• The main purpose of this part is to collect and describe several Bugfixes regarding the Copfilter-Addon for IPCop 1.9.x/2.x (abbreviated: V2).
• The respective currently affected Copfilter release is given in brackets.
  
• If there are problems regarding this guidances, please open a new thread in the Copfilter-Forum or send us (karesmakro, severus, fischerm) a PM (Private Message) via Copfilter Forum.
  Any requests for changes or extensions will be taken in account.

Please note:

• These problems were found unfortunately only after the publication of the respective version.
• The line informations on code changes may not necessarily be *absolutely*, so always use search functions for text or code-passages.

• This comes with absolutely no functional guarantees!

ATTENTION!

• Extensive knowledge about the working(s) of the IPCop-Firewall and Copfilter in general, plus extensive Linux experiences are an absolute must for the updates and modifications that are described!
  

• This is not for novices to experiment, you need to know what you are doing and what the consequences may be…
  

• A full backup, a functioning restore, and the willingness to reinstall a defective IPCop-system are prerequisites!

And, as said before…:

• It is an absolutely must to use a Linux-compatible text editor - on a Linux OS - for all changes to be made!

See: http://www.copfilter.org/forum/viewtopic.php?p=2695#p2695 (german):

The counter for ClamAV + F-Prot jumps from 0 to 120 minutes - despite being set to 4 hours = 240 minutes.

Incorrect multiplier value in '/home/httpd/cgi-bin/copfilter_antivirus.cgi'.

Edit:
'/home/httpd/cgi-bin/copfilter_antivirus.cgi'

Replace: (Line ~628 and line ~651)

$clamd_updateperiod = $copfiltersettings{'CLAMD_UPDATE_VALUE'} * 30; }

With:

$clamd_updateperiod = $copfiltersettings{'CLAMD_UPDATE_VALUE'} * 60; }

Afterwards settings of the antivirus Copfilter page must be saved through WebGUI - no restart required.

See: http://www.copfilter.org/forum/viewtopic.php?p=2855#p2855:

Receiving Emails through POP3S is not working.

Commented line in '/var/log/copfilter/default/opt/p3scan/etc/init.d/copfilter_p3scan'.

Edit:
'/var/log/copfilter/default/opt/p3scan/etc/init.d/copfilter_p3scan'

Delete hash-sign at line ~84.

Replace:

#$IPTABLES_BIN -t nat -A SCAN_POP3_PREROUTING -p tcp -i $GREEN_1_DEV --dport 995 -j REDIRECT --to 8110 > /dev/null 2>&1

With:

$IPTABLES_BIN -t nat -A SCAN_POP3_PREROUTING -p tcp -i $GREEN_1_DEV --dport 995 -j REDIRECT --to 8110 > /dev/null 2>&1

Afterwards restart P3SCAN-service.

See: http://www.copfilter.org/forum/viewtopic.php?p=2854#p2854 (german)
and http://www.copfilter.org/forum/viewtopic.php?p=2875#p2875 (german)

…I had just noticed that /var/log/copfilter/2.0.90/opt/havp/tmp is mounted 6 times…

Error in '/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp'

See: http://www.copfilter.org/forum/viewtopic.php?f=10&t=547&p=2879#p2879

If several mounted tmpfs's are already present, they can individually be removed with the following command:
(Leave one TMPFS-instance!)

/bin/umount /var/log/copfilter/default/opt/havp/tmp

Next, install the following patch.

Choose TMP-directory and download patch:

cd /tmp
wget http://www.it-connect-unix.de/copfilter/ipcop-v2/copfilter-2.0.90_havp-tmpfs.patch

Enter the following command on the console:

patch -p0 < copfilter-2.0.90_havp-tmpfs.patch

Afterwards restart HAVP service.

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=2928#p2928

No F-PROT Updates (free version) are performed - counter is always at the same time, although all fixes were applied.

File '/var/log/copfilter/default/etc/fprotd_enable' is missing.

Edit:
'/home/httpd/cgi-bin/copfilter_antivirus.cgi'

Replace:

if ( -e "${copfilter_swroot}/opt/f-prot/default/fpscand" ) {

With:

if ( -e "${copfilter_swroot}/opt/f-prot/default/fpscan" || -e "${copfilter_swroot}/opt/f-prot/default/fpscand" ) {

Afterwards, settings of the antivirus Copfilter page must be saved once through WebGUI - no restart required.

