://www.it-connect-unix.de/copfilter/ipcop-v2/copfilter-2.0.90_havp_SSL.patch

Enter the following command on the console:

patch -p0 < copfilter-2.0.90_havp_SSL.patch

Afterwards restart HAVP service.

6. 'Monit' tries to start 'fpscand', although not present (2.0.90)

Problem

After installing the free F-PROT-Home-User-Version the following messages appear in '/var/log/copfilter/default/opt/monit/var/log/monit.log':

Execution failed Service fpscand 

	Date:        Tue, 25 Oct 2011 20:26:56
	Action:      alert
	Host:        coprouter.localdomain
	Description: failed to start
Timeout Service fpscand

	Date:        Tue, 25 Oct 2011 20:33:57
	Action:      unmonitor
	Host:        coprouter.localdomain
	Description: service restarted 5 times within 5 cycles(s) - unmonitor

Cause

After installing F-PROT, the switch FPROTD_ENABLE in '/var/log/copfilter/default/etc/''global_settings*' is set to ON.

Triggered by '/var/log/copfilter/default/opt/monit/etc/monit.rc', 'monit' will therefore seek to monitor the licensed version of F-PROT ('fpscand').

This file is not available in the free version, only in the licensed.

Solution

Edit:
'/var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit'

Replace:

if [ -f $BASEDIR/etc/fprotd_enable ]; then

With:

if [ -f $BASEDIR/etc/fprotd_enable ] && [ -f "${copfilter_swroot}/opt/f-prot/default/fpscand" ] ; then

7. Avoid F-PROT-Update-Messages in 'copfilter_cron.log' (2.0.90)

Problem

After installing F-PROT, the download progress of each signature update is logged in '/var/log/copfilter/default/opt/tools/var/log/copfilter_cron.log' and '/var/log/messages':

Downloading update (%1)
Downloading update (%3)
Downloading update (%6)
Downloading update (%8)
Downloading update (%11)
Downloading update (%13)
Downloading update (%15)
...

Solution

Edit:
'/var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh' (Line ~29)

Replace:

$BASEDIR/opt/f-prot/default/fpupdate

With:

$BASEDIR/opt/f-prot/default/fpupdate  >/dev/null 2>&1

8. Error message when clicking White-/Blacklist (2.0.91beta1)

Problem

…when I click on the links to edit the white or black list I get this displayed in the browser:

Error!
Your settings file could not be found.

Cause

See also: http://www.copfilter.org/forum/viewtopic.php?p=3337#p3337

Directory and file rights must be corrected.

Solution

Install PHP 5.3.9 update and initiate following commands on the console:

chmod 755 /var/log/copfilter/default/etc/cp_spam_whitelist
chmod 666 /var/log/copfilter/default/etc/cp_spam_whitelist/local_webgui.cf

9. 'wget' cannot be found (2.0.91beta3)

See also: http://www.copfilter.org/forum/viewtopic.php?p=3502#p3502

Because wget is now a standard addon since IPCop 2.0.3, I removed it from our package.

Problem

When using the integrated 3rd party signatures in Copfilter version 2.0.91beta3 the following error message appears in
'/var/log/copfilter/default/opt/tools/var/log/cron.daily.log':

/var/log/copfilter/default/opt/tools/bin/cron.daily: line 93: /var/log/copfilter/default/opt/tools/bin/wget: No such file or directory

Cause

Missing symlink for '/usr/bin/wget' in '/var/log/copfilter/default/opt/tools/bin/'.

Solution

Enter the following command on the console:

ln -s /usr/bin/wget /var/log/copfilter/default/opt/tools/bin/wget

10. F-PROT not updating (2.0.91beta3)

Problem

No F-PROT Updates are performed - counter is always at the same time.

…there is no automatic update update for f-prot.
I uninstalled and reinstalled copfilter to confirm theses issues (on a new installation of Ipcop).
The time until next F-Prot update is always the same (60 minutes).
Manual update works fine.

Cause

Error (variable) in '/usr/local/bin/copfilter_cron'.

Solution

Install fix.

See also: http://www.copfilter.org/forum/viewtopic.php?p=3593#p3593

No restart required.

Download

copfilter_cron-fprot-periodic_fix.tgz 1.2 KB
MD5SUM: 4821A76099F3F997376504B4D334851C

Installation

tar xzf ./copfilter_cron-fprot-periodic_fix.tgz -C /

11. ProxSMTP on strike (2.0.91beta3)

Problem

(Translated quote)
…recently had problems with the SMTP proxy. Almost every day I have the phenomenon that the proxy is closing down.

Solution

Edit:
'/etc/rc.d/rc.firewall.local'

Replace:

start)
    ## add your 'start' rules here

With:

start)
    ## add your 'start' rules here
    /etc/rc.d/init.d/copfilter_proxsmtpd config_fwrules

12. Daily Spam Digest is not delivered (2.0.91beta3)

Problem

The daily spam digest is a small but useful piece of functionality that worked in Copfilter V1 but appears broken in IPCop 2.0.4 with Copfilter 2.0.91beta3.

