Koozali.org formerly Contribs.org

Recent Posts

Pages: [1] 2 3 ... 10
1
SME Server 10.x / Re: helping with sme10
« Last post by Jean-Philippe Pialasse on Today at 05:59:43 AM »
If two drives are available raid 1 should be the default unless you play with disks in the gui.

Zfs is not offered with red hat. They allow xfs. It would also need to be able to modify the installer to make zfs available. It also requires a few steps to make it available on an already installed fresh centos 7
2
SME Server 9.x / Re: block iso email attachment
« Last post by janet on Today at 12:35:27 AM »
SchulzStefan

From the Howto.

Determining file pattern, signature or magic
To find out what the pattern or signature or magic for a file is, it needs to be run through a base64 encoding routine and the appropriate strings determined from the first line of the output. That is, for "sane" files which have "magic" numbers at the start. The file can also be decoded to find out what type of it is. Published file specifications (where available) could also be referred to.

Copy a file to a folder on SME Server, say filename.zip

At the command prompt do

perl -MMIME::Base64 -0777 -ne 'print encode_base64($_)' <filename.zip | head -1
This gives an output of

UEsDBAoAAQAAAMBOfzC356fxzVUAAMFVAAANAAAAZWxhaXZrZHVwLnNjckwHjDHTKYSGUE+SV
A suitable substring needs to be picked to use as the pattern for this file type, for example:

UEsDBAoAA
The pattern string needs to be long enough to avoid "false positives" and short enough to catch all of that file type. Running the above command across a few files of a particular type will usually clearly show the appropriate substring.

To find out the file type details

echo 'UEsDBAoAA' | perl -MMIME::Base64 -0777 -ne 'print decode_base64($_)' >/tmp/17.exe
then run "file" on the result

file /tmp/17.exe
the output is

/tmp/17.exe: Zip archive data, at least v1.0 to extract
which identifies the type of file

An alternative way of identifying the file pattern or signature for users of Clamavis-ng is to view the quarantined messages in /var/spool/amavis-ng/quarantine

Here is an extract from a quarantined infected message that mimics a zip file

File: 406a8bee~aad.msg Col 0 30787 bytes
----------mtohkeqkmfnipbfntepj
Content-Type: application/octet-stream; name="AttachedFile.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="AttachedFile.zip"
UEsDBAoAAQAAAMBOfzC356fxzVUAAMFVAAANAAAAZWxhaXZrZHVwLnNjckwHjDHTKYSGUE+SV1OwspplLsSWrbYvwOvHVHYOYDOiVliyLlDWU2LYVELdEiwxkwOPVsk3+m/Ddl9U56v6+tbrdXPEBTv+yEH56h/R+Bbk54hUOLieVPW61QOD7YVXZilxgCAZ+SppPxWuKv2iCBuw5qQ5N/r7CISrWWEPaAzGYwUmuERoNMEo4TFm6yV2BqBhv+Y1e/SLz30EV6anGmvwvKiWaLfcjo8sfF3UDQ203TAV33kypvZDqAsF/g3O1rvbEf+K/pZpWjOy1A5S3OWF7IKsbNxQdwqWPvuO6XS6QHwLQAF+6q4LKdUFM89j+lnKR3bXaGU3v18YN862XIeJtEqW3Ulbj8MA33IBDoTQzpYQwGQm+?????????..
So to create a new pattern for this message use

UEsDBAoAA
which is the pattern corresponding to ZIPV1 file type

UEsDBAoAA: Zip archive data, at least v1.0 to extract
3
SME Server 9.x / Re: block iso email attachment
« Last post by janet on Today at 12:29:30 AM »
SchulzStefan

From the Howto article are these extra patterns you can add. They may catch some of your unwanted img files as they detect content rather than filename.

