The problems were solved:
- Web Content Filter and Web Proxy are available for install in Software center
- Samba audit can be opened/accessed
- Graphs - OK
- Web proxy stats - OK
The problems were solved:
Thanks flatspin. I will make the changes in VirtualBox and give it another try.
Download the certificate for transparent SSL mode, not works from GUI
How should work:
NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> right click on “http://your_ip/proxy.crt” -> select “Open Link in New Tab” -> save the certificate.
Import the certificate as “Trusted Authorities” on used browser(s).
Instead of this, at the Step 1, when you select “Open Link in New Tab”, a new page will be open and you will see the “certificate”, so you cannot download the proxy certificate (please see the attached screenshot).
Same thing if you do left click on “http://your_ip/proxy.crt”.
I have tried also with MS IE.
Can anyone else confirm this?
Thank you!
HINT:
I think it is more of a browser thing, but there was some php directive to force a file download.
How should work:
NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> right click on “http://yourip/proxy.crt” -> select “Save link/target as…” -> save the certificate._
Linux Mint 17 + Firefox 47: left click, right click -> Save link as…, open in new tab, all three methods show a download window.
VM with Windows 10 (not up to date):
Windows 7 + Firefox 47/48: Same as with Windows 10.
Chrome (in Linux Mint, Windows 7): shows the certificate content unless right click -> Save as…
When the certificate is shown it can be saved by CTRL+S or Save as… menu.
IPS report should be under Report, which should be the word “Reports”
Not sure where to go from here. The /var/log/squidGuard is full of blocked urls and I tried changing the /etc/e-smith/templates/etc/lightsquid/lightsquid.cfg to
#path to access.log
$logpath ="/var/log/squidGuard";
and
$logpath ="/var/log/squidGuard/urlfilter.log";
for giggles but no dice.
Edit;
I shutdown the vm last night and restarted it this morning, received the same error, but I left it running and checked a few hours later and it was reporting without error as in the screenshots by @GG_jr a couple of posts after mine.
I will say, I believe the report to be… to put it mildly, utterly useless. Now I use other gateway distros, paid and free, with robust, comprehensive reporting so I expect a lot, but this is… not very useful, I can’t even tell what’s blocked so I’m not sure of the point of this in the gui.
Is there something I’m missing, is there cli configuration that can be done to at least break out what was blocked, or break out categories, something that shows what squid is doing other than a basic list of web sites?
The lightsquid parser is set to run daily. Maybe we have to wait until the cron job runs.
To force it we can run:
/usr/sbin/lightparser.pl
or what the cron job has:
/usr/sbin/lightparser.pl -y /var/log/squid/access.log
Hi @dnutan ,
Thank you!
I have installed the Web proxy module on Aug 05 at 00:40, so, after 24 hours, Web proxy stats, should have been seen.
Aug 05 00:40:04 Updated: kernel-tools-libs-3.10.0-327.28.2.el7.x86_64
Aug 05 00:40:05 Updated: kernel-tools-3.10.0-327.28.2.el7.x86_64
Aug 05 00:40:06 Updated: python-perf-3.10.0-327.28.2.el7.x86_64
Aug 05 00:40:19 Installed: kernel-3.10.0-327.28.2.el7.x86_64
Aug 05 00:42:13 Installed: perl-GD-2.49-3.el7.x86_64
Aug 05 00:42:13 Installed: clamav-data-empty-0.99.2-1.el7.noarch
Aug 05 00:42:14 Installed: clamav-lib-0.99.2-1.el7.x86_64
Aug 05 00:42:16 Installed: clamav-filesystem-0.99.2-1.el7.noarch
Aug 05 00:42:16 Installed: clamav-server-0.99.2-1.el7.x86_64
Aug 05 00:42:17 Installed: clamav-server-systemd-0.99.2-1.el7.noarch
Aug 05 00:42:17 Installed: clamav-update-0.99.2-1.el7.x86_64
Aug 05 00:42:18 Installed: clamav-0.99.2-1.el7.x86_64
Aug 05 00:42:18 Installed: clamav-unofficial-sigs-3.7.2-1.el7.noarch
Aug 05 00:42:18 Installed: nethserver-antivirus-1.2.0-1.ns7.noarch
Aug 05 00:42:19 Installed: perl-GDTextUtil-0.86-23.el7.noarch
Aug 05 00:42:19 Installed: 1:perl-GDGraph-1.44-15.el7.noarch
Aug 05 00:42:19 Installed: perl-GDGraph3d-0.63-23.el7.noarch
Aug 05 00:42:20 Installed: lightsquid-1.8-18.el7.lux.noarch
Aug 05 00:42:20 Installed: c-icap-libs-0.4.2-1.ns7.x86_64
Aug 05 00:42:21 Installed: c-icap-0.4.2-1.ns7.x86_64
Aug 05 00:42:21 Installed: nethserver-c-icap-1.1.0-1.ns7.noarch
Aug 05 00:42:22 Installed: libecap-0.2.0-9.el7.x86_64
Aug 05 00:42:22 Installed: perl-DB_File-1.830-6.el7.x86_64
Aug 05 00:42:22 Installed: 1:perl-FCGI-0.74-8.el7.x86_64
Aug 05 00:42:23 Installed: perl-CGI-3.63-4.el7.noarch
Aug 05 00:42:23 Installed: lightsquid-apache-1.8-18.el7.lux.noarch
Aug 05 00:42:23 Installed: samba-winbind-modules-4.2.10-7.el7_2.x86_64
Aug 05 00:42:24 Installed: samba-winbind-4.2.10-7.el7_2.x86_64
Aug 05 00:42:25 Installed: samba-winbind-clients-4.2.10-7.el7_2.x86_64
Aug 05 00:42:25 Installed: libtool-ltdl-2.4.2-21.el7_2.x86_64
Aug 05 00:42:27 Installed: 7:squid-3.3.8-26.el7_2.4.x86_64
Aug 05 00:42:28 Installed: nethserver-squid-1.4.0-1.ns7.noarch
Aug 05 00:42:28 Installed: squidclamav-6.15-1.ns7.x86_64
Aug 05 00:42:32 Installed: squidGuard-1.4-26.el7.x86_64
Aug 05 00:42:32 Installed: nethserver-squidguard-1.5.0-1.ns7.noarch
Aug 05 00:42:33 Installed: nethserver-squidclamav-1.3.0-1.ns7.noarch
Aug 05 00:42:33 Installed: nethserver-lightsquid-1.1.0-1.ns7.noarch
I have run “/usr/sbin/lightparser.pl”, unfortunately before opened NS GUI, so, I don’t know if the the Web proxy stats showed or no, the records.