If 3rd Party Signaturen have been installed, the following fix must be applied:

Installation:

tar xzf copfilter_antivirus.cgi-v1.tgz -C /home/httpd/cgi-bin

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=2966#p2966 (german)

See also: http://www.copfilter.org/forum/viewtopic.php?p=2973#p2973 (english)

While opening a HTTPS-Site, user receives error message: “Proxy server refused the connection”

Apply patch.

Please use at first the TMPS patch above before using this patch!

Choose TMP-directory and download patch:

cd /tmp
wget http://www.it-connect-unix.de/copfilter/ipcop-v2/copfilter-2.0.90_havp_SSL.patch

Enter the following command on the console:

patch -p0 < copfilter-2.0.90_havp_SSL.patch

Afterwards restart HAVP service.

After installing the free F-PROT-Home-User-Version the following messages appear in '/var/log/copfilter/default/opt/monit/var/log/monit.log':

Execution failed Service fpscand 

	Date:        Tue, 25 Oct 2011 20:26:56
	Action:      alert
	Host:        coprouter.localdomain
	Description: failed to start

Timeout Service fpscand

	Date:        Tue, 25 Oct 2011 20:33:57
	Action:      unmonitor
	Host:        coprouter.localdomain
	Description: service restarted 5 times within 5 cycles(s) - unmonitor

After installing F-PROT, the switch FPROTD_ENABLE in '/var/log/copfilter/default/etc/''global_settings*' is set to ON.

Triggered by '/var/log/copfilter/default/opt/monit/etc/monit.rc', 'monit' will therefore seek to monitor the licensed version of F-PROT ('fpscand').

This file is not available in the free version, only in the licensed.

Edit:
'/var/log/copfilter/default/opt/monit/etc/init.d/copfilter_monit'

Replace:

if [ -f $BASEDIR/etc/fprotd_enable ]; then

With:

if [ -f $BASEDIR/etc/fprotd_enable ] && [ -f "${copfilter_swroot}/opt/f-prot/default/fpscand" ] ; then

After installing F-PROT, the download progress of each signature update is logged in '/var/log/copfilter/default/opt/tools/var/log/copfilter_cron.log' and '/var/log/messages':

Downloading update (%1)
Downloading update (%3)
Downloading update (%6)
Downloading update (%8)
Downloading update (%11)
Downloading update (%13)
Downloading update (%15)
...

Edit:
'/var/log/copfilter/default/opt/tools/bin/check-updates_f-prot.sh' (Line ~29)

Replace:

$BASEDIR/opt/f-prot/default/fpupdate

With:

$BASEDIR/opt/f-prot/default/fpupdate  >/dev/null 2>&1

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=3334#p3334

…when I click on the links to edit the white or black list I get this displayed in the browser:

Error!
Your settings file could not be found.

See also: http://www.copfilter.org/forum/viewtopic.php?p=3337#p3337

Directory and file rights must be corrected.

Install PHP 5.3.9 update and initiate following commands on the console:

chmod 755 /var/log/copfilter/default/etc/cp_spam_whitelist
chmod 666 /var/log/copfilter/default/etc/cp_spam_whitelist/local_webgui.cf

See also: http://www.copfilter.org/forum/viewtopic.php?p=3502#p3502

Because wget is now a standard addon since IPCop 2.0.3, I removed it from our package.

When using the integrated 3rd party signatures in Copfilter version 2.0.91beta3 the following error message appears in
'/var/log/copfilter/default/opt/tools/var/log/cron.daily.log':

/var/log/copfilter/default/opt/tools/bin/cron.daily: line 93: /var/log/copfilter/default/opt/tools/bin/wget: No such file or directory

Missing symlink for '/usr/bin/wget' in '/var/log/copfilter/default/opt/tools/bin/'.

Enter the following command on the console:

ln -s /usr/bin/wget /var/log/copfilter/default/opt/tools/bin/wget

Initiated by: http://www.copfilter.org/forum/viewtopic.php?f=9&t=705#p3509

No F-PROT Updates are performed - counter is always at the same time.

…there is no automatic update update for f-prot.
I uninstalled and reinstalled copfilter to confirm theses issues (on a new installation of Ipcop).
The time until next F-Prot update is always the same (60 minutes).
Manual update works fine.