Extra patterns
Extra patterns not included in the default database that may be enabled if required for blocking of multimedia files etc (long & short versions listed)

Important.png   Note:
These have not been thoroughly tested and may need further refinement to ensure they accurately represent the signature pattern for all occurrences of the particular file type

SCR screen saver files - MS-DOS executable (EXE)

Example: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Pattern: TVqQAAMAAA
PIF1 - data

Example: AHhUYXggMTk5OCAgICAgICAgICAgICAgICAgICAgICCAAgAAWTpcSFNPRlRcSFQ5OFxIVDk4LkVY
Pattern: AHhUYXgg
PIF2 - data

Example: AMlIbDk5LmV4ZSAgICAgICAgICAgICAgICAgICAgICCAAIAAVDpccHJpdmF0ZVxIc29mdFxITFxI
Pattern: AMlIbDk5Lm
PIF3 - data

Example: AHhIYW5kaVJlZ2lzdGVyIDIwMDAgICAgICAgICAgICCAAgAAWTpcSHNvZnRcSFJcSFIwMC5FWEUA
Pattern: AHhIYW5k
WAV sound file - data

Example: UklGRiRwLgBXQVZFZm10IBAAAAABAAIAgLsAAADuAgAEABAAZGF0YQBwLgAAAAAAAAAAAAAAAAAA
Pattern: Uk1GRiRwL
JPEG image data, JFIF standard 0.00, aspect ratio, 0 x 0

Example: /9j/4AAQSkZJRgABAgEBLAEsAAD/7RLSUGhvdG9zaG9wIDMuMAA4QklNA+0AAAAAABABLAAAAAEA
Pattern: /9j/4AAQSkZJRg
TIF - TIFF image data, little-endian

Example: SUkqAAgAAAAQAP4ABAABAAAAAAAAAAABAwABAAAAJgMAAAEBAwABAAAAQAUAAAIBAwADAAAAzgAA
Pattern: SUkqAAgAAAA
PPT powerpoint presentation -Microsoft Office Document

Example: 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAADEAwAAIRgBAAAAAAAA
Pattern: 0M8R4KGxGuEA
WMV Windows Media Player video file - Microsoft ASF

Example: MCaydY5mzxGm2QCqAGLObH8PAAAAAAAACwAAAAECodyrjEepzxGO5ADADCBTZWgAAAAAAAAAeeIB
Pattern: MCaydY5mzxGm
MPG mpeg1 video file - MPEG system stream data

Example: AAABuiEAAQAHgCgdAAABuwAMgCgdBeH/4OAuwMAgAAAB4AfcYC4xAAGMUREAAXAxAAABsxYBIIME
Pattern: AAABuiEAAQAHg
M2P mpeg2 video file - MPEG system stream data

Example: AAABukQABAAGBQFG//gAAAG7AAyAo38F4X/g4OfAwCAAAAHgB9qAwQ0xAAG2QxEAAZojHmDnAAAB
Pattern: AAABukQABAAGB
AVI video file - RIFF (little-endian) data

Example: UklGRpC0qQBBVkkgTElTVDYBAABoZHJsYXZpaDgAAABAnAAA5MJnAAAAAAAQAAEAWggAAAAAAAAC
Pattern: UklGRpC0qQBB
4
SME Server 9.x / Re: block iso email attachment
« Last post by janet on Today at 12:19:08 AM »
SchulzStefan

Blocking by filename type (prefix) is flawed, as files can be an exe or zip or whatever else type content but be named *.txt, thus avoiding detection.

Quote
I don't understand - *every* attachment is different.

Well so you claim.
In plain english, in most cases though, files of a certain format, say zipv1, have a common set of characters at the very beginning of the file "code", this is known as the "magic" or "signature" or "pattern", & is usually 6 or 9 characters that are identical in "every" zipv1 file.
The same concept applies to zipv2 & exe & other file formats, they all have a unique & identical set of characters at the beginning of the file, which is identical for each specific file format type.

The neat aspect of file pattern matching is that the file can have a false name, say filename.txt, but if it is actually a zipv1 or exe format file, then the pattern matching will detect & reject it. A false name cannot trick or fool the pattern matching filter, as it examines the file content rather than the file name.

So as no specific pattern is listed in the SME server database for iso & img files, you willl need to determine what the pattern or magic is, add it to the mailpatterns database & select that option in server manager.