Anyway, now it works.
I will check in the next days to see if everything it’s ok.
BR,
Gabriel
POP3 Proxy issues
POP3 proxy: enabled
- Antivirus: enabled
- Antispam: enabled
I cannot receive emails (Mozilla Thunderbird, POP3, port 110):
Aug 6 19:40:07 dc-ad p3scan[16123]: POP3 Connection from 192.168.1.11:62675
Aug 6 19:40:07 dc-ad p3scan[16123]: Real-server address is 91.195.62.2:110
Aug 6 19:40:07 dc-ad p3scan[16123]: Ignoring servers TOP capability...
Aug 6 19:40:07 dc-ad p3scan[16123]: Ignoring servers PIPELINING capability...
Aug 6 19:40:07 dc-ad p3scan[16123]: Session done (Clean Exit). Mails: 0 Bytes: 0
Aug 6 19:40:51 dc-ad p3scan[16180]: POP3 Connection from
192.168.1.11:62678
Aug 6 19:40:51 dc-ad p3scan[16180]: Real-server address is
91.195.62.2:110
Aug 6 19:40:51 dc-ad p3scan[16180]: Ignoring servers TOP capability...
Aug 6 19:40:51 dc-ad p3scan[16180]: Ignoring servers PIPELINING
capability...
Aug 6 19:40:52 dc-ad p3scan[16180]: WARNING: Your scanner returned
neither 0, a viruscode, nor a good viruscode, but 2
Aug 6 19:40:52 dc-ad p3scan[16180]: ERR: We can't say if it is a virus!
So we have to give the client the mail! You should check your
configuration/system
Aug 6 19:40:52 dc-ad p3scan[16180]: ERR: Scanner returned unexpected
error code. You should check your configuration/system.
Aug 6 19:40:52 dc-ad p3scan[16180]: ERR: Exiting now...
Aug 6 19:40:52 dc-ad p3scan: ERR: Scanner returned unexpected error
code. You should check your configuration/system.
Aug 6 19:40:52 dc-ad p3scan[15990]: ERR: Attention: child with pid
16180 died with abnormal termsignal (11)! This is probably a bug. Please
report to the author. numprocs is now 0
Aug 6 19:40:52 dc-ad kernel: p3scan[16180]: segfault at 241 ip
00007f36d8582ab4 sp 00007ffe52b8c4c0 error 4 in
libc-2.17.so[7f36d853a000+1b7000]
_**POP3 proxy**: enabled_
_**- Antivirus**: disabled_
_- **Antispam**: enabled or disabled_
_**I can receive emails (Mozilla Thunderbird, POP3, port 110):**_
Aug 6 19:47:14 dc-ad /sbin/e-smith/db[16688]:
/var/lib/nethserver/db/configuration: OLD
p3scan=service|SSLScan|enabled|SpamScan|enabled|TCPPort|8110|Template|/etc/p3scan/p3scan-en.mail|VirusScan|enabled|access||status|enabled
Aug
6 19:47:14 dc-ad /sbin/e-smith/db[16688]:
/var/lib/nethserver/db/configuration: NEW
p3scan=service|SSLScan|enabled|SpamScan|enabled|TCPPort|8110|Template|/etc/p3scan/p3scan-en.mail|VirusScan|disabled|access||status|enabled
Aug
6 19:47:14 dc-ad dbus-daemon: dbus[646]: [system] Activating via
systemd: service name='org.freedesktop.timedate1'
unit='dbus-org.freedesktop.timedate1.service'
Aug 6 19:47:14 dc-ad dbus[646]: [system] Activating via systemd:
service name='org.freedesktop.timedate1'
unit='dbus-org.freedesktop.timedate1.service'
Aug 6 19:47:14 dc-ad systemd: Starting Time & Date Service...
