Phishing Server Change
Thomas Lohman
thomasl at mtl.mit.edu
Wed Aug 23 15:40:59 UTC 2017
Hi Thom,
Thanks for the quick updates. It is working for me. I've attached a
patch against v0.2.0 with a few more site changes that may be of
interest to be incorporated in some manner into the project's script.
(1) Made the systemd service name settable at the top of the script in
case anyone has a different name for whatever reason.
(2) Added logic to determine what the syslog facility name should be set
to based on the MailScanner configuration files and changed 'mail' to
$SYSLOG throughout the script.
(3) Added additional logging if the either file downloaded is possibly
corrupt. Related to this, if the wget/curl combo fail for whatever
reason, I remove whatever may have been downloaded and log an error.
The script no longer exits and continues after setting a "got an error"
variable to 1. As currently written, the script should drop down and
get a another error when it sees that there is no bad/safe master file.
At that point, the {bad/safe}_updated boolean is set back to 0. At the
very end, exit returns whatever "got an error" is set to. I made these
changes since I wanted to be alerted if the file downloaded is possibly
corrupted but also wanted to give the script a chance to process the
safe sites even if the bad sites file had problems.
Anyhow, if you find any of this useful then feel free to incorporate the
changes in some manner.
cheers,
--tom
On 08/23/2017 12:46 AM, Thom van der Boon wrote:
> Hi all,
>
> Attached a new version of the ms-phising-script for testing
>
> What has changed:
>
> * Serious typo in the restart Mailscanner part
> * If one of the two custom files is changed, the script will
> regenerate the file and if configured restart mailscanner
> * Added support for restarting MailScanner on systemd systems
> * And various minor other enhancements
>
> Any feedback is highly appriciated
>
> Met vriendelijke groet, Best regards,
>
>
> Thom van der Boon
> E-Mail: thom at vdb.nl
>
>
>
> =====
>
>
>
> Thom.H. van der Boon b.v.
> Transito 4
> 6909 DA Babberich
> Tel.: +31 (0)88 4272727
> Fax: +31 (0)88 4272789
> Home Page: http://www.vdb.nl/
>
> ------------------------------------------------------------------------
> *Van: *"Thomas Lohman" <thomasl at mtl.mit.edu>
> *Aan: *mailscanner at lists.mailscanner.info
> *Verzonden: *Dinsdag 22 augustus 2017 19:06:16
> *Onderwerp: *Re: Phishing Server Change
>
> Hi Thom,
>
> I've attached a patch based off the copy of the script downloaded from
> the site that seems to be working for me. It should update the
> bad/safe conf files if either the date of the master or the custom
> file is newer than the conf file date.
>
> hopefully it is useful.
>
>
> --tom
>
>
> On 08/22/2017 10:44 AM, Thom van der Boon wrote:
>
> Hi Tom,
>
> It does not. Will incorporate that in the next version.
>
> Met vriendelijke groet, Best regards,
>
>
> Thom van der Boon
> E-Mail: thom at vdb.nl
>
>
>
> =====
>
>
>
> Thom.H. van der Boon b.v.
> Transito 4
> 6909 DA Babberich
> Tel.: +31 (0)88 4272727
> Fax: +31 (0)88 4272789
> Home Page: http://www.vdb.nl/
>
> ------------------------------------------------------------------------
> *Van: *"Thomas Lohman" <thomasl at mtl.mit.edu>
> *Aan: *mailscanner at lists.mailscanner.info
> *Verzonden: *Dinsdag 22 augustus 2017 16:41:59
> *Onderwerp: *Re: Phishing Server Change
>
> Hi,
>
> how does the script deal with the use case where the master has not
> changed on the remote site (thus no new copy is downloaded) but the
> custom file has changed since the last run? It looks like the
> changes
> to the custom file will not be merged into the
> phishing.safe.sites.conf/phishing.bad.sites.conf file unless
> safe_updated/bad_updated has been set to 1.
