ASSP Deluxe for cPanel

[benito]

Just another prop to Gabriel for his outstanding support. He really cares about his product.

i totally agree

[Radio_Head]

Thank you !

@rligg
please send me a screenshot of your ASSP STATUS CHARTS and the result of this

# grep -B7 " initial" /usr/local/assp/maillog.txt | grep -v "Saving"

[manokiss]

hi guys, wondering if someone got the new sansecurity script working with cpanel/assp deluxe? I did check the scripts and the configurations info into it like the clamav dbase path, pid file etc. looks are different with the way cpanel run it? Any idea?

I mean for example the clamav dbase path in the script is /var/lib/clamav which do not exists, etc.

Thanx!

[Radio_Head]

Hello

on Dec. 2008 Sanesecurity support/service was stopped so I removed the Sanesecurity "how to" from grscripts.com faqs section. Now sanesecurity turned back . Instead to put back the faq , I'm adding code to automatically update signatures without using a cron. It will be available with next ASSP Deluxe and ASSP WHM update.

BTW you can get the db location in this way

# clamscan --debug /usr/local/assp/assp.cfg 2>&1 | grep -m1 -i -E 'loading databases from'

[manokiss]

Thanx Radio!

That will be simply amazing!

[Radio_Head]

It should be ready for tomorrow if all tests will be ok . I'm coding an high customizable signatures update script (not only for sanesecurity) , fully automated , and with a detailed activity log . There will be a new signatures.php cron (to be executed each 12 hours) ; at the end I choosed a separate cron solution (instead to integrate the code inside ex_localdomains.php i.e.) because especially sanesecurity is using long delays between each rsync update .

[Radio_Head]

ASSP WHM 4.4.0
:: force rebuildspamdb.pl automatic upgrade . It contains server load controls to reduce rebuildspamdb cpu usage.

ASSP Deluxe 3.3.0
:: Unofficial clamD signatures to block spam/virus/malware supported
- fully automatic
- logging capabilities
- anti abuse sleeping time
- advanced commands
- 4 signatures providers , 13 signatures dbs

( more info )

ASSP Deluxe frontend 5.1
:: fixed log visualization when using Unique ID logging


Detailed changelog here > http://www.grscripts.com/changelog.html

[norelidd]

hey, this is pretty awesome. great work on the custom script. this takes a lot of the guesswork out of it.

why didn't you include msrbl-images?

when i wrote the initial guide for the clamd definitions, the only two you could download were sanesecurity and msrbl. i remember when some of the new ones (securesite/malware) came out, they were very agressive and have many false positives.

is this still the case or are they good for production use?

[Radio_Head]

Thank you . I will surely add them (msrbl-images) with next ASSP Deluxe update .
The script is flexible and other signatures can be added with minor problems.

Regarding securesite/malware currently I had no problem with false positives. If you think so , you may disable them.
You should simply remove the files from your clamd database , or simply execute a signatures.php dx=1 to uninstall everything and then start the cron using signatures.php se=0 ma=0 .
BTW if I will receive bad signals from admins using securesite/malware you will see surely an advice here . Regarding specifically malware it updates the regular (not aggressive) signature .

[Radio_Head]

I added rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images-FULL-SoN.hdb in ASSP Deluxe 3.3.0 few minutes ago. If you want use it now , force and ASSP Deluxe 3.3.0 upgrade .

If you want load the new signatures immediately (without updating other signatures) you should execute signatures.php rn=0 sa=0 se=0 ma=0 ff=0

[SonServers]

I have a customer working with delaying that asked me a couple questions I don't know the answer to.

1. In the delaying log, he's asking what happens to the messages with the blue "E" (embargo) icons. Is there any way to know if they ever got delivered or not? Do they change to another type if status after a time?

2. Is there a way to get any other statistics over a longer period of time?
He would like to report back to the users the ratio of good
emails to spam email as well as how many emails (%) that the Grey List is
blocking. However, even having the log set up high, the info still falls
off too quickly for him.

[Radio_Head]

I have a customer working with delaying that asked me a couple questions I don't know the answer to.

1. In the delaying log, he's asking what happens to the messages with the blue "E" (embargo) icons. Is there any way to know if they ever got delivered or not? Do they change to another type if status after a time?

2. Is there a way to get any other statistics over a longer period of time?
He would like to report back to the users the ratio of good
emails to spam email as well as how many emails (%) that the Grey List is
blocking. However, even having the log set up high, the info still falls
off too quickly for him.

Point 1 is explained in the "help" section of your client ASSP Deluxe frontend (How does work the Delaying filter (Greylisting) ?) . If after reading that description you have still doubts email me at daniolo@gmail.com for support with your licensed ip. Briefly, the sender MTA should resend the message AFTER the embargo time (or between the end of the embargo time and the max wait time) . If the sender MTA resend the message in this time interval the message will be accepted. If the sender MTA resend the message during the embargo time , it will be "invited" to resend.


As explained on post installation steps http://www.grscripts.com/howtofaq.html#16 , if the client has no idea about "delaying" filter I strongly recommend the usage of ASSP scoring instead of delaying.
Also note that there is no way to collect on spambox email which are not resent after a delaying request.

Regarding point 2 , you can have this information here
http://yourserverip:55555/infostats ,(even if these stats are not per user).

[norelidd]

I noticed that ASSP 1.5.1 is supported. Awesome!

Since 1.5.1 has SSL support built in, do you think you could get/post instructions on removing the SSL tunnel you describe in your FAQs?

[benito]

Hello!

Im getting this mail traffic from hotmail, i dont know how to stop it w/o blocking hotmail at all.

It happends every 5 minutes, ASSP restart every time.

[norelidd]

In the next hours or today (If all tests will pass) there will be an upgrade which will permit to enable SSL natively simply clicking a button on your ASSP WHM .

that's awesome. will it also remove the SSL tunnel described in http://www.grscripts.com/tweaking.html#03 ?

Do you need to remove that first in order to use ASSP's native SSL support? I would imagine you do.

I would love to be able to not use stunnel, since it has been causing my VPS to give me lots of warnings (just warnings, no real problems) about my IPs and DNS settings.