Aug 6 19:47:14 dc-ad dbus[646]: [system] Successfully activated service
'org.freedesktop.timedate1'
Aug 6 19:47:14 dc-ad dbus-daemon: dbus[646]: [system] Successfully
activated service 'org.freedesktop.timedate1'
Aug 6 19:47:14 dc-ad systemd: Started Time & Date Service.
Aug 6 19:47:14 dc-ad esmith::event[16692]: Event:
nethserver-p3scan-update
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
configuration
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
certificates
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
networks
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
accounts
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
routes
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
hosts
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
proxypass
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
fwrules
Aug 6 19:47:14 dc-ad esmith::event[16692]: Migrating existing database
fwservices
Aug 6 19:47:15 dc-ad esmith::event[16692]: Migrating existing database
portforward
Aug 6 19:47:15 dc-ad esmith::event[16692]: Migrating existing database
tc
Aug 6 19:47:15 dc-ad esmith::event[16692]: Migrating existing database
dhcp
Aug 6 19:47:15 dc-ad esmith::event[16692]: Migrating existing database
contentfilter
Aug 6 19:47:15 dc-ad esmith::event[16692]: Migrating existing database
vhosts
Aug 6 19:47:15 dc-ad esmith::event[16692]: Migrating existing database
domains
Aug 6 19:47:15 dc-ad esmith::event[16692]: Action:
/etc/e-smith/events/nethserver-p3scan-update/S00initialize-default-databases
SUCCESS [0.488224]
Aug 6 19:47:15 dc-ad esmith::event[16692]: expanding
/etc/mail/spamassassin/bwlist.cf
Aug 6 19:47:15 dc-ad esmith::event[16692]: expanding
/etc/mail/spamassassin/p3scan.cf
Aug 6 19:47:15 dc-ad esmith::event[16692]: expanding
/etc/p3scan/p3scan.conf
Aug 6 19:47:15 dc-ad esmith::event[16692]: Action:
/etc/e-smith/events/actions/generic_template_expand SUCCESS [0.282509]
Aug 6 19:47:15 dc-ad esmith::event[16695]: Event:
nethserver-firewall-base-save nethserver-p3scan-update
Aug 6 19:47:15 dc-ad esmith::event[16695]: Action:
/etc/e-smith/events/nethserver-firewall-base-save/S02providers-cleanup
SUCCESS [0.206411]
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding /etc/collectd.conf
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding /etc/hosts
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding /etc/lsm/lsm.conf
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding
/etc/shorewall/actions
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding
/etc/shorewall/hosts
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding
/etc/shorewall/interfaces
Aug 6 19:47:15 dc-ad esmith::event[16695]: expanding
/etc/shorewall/maclist
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/mangle
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/masq
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding /etc/shorewall/nat
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/policy
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/providers
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/rtrules
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/rules
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/shorewall.conf
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/stoppedrules
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/tcinterfaces
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/tcpri
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/tunnels
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/shorewall/zones
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/etc/collectd.d/ping.conf
Aug 6 19:47:16 dc-ad esmith::event[16695]: expanding
/var/www/html/wpad.dat
Aug 6 19:47:16 dc-ad esmith::event[16695]: Action:
/etc/e-smith/events/actions/generic_template_expand SUCCESS [0.621858]
Aug 6 19:47:16 dc-ad systemd: Reloading.
Aug 6 19:47:16 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 6 19:47:16 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 6 19:47:17 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 6 19:47:17 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 6 19:47:17 dc-ad logger: Shorewall reloaded
Aug 6 19:47:17 dc-ad esmith::event[16695]: [NOTICE] Shorewall restart
Aug 6 19:47:17 dc-ad esmith::event[16695]: Action:
/etc/e-smith/events/nethserver-firewall-base-save/S89nethserver-shorewall-restart
SUCCESS [1.563803]
Aug 6 19:47:18 dc-ad systemd: Reloading.
Aug 6 19:47:18 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 6 19:47:18 dc-ad esmith::event[16695]: [INFO] lsm is disabled:
skipped
Aug 6 19:47:18 dc-ad esmith::event[16695]: [INFO]
Aug 6 19:47:18 dc-ad systemd: Reloading.
Aug 6 19:47:18 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 6 19:47:18 dc-ad esmith::event[16695]: [INFO] service collectd
restart
Aug 6 19:47:18 dc-ad collectd[15949]: Exiting normally.
Aug 6 19:47:18 dc-ad collectd[15949]: collectd: Stopping 5 read
threads.
Aug 6 19:47:18 dc-ad collectd[15949]: rrdtool plugin: Shutting down the
queue thread. This may take a while.
Aug 6 19:47:18 dc-ad systemd: Stopping Collectd statistics daemon...
Aug 6 19:47:18 dc-ad collectd[15949]: ping plugin: Shutting down
thread.
Aug 6 19:47:18 dc-ad collectd[15949]: collectd: Stopping 5 write
threads.
Aug 6 19:47:18 dc-ad systemd: Started Collectd statistics daemon.