Solution

Edit:
'/var/log/copfilter/default/opt/tools/bin/spam_mail_daily_digest.sh'

1. Replace: (Line ~34)

SUBJECT=`cat $EMAIL |sed -n '1,/^$/p' |grep -i "Subject:" -m 1`

With:

SUBJECT=`cat $EMAIL |sed -n '1,/^$/p' |grep -i "^Subject:" -m 1`

2. Replace: (Line ~58)

test -f /var/log/copfilter/default/opt/tmp/spam_digest.* || rm /var/log/copfilter/default/opt/tmp/*not* && exit 0

With:

if [ $(ls /var/log/copfilter/default/opt/tmp/ | grep spam_digest.* | wc -w) = 0 ]; then
 rm /var/log/copfilter/default/opt/tmp/*not*
 exit 0
fi

3. Replace: (Line ~60)

for ii in `ls /var/log/copfilter/default/opt/tmp/spam_digest.* &>/dev/null`

With:

for ii in `ls /var/log/copfilter/default/opt/tmp/spam_digest.*`

13. "Use own Domain-Blacklist:" not working (2.0.91beta3)

Problem

When I put “facebook.com” into the “Use own Domain-Blacklist:” edit box, it doesn't work.

See: http://www.copfilter.org/forum/viewtopic.php?p=4095#p4095

In some situtations there is created the q.load file (blacklist prepared file) with a new line, before the categories are listed. This leads to an empty srv_url_check.conf!
You can check this by opening the in srv_url_check.conf in /var/log/copfilter/default/opt/c_icap/etc

The content only consists comments (# in front of each line)

Solution

Install fix.

Download

dbmaker_fix.tgz 2.1 KB
MD5SUM: F7211B3B5F98A76DEF1F2CA79A962EAB

Installation

tar xzf dbmaker_fix.tgz
cd dbmaker_fix
./install

After installing this fix, you have to disable the blacklist and afterwards activate it again.

14. Typos (2.0.91beta4)

Problem

Typos in '/var/spool/cron/root.orig', '/home/httpd/cgi-bin/copfilter_testlog.cgi' and '/etc/logrotate.d/3rdpsigs'.

This leads to empty (or growing) logs, logs that cannot be accessed from the Test & Logs page and URLFilter-Blacklist updating one hour late.

Solution

1. - Edit:
'/var/spool/cron/root.orig'

Replace:

53 23 * * *     /var/log/copfilter/default/opt/tools/bin/cron.daily >> /var/log/copfilter/default/opt/tools/var/log/cron.daily 2>&1

With:

53 23 * * *     /var/log/copfilter/default/opt/tools/bin/cron.daily >> /var/log/copfilter/default/opt/tools/var/log/crondaily.log 2>&1

Afterwards, enter the following command on the console:

fcrontab -z

2. - Edit:
'/home/httpd/cgi-bin/copfilter_testlog.cgi'

Replace: (Line ~443)

<a href='/copfilterlog/cron.daily.log' target='_blank'>cron.daily.log</a>

With:

<a href='/copfilterlog/crondaily.log' target='_blank'>crondaily.log</a>

3. - Edit:
'/etc/logrotate.d/3rdpsigs'

Replace: (Line 1)

/var/log/copfilter/default/opt/tools/var/log/copfiltercron.log

With:

/var/log/copfilter/default/opt/tools/var/log/copfilter_cron.log

4. - Edit:
'/usr/local/bin/copfilter_cron'

Replace: (Line 118)

if [ $(cat $BASEDIR/etc/icap_counter) -gt 0 ]; then

With:

if [ $(cat $BASEDIR/etc/icap_counter) -gt 5 ]; then

15. Error message during IPCop-Start: "stty: standard input: Inappropriate ioctl for device"

Problem

Booting the IPCop ends with messages that I don't understand:

Starting interface RED…stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device

Cause

When IPCop backup is executed from the GUI, it saves '/etc/rc.d/rc.firewall.local', '/etc/rc.d/rc.event.local' and
'/var/ipcop/main/menu.lst' (V2) automatically.

After reinstalling the complete IPCop and a subsequent restore and reinstallation of Copfilter these files can contain duplicated Copfilter entries which can lead to these error messages.

Solution

Edit:

'/var/ipcop/backup/exclude.system'

If they don't exist, add the following lines:

copfilter_exclude.system
# Copfilter exceptions start - do not modify
/etc/rc.d/rc.copfilter
/etc/rc.d/rc.event.local
/etc/rc.d/rc.firewall.local
/var/ipcop/main/menu.lst
/var/log/copfilter
# Copfilter exceptions end - do not modify

Furthermore, the current '/etc/rc.d/rc.event.local' and '/etc/rc.d/rc.firewall.local' should be checked for duplicate or incorrect Copfilter entries.

This is especially true when updating an older Copfilter-version (for example 2.0.90)!

en/v2_-_bugfixes.txt · Last modified: 2016/12/04 13:58 by fischerm