cPanel

New ClamAV v0.90

We have previously guarded against upgrading to this latest version of ClamAV as the developer of the perl module Mail::ClamAV has not updated his code to support this updated version of the ClamAV engine.However, vulnerabilities have now been published for versions of ClamAV prior to v0.90 so it seems prudent to upgrade to it now.To do this we have repackaged the ClamAV v0.90 distribution and added code to convert MailScanner to use clamav instead of clamavmodule for its Virus Scanner.The downside of this change is that there is a potential increase in server load over using the perl module method.You can upgrade now through the WHM MailScanner UI. You can ignore the Mail::ClamAV errors at the bottom of the installation procedure, but do make sure that MailScanner starts correctly and send a test message through your system (check /var/log/maillog).For anyone using MailScanner without our Front-End, you can upgrade using the same repackaged distribution with…

wget http://license.configserver.com/clamav-0.90.tar.gztar -xzf clamav-*cd clamav-*./configure –disable-zlib-vcheckmakemake installreplace “Example” “#Example” — /usr/local/etc/freshclam.confreplace “Example” “#Example” — /usr/local/etc/clamd.conffreshclamcd ../bin/rm -Rf clamav-*service MailScanner restart

Do not upgrade to ClamAV v0.90

Don’t be tempted to upgrade to ClamAV v0.90 if you are running MailScanner. The Mail::ClamAV perl module is incompatible with it at this time, so you will have to stick with ClamAV v0.87 (why can’t they develop these things to be backwards compatible?). Hopefully the Mail::ClamAV developer will fix this soon. If you must use v0.90 then you’ll have to set virus scanners = clamav in MailScanner.conf

MailScanner: Problems for Liquidweb clients

We have found that some clients hosted by Liquidweb are seeing the message “MailScanner Status: Disabled” at the top of their MailScanner front-end after a cPanel upgrade.The problem has been caused by Liquidweb’s installation of clamav rpms that modify the exim configuration each time cPanel is upgraded, thus breaking MailScanner. We have been uninstalling these rpms as part of our mailscanner install for several months now but it appears that Liquidweb has re-installed those rpms and the problem has arisen again since a recent cPanel upgrade.Fix instructions follow.If you would like us to perform the fix for you, then please log a ticket on our helpdesk with access details. There will be a $30 (half hour) charge for performing this service.Here is how to fix it:1. Remove /etc/exim.conf.local to start with a clean copy.

/bin/mv -fv /etc/exim.conf.local /etc/exim.conf.local.old/scripts/buildeximconf

2. Remove all installs and rpms of clamav and reinstall clamav.

killall clamdrpm -e clamav-db clamd clamav clamav-devel/bin/rm -Rfv /usr/bin/clam*/bin/rm -Rfv /usr/sbin/clam*/bin/rm -Rfv /usr/lib/libclam*/bin/rm -Rfv /usr/share/clam*/bin/rm -Rfv /usr/include/clam*/bin/rm -Rfv /usr/bin/freshclam*/bin/rm -Rfv /usr/etc/clamav*/bin/rm -Rfv /usr/local/bin/clam*/bin/rm -Rfv /usr/local/sbin/clam*/bin/rm -Rfv /usr/local/lib/libclam*/bin/rm -Rfv /usr/local/share/clam*/bin/rm -Rfv /usr/local/include/clam*/bin/rm -Rfv /usr/local/bin/freshclam*/bin/rm -Rfv /usr/local/etc/clamav*useradd clamavgroupadd clamavcd /root/rpmswget http://prdownloads.sourceforge.net/clamav/clamav-0.88.7.tar.gztar -xzf clamav-*cd clamav-*./configure –disable-zlib-vcheckmakemake installreplace “Example” “#Example” — /usr/local/etc/freshclam.confreplace “Example” “#Example” — /usr/local/etc/clamd.conffreshclamcd ../bin/rm -Rf clamav-*cd /root/rpms/touch /var/log/clam-update.logchown clamav:clamav /var/log/clam-update.log/scripts/perlinstaller –force Mail::ClamAV

3. Upgrade MailScanner (per instructions on website – http://www.configserver.com/cp/upgrade.html) to add correct configuration to exim.conf.local. Should be able to select option 2 (quick perl module check). You will need to do ths at the command line since you are probably already running the latest version of MailScanner.4. Re-add the dictionary attack ACL, log_selector, etc. to exim.conf.local via WHM exim configuration editor, if desired.

New csf v2.57

Changes:

  • New feature: WHM UI mod_security v1 display last X entries in the audit_log
  • New feature: WHM UI mod_security v1 edit files or directories in /usr/local/apache/conf/ that are prefixed with modsec or mod_sec
  • Tweaked the pre-configured Firewall Security Level settings

New cse v1.4

Changes:

  • Modification to work correctly current EDGE

To upgrade:

cd /usr/srcrm -fv cse.tgzwget http://www.configserver.com/free/cse.tgztar -xzf cse.tgzcd csesh install.shcd /usr/src/rm -Rfv cse*

New csf v2.55

Changes:

  • Fix to to support current EDGE in csf WHM UI

New csf v2.54

Changes:

  • Tightened the mod_security v1 regex after the changes in v2.52

Fedora Legacy closing – FC4 no longer supported

A kindly reminder that anyone running FC4, FC3, FC2 or FC1 needs to migrate their servers as soon as possible. As this notice on the FedoraLegacy states:

In case any of you are not aware, the Fedora Legacy project is in the process of shutting down. The current model for supporting maintenance distributions is being re-examined. In the meantime, we are unable to extend support to older Fedora Core releases as we had planned. As of now, Fedora Core 4 and earlier distributions are no longer being maintained.

This means that if you’re running FC4 or lower you will no longer receive any OS updates including vital security fixes. You therefore need to migrate to a supported OS as soon as possible.We’d strongly recommend moving over to CentOSv4. If you have to use Fedora Core (and you should not use it on any production servers as it’s a development OS) then you should only currently use FC5 since cPanel don’t yet support FC6.

New csf v2.52

Changes:

  • Separated the log file regex’s into regex.pm for those feeling brave to tailor them for non-cPanel servers
  • Unified installer for cPanel and non-cPanel installations – so that only install.sh needs to be run (checks for the existence of /usr/local/cpanel/version If you install on a server intending to use cPanel before cPanel is installed, run the install.cpanel.sh script instead
  • Added mod_security v2 regex when running Apache2 to lfd
  • Added [iptext] tag for connectiontracking.txt to list all the connections of an offending IP. Add this manually for existing installations

New csf v2.51

This is a major landmark for us in the development of csf and lfd which provides installation of the firewall and daemon onto non-cPanel generic Linux distributions:

  • Major Enhancement: csf+lfd can now be installed and used on a generic Linux OS without cPanel using install.generic.sh – see readme.txt for more information
  • PF INVDROP entries made bi-directional if PF logging enabled (reduces the number of INVDROP LOG rules by half)
  • Fixed Process Tracking throttle control to correctly use PT_INTERVAL