Aug 6 19:47:18 dc-ad systemd: Starting Collectd statistics daemon...
Aug 6 19:47:18 dc-ad esmith::event[16695]: [INFO] collectd restart
Aug 6 19:47:18 dc-ad esmith::event[16695]: Action:
/etc/e-smith/events/actions/adjust-services SUCCESS [0.384126]
Aug 6 19:47:18 dc-ad esmith::event[16695]: Event:
nethserver-firewall-base-save SUCCESS
Aug 6 19:47:18 dc-ad esmith::event[16692]: Action:
/etc/e-smith/events/nethserver-p3scan-update/S20firewall-adjust SUCCESS
[2.879434]
Aug 6 19:47:18 dc-ad collectd[17182]: Initialization complete, entering
read-loop.
Aug 6 19:47:18 dc-ad systemd: Reloading.
Aug 6 19:47:18 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 6 19:47:18 dc-ad systemd: Starting p3scan proxy...
Aug 6 19:47:18 dc-ad p3scan[17220]: P3Scan Version 2.3.2
Aug 6 19:47:18 dc-ad p3scan[17220]: Selected scannertype: basic (Basic
file invocation scanner)
Aug 6 19:47:18 dc-ad p3scan[17220]: Listen now on 0.0.0.0:8110
Aug 6 19:47:18 dc-ad p3scan[17221]: Changing uid (we are root)
Aug 6 19:47:18 dc-ad p3scan[17221]: Running as user: amavis
Aug 6 19:47:18 dc-ad systemd: Started p3scan proxy.
Aug 6 19:47:18 dc-ad esmith::event[16692]: [INFO] p3scan has been
started
Aug 6 19:47:18 dc-ad esmith::event[16692]:
Aug 6 19:47:18 dc-ad esmith::event[16692]: Action:
/etc/e-smith/events/actions/adjust-services SUCCESS [0.367546]
Aug 6 19:47:18 dc-ad esmith::event[16692]: Event:
nethserver-p3scan-update SUCCESS
esmith::event[16692]: Event: nethserver-p3scan-update SUCCESS
Aug 6 19:55:51 dc-ad p3scan[17851]: POP3 Connection from 192.168.1.11:62802
Aug 6 19:55:51 dc-ad p3scan[17851]: Real-server address is 91.195.62.2:110
Aug 6 19:55:51 dc-ad p3scan[17851]: Ignoring servers TOP capability...
Aug 6 19:55:51 dc-ad p3scan[17851]: Ignoring servers PIPELINING capability...
Aug 6 19:56:03 dc-ad p3scan[17851]: Session done (Clean Exit). Mails: 1 Bytes: 8489
Aug 6 19:56:18 dc-ad clamd: SelfCheck: Database status OK.
Aug 6 19:56:18 dc-ad clamd[2199]: SelfCheck: Database status OK.
Aug 6 19:57:35 dc-ad p3scan[17986]: POP3 Connection from 192.168.1.11:62833
Aug 6 19:57:35 dc-ad p3scan[17986]: Real-server address is 91.195.62.2:110
Aug 6 19:57:35 dc-ad p3scan[17986]: Ignoring servers TOP capability...
Aug 6 19:57:35 dc-ad p3scan[17986]: Ignoring servers PIPELINING capability...
Aug 6 19:57:46 dc-ad p3scan[17986]: Session done (Clean Exit). Mails: 1 Bytes: 126525
Please advise me!
TIA,
Gabriel
EDIT - UPDATE:
Sometimes, when I switch “Antivirus” from “enabled” to “disabled” or, vice versa, the “p3scan” service goes to “Stopped”.
Don’t know if it will fix the issue, but there is a p3scan package in testing repo:
yum --enablerepo=nethserver-testing install nethserver-p3scan
Could be the same from Software center?
How can I compare the two packages?
EDIT:
It’s an update. I will try.
Thank you!
It seems so, they were released on different dates and have different hash sums.
Doesn’t work!
Aug 6 21:31:08 dc-ad p3scan[25246]: POP3 Connection from
192.168.1.11:64142
Aug 6 21:31:08 dc-ad p3scan[25246]: Real-server address is
91.195.62.2:110
Aug 6 21:31:08 dc-ad p3scan[25246]: Ignoring servers TOP capability…
Aug 6 21:31:08 dc-ad p3scan[25246]: Ignoring servers PIPELINING
capability…
Aug 6 21:31:08 dc-ad p3scan[25246]: WARNING: Your scanner returned
neither 0, a viruscode, nor a good viruscode, but 2
Aug 6 21:31:08 dc-ad p3scan[25246]: ERR: We can’t say if it is a virus!
So we have to give the client the mail! You should check your
configuration/system
Aug 6 21:31:08 dc-ad p3scan[25246]: ERR: Scanner returned unexpected
error code. You should check your configuration/system.
Aug 6 21:31:08 dc-ad p3scan[25246]: ERR: Exiting now…
Aug 6 21:31:08 dc-ad p3scan: ERR: Scanner returned unexpected error
code. You should check your configuration/system.
