3.0.1.5: EFA-MS-Update has stopped updating phishing sites as of Jan 15, 2017

[dbrunt]

The following URL's seem to be invalid:

[root@efa sbin]# ./usr/local/sbin/EFA-MS-Update -update
bash: ./usr/local/sbin/EFA-MS-Update: No such file or directory
[root@efa sbin]# /usr/local/sbin/EFA-MS-Update -update
--2017-01-17 13:21:53-- http://dl.efa-project.org/MailScanner/p ... sites.conf
Resolving dl.efa-project.org... 188.165.135.228, 2001:41d0:2:524b::228
Connecting to dl.efa-project.org|188.165.135.228|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-01-17 13:21:53 ERROR 404: Not Found.

It failed to complete properly
Restored backup of phishing.bad.sites.conf
Reloading MailScanner ...


MailScanner restarted with process id 21486
--2017-01-17 13:21:56-- http://dl.efa-project.org/MailScanner/p ... sites.conf
Resolving dl.efa-project.org... 188.165.135.228, 2001:41d0:2:524b::228
Connecting to dl.efa-project.org|188.165.135.228|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-01-17 13:21:57 ERROR 404: Not Found.

It failed to complete properly
Restored backup of phishing.safe.sites.conf
Reloading MailScanner ...


MailScanner restarted with process id 21525

[shawniverson]

Thanks for heads up, we'll get 'er fixed

[darky83]

Issue should now be fixed, had to request a new API code for some of the sources we use as the old one magically didn't work anymore :S

this caused the script to break and no files to be written, (should probably make some sort of error detection there )

[dbrunt]

Thanks, it is updating now.
However, I now see a problem with /usr/local/sbin/EFA-MS-Update...it is not implementing the phishing.[safe|bad].sites.custom files!
Has this been addressed in 3.0.1.8?

Code: Select all

# +--------------------------------------------------------------------+
# EFA Project Mailscanner rules update script
# Version 20140623
# +--------------------------------------------------------------------+

Code: Select all

#----------------------------------------------------------------#
# Update safe file
#----------------------------------------------------------------#
function update_safe()
{
  reload=1
  cd /etc/MailScanner
  wget -N $SAFESRC
  if [ "$?" = "0" ]; then
        echo It completed okay.
        if [ -r /etc/MailScanner/phishing.safe.sites.conf.backup ]; then
                if [ phishing.safe.sites.conf -nt /etc/MailScanner/phishing.safe.sites.conf.backup ]; then
                        if ( tail -10 phishing.safe.sites.conf | grep -q '^#.*EOF' ); then
                                # echo It succeeded, so make a backup
                                cp -f phishing.safe.sites.conf /var/EFA/backup/phishing.safe.sites.conf.backup
                         else
                                echo ERROR: Could not find EOF marker in phishing.safe.sites.conf
                                cp -f /var/EFA/backup/phishing.safe.sites.conf.backup phishing.safe.sites.conf
                        fi
                else
                # Remote file not newer than local copy
                reload=0
                fi
        else
                # No backup file present, so delete file if it is bad
                if ( tail -10 phishing.safe.sites.conf | grep -q '^#.*EOF' ); then
                        #      echo Success, make a backup
                        cp -f phishing.safe.sites.conf /var/EFA/backup/phishing.safe.sites.conf.backup
                 else
                        echo ERROR: Could not find EOF marker in phishing.safe.sites.conf and no backup
                        rm -f phishing.safe.sites.conf
                        reload=0
                fi
        fi
  else
        echo It failed to complete properly
        if [ -r /var/EFA/backup/phishing.safe.sites.conf.backup ]; then
                echo Restored backup of phishing.safe.sites.conf
                cp -f /var/EFA/backup/phishing.safe.sites.conf.backup phishing.safe.sites.conf
         else
                # No backup copy present, so delete bad phishing.safe.sites.conf
                echo ERROR: wget of phishing.safe.sites.conf failed and no backup
                rm -f phishing.safe.sites.conf
                reload=0
        fi
  fi