The full instructions are in the Howto & while appearing to be complex, it is fairly straightforward if you follow the step by step instructions (ie the section about determining the magic & creating a database entry).

I do not personally know for sure if there are common patterns for all variants of iso & img files, that is why you would need to run the commands described in the Howto against a few different iso & img files.
5
SME Server 10.x / Re: helping with sme10
« Last post by jameswilson on Yesterday at 11:53:34 PM »
Known issue. Anaconda does not allow anymore degraded array to be used to install. Philosophical debate here, but at the end the core of anaconda would need hours of work and analyze (from us) to add this functionality back as upstream make it clear they do not want it.
Not sure it will happen, unless you have a python guru available with free time.
Fair enough, can the installer be changed then to offer mdadm or zfs options for install. I assume most sme installs are on bare metal so would ideally want to have the raid 1 / z as a default option if the drives were in place at install time?
6
SME Server 9.x / Re: block iso email attachment
« Last post by SchulzStefan on Yesterday at 09:30:26 PM »
I, too, have long wished for an easier way to block emails by attachment type on SME servers - and I've never felt like I understand the mailpattern system.

I usually end up looking for another way to do the same thing:
* Are the sending IPs listed in a DNSBL service I can configure?
* Can the unwanted emails be blocked by the helo, rhsbl, or badmailfrom plugins?
* Will they be blocked if I turn on Bayesian filtering and autolearning?
* (as suggested) Can I create a custom spamassassin rule?



This code should find every email received in the last one day ("-ctime -1") with an iso or img attachment - you could then examine those emails for other blockable characteristics, or delete them using a scheduled script:
Code: [Select]
find /home/e-smith/files/users/ -type d -name Maildir |while read maildir
do
  find "$maildir" -type f -name "*.$(config show ServerName)*" -ctime -1 -exec grep -l "Content-Disposition: attachment; filename=.*\.[iso|img]" "{}" \;
done

Aha. Seems I'm not the only one thinking about an easy way to block any attachment you want.

I'll give the script a try.
7
SME Server 9.x / Re: block iso email attachment
« Last post by SchulzStefan on Yesterday at 09:28:02 PM »

It does not take long to run the file.exe command against a few different iso & img files to find the magic, say 10 minutes.
Then add another 10 mins to add that magic to the database & it's done.

I don't understand - *every* attachment is different.


Remember that pattern matching rejects the email message, whereas spamassassin accepts the email message & moves it to the junkmail folder, thus still consuming download bandwidth.

That's correct.
8
Français / Re: nextcloud
« Last post by Jean-Philippe Pialasse on Yesterday at 05:50:15 AM »

Informations sur les domaines
Domaine primaire   linux-nuts.com

alors ton acces nextcloud est
https://linux-nuts.com/nextcloud/

tu peux aussi y acceder par :
son nom d'hote HOTE (a remplacer par ton vrai nom d'hote) et HOTE.linux-nuts.com ,
son ip locale,
son ip distante ( si tu configure en mode publique)

desolé j'ai pas mis le www dans les options :)
tu peux le faire en editant :
/usr/share/nextcloud/config/config.php

et en ajoutant une ligne trusted domain
9
SME Server 10.x / Re: helping with sme10
« Last post by Jean-Philippe Pialasse on Yesterday at 05:28:04 AM »
Known issue. Anaconda does not allow anymore degraded array to be used to install. Philosophical debate here, but at the end the core of anaconda would need hours of work and analyze (from us) to add this functionality back as upstream make it clear they do not want it.
Not sure it will happen, unless you have a python guru available with free time.
10
SME 9.x Contribs / Re: Software collections and mysql 5.7
« Last post by Jean-Philippe Pialasse on Yesterday at 05:23:56 AM »
While the exercise is interesting....

Trying to get back to the initial problem ie migrating db from mysql51 to mysql57

Signal-event pre-backup

Install smeserver-mysql57, just the yum step

cp /home/e-smith/db/mysql/*.dump /home/e-smith/db/mysql57

Then finish the install of mysql57 by doing the extra steps on wiki. It will do as you were restoring backups on a fresh sme
Pages: [1] 2 3 ... 10