Aug 6 21:31:08 dc-ad p3scan[25058]: ERR: Attention: child with pid
25246 died with abnormal termsignal (11)! This is probably a bug. Please
report to the author. numprocs is now 0
Aug 6 21:31:08 dc-ad kernel: p3scan[25246]: segfault at 241 ip
00007f0160a97ab4 sp 00007ffc114c50e0 error 4 in
libc-2.17.so[7f0160a4f000+1b7000]
Aug 6 21:32:29 dc-ad p3scan[25058]: P3Scan terminates now
Aug 6 21:34:44 dc-ad clamd: SelfCheck: Database status OK.
Aug 6 21:35:13 dc-ad clamd: SelfCheck: Database status OK.
Aug 6 21:35:13 dc-ad clamd[2199]: SelfCheck: Database status OK.
LightSquid is a proxy traffic analyzer (HTTP & HTTPS), light.
http://docs.nethserver.org/en/v7b/web_proxy.html#report
Better, could be AWStats.
LightSquid is not a log analyzer.
More informations about LightSquid:
LightSquid Home Site : How It Work
The problem seems to be in the antivirus component: clamd.
Is it running?
I begin the tests, again:
POP3 proxy: enabled
- Antivirus: disabled
- Antispam: enabled
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Running
I can receive emails (Mozilla Thunderbird, POP3, port 110):
Log viewer: /var/log/messages:
Aug 7 15:04:19 dc-ad freshclam[3139]: ClamAV update process started at Sun Aug 7 15:04:19 2016
Aug 7 15:04:19 dc-ad freshclam[3139]: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Aug 7 15:04:20 dc-ad freshclam[3139]: Downloading daily-22041.cdiff [100%]
Aug 7 15:04:21 dc-ad freshclam[3139]: Downloading daily-22042.cdiff [100%]
Aug 7 15:04:21 dc-ad freshclam[3139]: Downloading daily-22043.cdiff [100%]
Aug 7 15:04:21 dc-ad freshclam[3139]: Downloading daily-22044.cdiff [100%]
Aug 7 15:04:26 dc-ad freshclam[3139]: daily.cld updated (version: 22044, sigs: 488532, f-level: 63, builder: neo)
Aug 7 15:04:26 dc-ad freshclam[3139]: bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
Aug 7 15:04:32 dc-ad freshclam[3139]: Database updated (4707375 signatures) from database.clamav.net (IP: 195.30.97.3)
Aug 7 15:04:33 dc-ad systemd: Removed slice user-0.slice.
Aug 7 15:04:33 dc-ad systemd: Stopping user-0.slice.
Aug 7 15:04:33 dc-ad clamd: Reading databases from /var/lib/clamav
Aug 7 15:04:33 dc-ad clamd: Reading databases from /var/lib/squidclamav
Aug 7 15:04:33 dc-ad clamd[1351]: Reading databases from /var/lib/squidclamav
Aug 7 15:04:35 dc-ad kernel: perf interrupt took too long (2503 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
Aug 7 15:04:47 dc-ad clamd: Database correctly reloaded (4868719 signatures)
Aug 7 15:04:47 dc-ad clamd[1351]: Database correctly reloaded (4868719 signatures)
Aug 7 15:04:47 dc-ad clamd: Database correctly reloaded (4868719 signatures)
…
Aug 7 15:35:25 dc-ad clamd: SelfCheck: Database status OK.
Aug 7 15:35:25 dc-ad clamd[1351]: SelfCheck: Database status OK.
Aug 7 15:37:45 dc-ad p3scan[3894]: POP3 Connection from 192.168.1.11:54387
Aug 7 15:37:45 dc-ad p3scan[3894]: Real-server address is 91.195.62.2:110
Aug 7 15:37:45 dc-ad p3scan[3894]: Ignoring servers TOP capability…
Aug 7 15:37:45 dc-ad p3scan[3894]: Ignoring servers PIPELINING capability…
Aug 7 15:37:50 dc-ad p3scan[3894]: Session done (Clean Exit). Mails: 1 Bytes: 1716
POP3 proxy: enabled
- Antivirus: enabled
- Antispam: enabled
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Running
I cannot receive emails (Mozilla Thunderbird, POP3, port 110):
Log viewer: /var/log/messages:
Aug 7 15:43:31 dc-ad /sbin/e-smith/db[4335]:
/var/lib/nethserver/db/configuration: OLD
p3scan=service|SSLScan|enabled|SpamScan|enabled|TCPPort|8110|Template|/etc/p3scan/p3scan-en.mail|VirusScan|disabled|access||status|enabled
Aug 7 15:43:31 dc-ad /sbin/e-smith/db[4335]:
/var/lib/nethserver/db/configuration: NEW
p3scan=service|SSLScan|enabled|SpamScan|enabled|TCPPort|8110|Template|/etc/p3scan/p3scan-en.mail|VirusScan|enabled|access||status|enabled
Aug 7 15:43:31 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:43:31 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:43:32 dc-ad systemd: Starting Time & Date Service…
Aug 7 15:43:32 dc-ad dbus-daemon: dbus[643]: [system] Successfully
activated service ‘org.freedesktop.timedate1’
Aug 7 15:43:32 dc-ad dbus[643]: [system] Successfully activated service
‘org.freedesktop.timedate1’
Aug 7 15:43:32 dc-ad systemd: Started Time & Date Service.