The /etc/MailScanner/bin/update_phishing_sites script (which EFA does NOT have) concatenates the .custom files with downloaded .master files to create new .conf files:

Code: Select all

#!/usr/bin/env bash 
# 
#   MailScanner - SMTP E-Mail Virus Scanner 
#   Copyright (C) 2002  Julian Field 
# 
#   $Id: update_phishing_sites 3982 2007-06-26 09:00:39Z sysjkf $ 
# 
#   This program is free software; you can redistribute it and/or modify 
#   it under the terms of the GNU General Public License as published by 
#   the Free Software Foundation; either version 2 of the License, or 
#   (at your option) any later version. 
# 
#   This program is distributed in the hope that it will be useful, 
#   but WITHOUT ANY WARRANTY; without even the implied warranty of 
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
#   GNU General Public License for more details. 
# 
#   You should have received a copy of the GNU General Public License 
#   along with this program; if not, write to the Free Software 
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA 
# 
# 

# set your options here 
# 
CONFIGDIR='/etc/MailScanner'; 
THEURL='http://phishing.mailscanner.info/phishing.safe.sites.conf'; 

PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/etc:/usr/local/bin:/usr/sfw/bin 
export PATH 

if [ -d $CONFIGDIR ]; then 
    cd $CONFIGDIR 
else 
    logger -p mail.warn -t update.phishing.sites Cannot find MailScanner configuration directory, update failed. 
    echo Cannot find MailScanner configuration directory. 
    echo Auto-updates of phishing.safe.sites.conf will not happen. 
    exit 1 
fi 

# check for the custom config file and create if missing 
if [ ! -f $CONFIGDIR/phishing.safe.sites.custom ]; then 
      echo '# Add your custom Phishing safe sites to the' >> $CONFIGDIR/phishing.safe.sites.custom 
      echo '# phishing.safe.sites.custom file in your MailScanner' >> $CONFIGDIR/phishing.safe.sites.custom  
      echo '# directory. Note that phishing.safe.sites.conf is' >> $CONFIGDIR/phishing.safe.sites.custom 
      echo '# overwritten when update_phishing_sites is executed.' >> $CONFIGDIR/phishing.safe.sites.custom 
      echo '#' >> $CONFIGDIR/phishing.safe.sites.custom 
      echo 'mailscanner.info' >> $CONFIGDIR/phishing.safe.sites.custom 
fi 

curl --compressed -o $CONFIGDIR/phishing.safe.sites.conf.master $THEURL ||
wget --no-check-certificate -O $CONFIGDIR/phishing.safe.sites.conf.master $THEURL ||
( logger -p mail.warn -t update.phishing.sites Cannot find wget or curl, update failed. ; echo Cannot find wget or curl to do phishing sites update. ; exit 1 ) 

if [ -s phishing.safe.sites.conf.master ]; then 
    cat phishing.safe.sites.custom phishing.safe.sites.conf.master |
    uniq > phishing.safe.sites.conf.new 
    rm -f phishing.safe.sites.conf 
    mv -f phishing.safe.sites.conf.new phishing.safe.sites.conf 
    chmod a+r phishing.safe.sites.conf 
    logger -p mail.info -t update.phishing.sites Phishing safe sites list updated 
else 
    logger -p mail.info -t update.phishing.sites Phishing safe sites list update failed! 
fi 
rm -f phishing.safe.sites.conf.master 

exit 0

[dbrunt]

Digging further...trying to determine why my entries in .custom files were no longer prepended to .conf files from Tuesday Jan 17th...

What if anything runs EFA-MS-Update?

I found /usr/local/sbin/ms-update-[safe|bad]-sites which is run daily by cron:
/etc/cron.daily/mailscanner
/usr/sbin/ms-cron DAILY
# update phishing sites
if [ $ms_cron_ps = 1 ]; then
/usr/sbin/ms-update-safe-sites
/usr/sbin/ms-update-bad-sites

These two update scripts essentially contain the same functional code as /etc/MailScanner/bin/update_phishing_sites.

Question remains: Why did today/yesterday's daily update not concatenate my .custom files?