Error (variable) in '/usr/local/bin/copfilter_cron'.

Install fix.

See also: http://www.copfilter.org/forum/viewtopic.php?p=3593#p3593

No restart required.

tar xzf ./copfilter_cron-fprot-periodic_fix.tgz -C /

Initiated by: http://www.copfilter.org/forum/viewtopic.php?p=3603#p3603 (german)

(Translated quote)
…recently had problems with the SMTP proxy. Almost every day I have the phenomenon that the proxy is closing down.

Edit:
'/etc/rc.d/rc.firewall.local'

Replace:

start)
    ## add your 'start' rules here

With:

start)
    ## add your 'start' rules here
    /etc/rc.d/init.d/copfilter_proxsmtpd config_fwrules

Initiated by: http://www.copfilter.org/forum/viewtopic.php?f=10&t=777&p=3945&hilit=digest#p3942 (german)
See: http://www.copfilter.org/forum/viewtopic.php?f=9&p=4046#p4044 (english)

The daily spam digest is a small but useful piece of functionality that worked in Copfilter V1 but appears broken in IPCop 2.0.4 with Copfilter 2.0.91beta3.

Edit:
'/var/log/copfilter/default/opt/tools/bin/spam_mail_daily_digest.sh'

1. Replace: (Line ~34)

SUBJECT=`cat $EMAIL |sed -n '1,/^$/p' |grep -i "Subject:" -m 1`

With:

SUBJECT=`cat $EMAIL |sed -n '1,/^$/p' |grep -i "^Subject:" -m 1`

2. Replace: (Line ~58)

test -f /var/log/copfilter/default/opt/tmp/spam_digest.* || rm /var/log/copfilter/default/opt/tmp/*not* && exit 0

With:

if [ $(ls /var/log/copfilter/default/opt/tmp/ | grep spam_digest.* | wc -w) = 0 ]; then
 rm /var/log/copfilter/default/opt/tmp/*not*
 exit 0
fi

3. Replace: (Line ~60)

for ii in `ls /var/log/copfilter/default/opt/tmp/spam_digest.* &>/dev/null`

With:

for ii in `ls /var/log/copfilter/default/opt/tmp/spam_digest.*`

Initiated by: http://www.copfilter.org/forum/viewtopic.php?f=9&t=804

When I put “facebook.com” into the “Use own Domain-Blacklist:” edit box, it doesn't work.

See: http://www.copfilter.org/forum/viewtopic.php?p=4095#p4095

In some situtations there is created the q.load file (blacklist prepared file) with a new line, before the categories are listed. This leads to an empty srv_url_check.conf!
You can check this by opening the in srv_url_check.conf in /var/log/copfilter/default/opt/c_icap/etc
The content only consists comments (# in front of each line)

Install fix.

tar xzf dbmaker_fix.tgz
cd dbmaker_fix
./install

After installing this fix, you have to disable the blacklist and afterwards activate it again.

Typos in '/var/spool/cron/root.orig', '/home/httpd/cgi-bin/copfilter_testlog.cgi' and '/etc/logrotate.d/3rdpsigs'.

This leads to empty (or growing) logs, logs that cannot be accessed from the Test & Logs page and URLFilter-Blacklist update is made one hour late.

1. - Edit:
'/var/spool/cron/root.orig'

Replace:

53 23 * * *     /var/log/copfilter/default/opt/tools/bin/cron.daily >> /var/log/copfilter/default/opt/tools/var/log/cron.daily 2>&1

With:

53 23 * * *     /var/log/copfilter/default/opt/tools/bin/cron.daily >> /var/log/copfilter/default/opt/tools/var/log/crondaily.log 2>&1

Afterwards, enter the following command on the console:

fcrontab -z

2. - Edit:
'/home/httpd/cgi-bin/copfilter_testlog.cgi'

Replace: (Line ~443)

<a href='/copfilterlog/cron.daily.log' target='_blank'>cron.daily.log</a>

With:

<a href='/copfilterlog/crondaily.log' target='_blank'>crondaily.log</a>

3. - Edit:
'/etc/logrotate.d/3rdpsigs'

Replace: (Line 1)

/var/log/copfilter/default/opt/tools/var/log/copfiltercron.log

With:

/var/log/copfilter/default/opt/tools/var/log/copfilter_cron.log