Aug 7 15:43:33 dc-ad esmith::event[4339]: Event:
nethserver-p3scan-update
Aug 7 15:43:33 dc-ad esmith::event[4339]: Migrating existing database
configuration
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
certificates
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
networks
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
accounts
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
routes
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
hosts
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
proxypass
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
fwrules
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
fwservices
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
portforward
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
tc
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
dhcp
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
contentfilter
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
vhosts
Aug 7 15:43:34 dc-ad esmith::event[4339]: Migrating existing database
domains
Aug 7 15:43:34 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/nethserver-p3scan-update/S00initialize-default-databases
SUCCESS [1.334358]
Aug 7 15:43:34 dc-ad esmith::event[4339]: expanding
/etc/p3scan/p3scan.conf
Aug 7 15:43:35 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/actions/generic_template_expand SUCCESS [0.385739]
Aug 7 15:43:35 dc-ad esmith::event[4342]: Event:
nethserver-firewall-base-save nethserver-p3scan-update
Aug 7 15:43:35 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/nethserver-firewall-base-save/S02providers-cleanup
SUCCESS [0.370819]
Aug 7 15:43:35 dc-ad esmith::event[4342]: expanding /etc/collectd.conf
Aug 7 15:43:35 dc-ad esmith::event[4342]: expanding /etc/hosts
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding /etc/lsm/lsm.conf
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/actions
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/hosts
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/interfaces
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/maclist
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/mangle
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding /etc/shorewall/masq
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding /etc/shorewall/nat
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/policy
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/providers
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/rtrules
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/rules
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/shorewall.conf
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/stoppedrules
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/tcinterfaces
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/tcpri
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/tunnels
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/shorewall/zones
Aug 7 15:43:36 dc-ad esmith::event[4342]: expanding
/etc/collectd.d/ping.conf
Aug 7 15:43:37 dc-ad esmith::event[4342]: expanding
/var/www/html/wpad.dat
Aug 7 15:43:37 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/actions/generic_template_expand SUCCESS [1.507194]
Aug 7 15:43:37 dc-ad systemd: Reloading.
Aug 7 15:43:39 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:41 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 7 15:43:42 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 7 15:43:43 dc-ad kernel: ipt_ULOG: ULOG: fail to register logger.
Aug 7 15:43:43 dc-ad logger: Shorewall reloaded
Aug 7 15:43:43 dc-ad esmith::event[4342]: [NOTICE] Shorewall restart
Aug 7 15:43:43 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/nethserver-firewall-base-save/S89nethserver-shorewall-restart
SUCCESS [6.659116]
Aug 7 15:43:44 dc-ad systemd: Reloading.
Aug 7 15:43:44 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:44 dc-ad esmith::event[4342]: [INFO] lsm is disabled:
skipped
Aug 7 15:43:44 dc-ad esmith::event[4342]: [INFO]
Aug 7 15:43:44 dc-ad systemd: Reloading.
Aug 7 15:43:44 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:44 dc-ad esmith::event[4342]: [INFO] service collectd
restart
Aug 7 15:43:44 dc-ad systemd: Stopping Collectd statistics daemon…
Aug 7 15:43:44 dc-ad collectd[1043]: Exiting normally.
Aug 7 15:43:44 dc-ad collectd[1043]: collectd: Stopping 5 read threads.
Aug 7 15:43:45 dc-ad collectd[1043]: rrdtool plugin: Shutting down the
queue thread. This may take a while.
Aug 7 15:43:45 dc-ad collectd[1043]: ping plugin: Shutting down thread.
Aug 7 15:43:45 dc-ad collectd[1043]: collectd: Stopping 5 write
threads.
Aug 7 15:43:45 dc-ad esmith::event[4342]: [INFO] collectd restart
Aug 7 15:43:45 dc-ad systemd: Started Collectd statistics daemon.
Aug 7 15:43:45 dc-ad systemd: Starting Collectd statistics daemon…
Aug 7 15:43:45 dc-ad esmith::event[4342]: Action:
/etc/e-smith/events/actions/adjust-services SUCCESS [1.689144]
Aug 7 15:43:45 dc-ad esmith::event[4342]: Event:
nethserver-firewall-base-save SUCCESS
Aug 7 15:43:45 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/nethserver-p3scan-update/S20firewall-adjust SUCCESS
[10.365141]
Aug 7 15:43:45 dc-ad systemd: Reloading.
Aug 7 15:43:45 dc-ad systemd: Configuration file
/usr/lib/systemd/system/auditd.service is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without
restrictions. Proceeding anyway.
Aug 7 15:43:45 dc-ad collectd[4830]: Initialization complete, entering
read-loop.
Aug 7 15:43:45 dc-ad esmith::event[4339]: [INFO] service p3scan restart
Aug 7 15:43:45 dc-ad systemd: Stopping p3scan proxy…
Aug 7 15:43:45 dc-ad p3scan[1100]: signalled, doing cleanup
Aug 7 15:43:45 dc-ad p3scan[1100]: P3Scan terminates now
Aug 7 15:43:45 dc-ad systemd: Starting p3scan proxy…
Aug 7 15:43:46 dc-ad p3scan[4869]: P3Scan Version 2.3.2
Aug 7 15:43:46 dc-ad p3scan[4869]: Selected scannertype: basic (Basic
file invocation scanner)
Aug 7 15:43:46 dc-ad p3scan[4869]: Listen now on 0.0.0.0:8110
Aug 7 15:43:46 dc-ad systemd: PID file /var/run/p3scan/p3scan.pid not
readable (yet?) after start.
Aug 7 15:43:46 dc-ad esmith::event[4339]: [INFO] p3scan restart
Aug 7 15:43:46 dc-ad systemd: Started p3scan proxy.
Aug 7 15:43:46 dc-ad esmith::event[4339]: Action:
/etc/e-smith/events/actions/adjust-services SUCCESS [0.651876]
Aug 7 15:43:46 dc-ad esmith::event[4339]: Event:
nethserver-p3scan-update SUCCESS
Aug 7 15:43:46 dc-ad p3scan[4870]: Changing uid (we are root)
Aug 7 15:43:46 dc-ad p3scan[4870]: Running as user: amavis
: amavis
Aug 7 15:44:48 dc-ad clamd: SelfCheck: Database status OK.
…
Aug 7 15:48:14 dc-ad p3scan[5268]: POP3 Connection from
192.168.1.11:54451
Aug 7 15:48:14 dc-ad p3scan[5268]: Real-server address is
91.195.62.2:110
Aug 7 15:48:14 dc-ad p3scan[5268]: Ignoring servers TOP capability…
Aug 7 15:48:14 dc-ad p3scan[5268]: Ignoring servers PIPELINING
capability…
Aug 7 15:48:14 dc-ad p3scan[5268]: Session done (Clean Exit). Mails: 0
Bytes: 0
Aug 7 15:49:17 dc-ad p3scan[5354]: POP3 Connection from
192.168.1.11:54456
Aug 7 15:49:17 dc-ad p3scan[5354]: Real-server address is
91.195.62.2:110
Aug 7 15:49:17 dc-ad p3scan[5354]: Ignoring servers TOP capability…
Aug 7 15:49:17 dc-ad p3scan[5354]: Ignoring servers PIPELINING
capability…
Aug 7 15:49:17 dc-ad p3scan[5354]: WARNING: Your scanner returned
neither 0, a viruscode, nor a good viruscode, but 2
Aug 7 15:49:17 dc-ad p3scan[5354]: ERR: We can’t say if it is a virus!
So we have to give the client the mail! You should check your
configuration/system
Aug 7 15:49:17 dc-ad p3scan[5354]: ERR: Scanner returned unexpected
error code. You should check your configuration/system.
Aug 7 15:49:17 dc-ad p3scan[5354]: ERR: Exiting now…
Aug 7 15:49:17 dc-ad p3scan: ERR: Scanner returned unexpected error
code. You should check your configuration/system.
Aug 7 15:49:18 dc-ad kernel: p3scan[5354]: segfault at 241 ip
00007fa33099eab4 sp 00007ffc03356080 error 4 in
libc-2.17.so[7fa330956000+1b7000]
Aug 7 15:49:18 dc-ad p3scan[4870]: ERR: Attention: child with pid 5354
died with abnormal termsignal (11)! This is probably a bug. Please
report to the author. numprocs is now 0
Aug 7 15:50:03 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:50:03 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:50:03 dc-ad systemd: Starting Time & Date Service…
Aug 7 15:50:03 dc-ad dbus-daemon: dbus[643]: [system] Successfully
activated service ‘org.freedesktop.timedate1’
Aug 7 15:50:03 dc-ad dbus[643]: [system] Successfully activated service
‘org.freedesktop.timedate1’
Aug 7 15:50:03 dc-ad systemd: Started Time & Date Service.
Aug 7 15:52:21 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:52:21 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 15:52:21 dc-ad systemd: Starting Time & Date Service…
Aug 7 15:52:21 dc-ad dbus-daemon: dbus[643]: [system] Successfully
activated service ‘org.freedesktop.timedate1’
Aug 7 15:52:21 dc-ad dbus[643]: [system] Successfully activated service
‘org.freedesktop.timedate1’
Aug 7 15:52:21 dc-ad systemd: Started Time & Date Service.
Service.
Aug 7 15:53:14 dc-ad p3scan[4870]: P3Scan terminates now
Aug 7 15:53:24 dc-ad systemd: Removed slice user-0.slice.
Aug 7 15:53:24 dc-ad systemd: Stopping user-0.slice.
Aug 7 15:54:48 dc-ad clamd: SelfCheck: Database modification detected. Forcing reload.
Aug 7 15:54:49 dc-ad clamd: Reading databases from /var/lib/clamav
Aug 7 15:55:05 dc-ad clamd: Database correctly reloaded (4868738 signatures)
Aug 7 15:55:53 dc-ad clamd: SelfCheck: Database modification detected. Forcing reload.
Aug 7 15:55:53 dc-ad clamd[1351]: SelfCheck: Database modification detected. Forcing reload.
Aug 7 15:55:54 dc-ad clamd: Reading databases from /var/lib/squidclamav
Aug 7 15:55:54 dc-ad clamd[1351]: Reading databases from /var/lib/squidclamav
Aug 7 15:56:07 dc-ad clamd: Database correctly reloaded (4868738 signatures)
Aug 7 15:56:07 dc-ad clamd[1351]: Database correctly reloaded (4868738 signatures)
In this moment, Aug 7 15:56:07:
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Stopped
Starting the p3scan service, manually:
Aug 7 16:00:48 dc-ad control-service: p3scan start
Aug 7 16:00:48 dc-ad systemd: Starting p3scan proxy…
Aug 7 16:00:48 dc-ad p3scan[6202]: P3Scan Version 2.3.2
Aug 7 16:00:48 dc-ad p3scan[6202]: Selected scannertype: basic (Basic
file invocation scanner)
Aug 7 16:00:48 dc-ad p3scan[6202]: Listen now on 0.0.0.0:8110
Aug 7 16:00:48 dc-ad systemd: PID file /var/run/p3scan/p3scan.pid not
readable (yet?) after start.
Aug 7 16:00:48 dc-ad systemd: Started p3scan proxy.
Aug 7 16:00:48 dc-ad dbus-daemon: dbus[643]: [system] Activating via
systemd: service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 16:00:48 dc-ad dbus[643]: [system] Activating via systemd:
service name=‘org.freedesktop.timedate1’
unit=‘dbus-org.freedesktop.timedate1.service’
Aug 7 16:00:48 dc-ad systemd: Starting Time & Date Service…
Aug 7 16:00:48 dc-ad p3scan[6203]: Changing uid (we are root)
Aug 7 16:00:48 dc-ad p3scan[6203]: Running as user: amavis
EDIT:
Thunderbird schedule send and receive:
Aug 7 16:03:14 dc-ad p3scan[6534]: POP3 Connection from
192.168.1.11:54567
Aug 7 16:03:14 dc-ad p3scan[6534]: Real-server address is
91.195.62.2:110
Aug 7 16:03:14 dc-ad p3scan[6534]: Ignoring servers TOP capability…
Aug 7 16:03:14 dc-ad p3scan[6534]: Ignoring servers PIPELINING
capability…
Aug 7 16:03:14 dc-ad p3scan[6534]: WARNING: Your scanner returned
neither 0, a viruscode, nor a good viruscode, but 2
Aug 7 16:03:14 dc-ad p3scan[6534]: ERR: We can’t say if it is a virus!
So we have to give the client the mail! You should check your
configuration/system
Aug 7 16:03:14 dc-ad p3scan[6534]: ERR: Scanner returned unexpected
error code. You should check your configuration/system.
Aug 7 16:03:14 dc-ad p3scan[6534]: ERR: Exiting now…
Aug 7 16:03:14 dc-ad p3scan: ERR: Scanner returned unexpected error
code. You should check your configuration/system.
Aug 7 16:03:14 dc-ad p3scan[6203]: ERR: Attention: child with pid 6534
died with abnormal termsignal (11)! This is probably a bug. Please
report to the author. numprocs is now 0
Aug 7 16:03:14 dc-ad kernel: p3scan[6534]: segfault at 241 ip
00007f871b872ab4 sp 00007fff7abb9ac0 error 4 in
libc-2.17.so[7f871b82a000+1b7000]
Aug 7 16:04:30 dc-ad p3scan[6203]: P3Scan terminates now
Aug 7 16:05:06 dc-ad clamd: SelfCheck: Database status OK.
In this moment, Aug 7 16:05:06:
Services: clamd@squidclamav - Enabled, Running
p3scan - Enabled, Stopped
EDIT 2:
After I have disabled Antivirus from POP3 proxy, everything it’s OK: I can receive emails, the p3scan service automatically Running.
I’ve been playing with NS7 and just wanted to point out a couple of issues I’ve been finding (not sure if they are by design or not )
I’ve installed NS7 on a KVM machine running latest CentOS 7.1 from the repository.
when I try to access the control pannel via http by typing in the browser neth.mydomain.com:980 instead of the full address, the redirect takes me to the ipadress of the server, instead of the dns address;
I’ve unable to install the Pop3 proxy package as well as the Samba Active directory - both give me yum cache errors; I’m aware of the other threads here regarding both issues;
when rebooting the service, there is no connectivity message as in NS 6.8, informing the user when the reboot and reconnect ion has been completed; I quite liked that small feature
when creating a user through the control panel, and ticking the box to allow ssh access, does not seem to work at the moment as I haven’t been able to connect through ssh as expected.
when creating a Letsencrypt certificate with more than a domain (for example: “neth.mydomain.com mydomain.com” it gives an output where the certifciate issuer is stated as “Fake LE Intermediate X1” and the certificate does not work.
don’t seem to be able to delete previously issued certificates (such as the error one above); If we want/have to issue several certificates for different domains and subdomains (as we have to do it one by one) they will rapidly accumulate;
Thanks.
The login username has to contain the domain part, i.e. in my case I use:
ssh filippo.carletti@nethesis.it@nethserver