>
> thanks,
>
>
> --tom
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170823/499e9447/attachment.html>
-------------- next part --------------
--- ms-update-phishing-v0.2.0 2017-08-23 10:44:37.032965012 -0400
+++ ms-update-phishing 2017-08-23 11:24:46.687940476 -0400
@@ -28,6 +28,7 @@
BADURL='http://phishing.mailscanner.info/phishing.bad.sites.conf';
SAFEURL='http://phishing.mailscanner.info/phishing.safe.sites.conf';
MSSTARTSCRIPT='/etc/init.d/mailscanner';
+MSSERVICENAME='mailscanner.service';
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/etc:/usr/local/bin:/usr/sfw/bin
export PATH
@@ -41,11 +42,32 @@
exit 1
fi
+ms_conf_files=( $(ls conf.d/.) )
+for conf_file in ${ms_conf_files[*]}
+do
+ if [ "${conf_file}" != "README" ]; then
+ SYSLOG=`/usr/sbin/ms-peek SyslogFacility conf.d/${conf_file}`
+ if [ "$SYSLOG" != "" ]; then
+ break
+ fi
+ fi
+done
+
+if [ "$SYSLOG" == "" ]; then
+ SYSLOG=`/usr/sbin/ms-peek SyslogFacility MailScanner.conf`
+fi
+
+if [ "$SYSLOG" == "" ]; then
+ SYSLOG="mail"
+fi
+
# Load MailScanner Defaults
if [ -f $CONFIGDIR/defaults ] ; then
. $CONFIGDIR/defaults
fi
+gotAnError=0
+
if [ -z "$ms_cron_ps_restart" ]; then
echo 'ms_cron_ps_restart not found in defaults. Adding....'
echo '' >> $CONFIGDIR/defaults
@@ -88,7 +110,7 @@
#echo 'Found wget'
CURLORWGET='wget';
else
- logger -p mail.warn -t update.bad.phishing.sites Cannot find wget or curl, update failed. ; echo Cannot find wget or curl to do phishing sites update. ; exit 1
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites Cannot find wget or curl, update failed. ; echo Cannot find wget or curl to do phishing sites update. ; exit 1
fi
fi
@@ -109,6 +131,8 @@
else
#echo Check phishing.bad.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.bad.sites.conf.master
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites Downloaded bad phishing site master file is corrupt, update failed. ; echo "Downloaded bad phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
else
#echo Remote phishing.bad.sites.conf.master not newer than local copy.... everything OK
@@ -122,14 +146,15 @@
else
#echo Check phishing.bad.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.bad.sites.conf.master
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites Downloaded bad phishing site master file is corrupt, update failed. ; echo "Downloaded bad phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
fi
else
- logger -p mail.warn -t update.bad.phishing.sites Updating using curl failed, trying wget. ; echo Updating using curl failed, trying wget. ; CURLORWGET = 'wget';
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites Updating using curl failed, trying wget. ; echo Updating using curl failed, trying wget. ; CURLORWGET = 'wget';
fi
fi
-
if [ $CURLORWGET = 'wget' ]; then
echo Trying wget....
wget -q --user-agent="msv5 Update Script v0.2.0" --no-check-certificate -N $BADURL.master
@@ -144,6 +169,8 @@
else
#echo Check phishing.bad.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.bad.sites.conf.master
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites Downloaded bad phishing site master file is corrupt, removing it. ; echo "Downloaded bad phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
else
#echo Remote phishing.bad.sites.conf.master not newer than local copy.... everything OK
@@ -157,10 +184,14 @@
else
#echo Check phishing.bad.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.bad.sites.conf.master
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites Downloaded bad phishing site master file is corrupt, removing it. ; echo "Downloaded bad phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
fi
else
- logger -p mail.warn -t update.bad.phishing.sites Updating using curl and wget failed. ; echo Updating using curl and wget failed. ; exit 1;
+ rm -f $CONFIGDIR/phishing.bad.sites.conf.master
+ logger -p $SYSLOG.warn -t update.bad.phishing.sites The curl/wget download of the bad phishing site master file failed. Removing whatever was downloaded.; echo The curl/wget download of the bad phishing site master file failed. Removing whatever was downloaded.;
+ gotAnError=1
fi
fi
@@ -179,9 +210,11 @@
mv -f phishing.bad.sites.conf.new phishing.bad.sites.conf
chmod a+r phishing.bad.sites.conf
#echo Creation of fresh phishing.bad.sites.conf is OK
- logger -p mail.info -t update.bad.phishing.sites Phishing bad sites list updated
+ logger -p $SYSLOG.info -t update.bad.phishing.sites Phishing bad sites list updated
else
- logger -p mail.info -t update.bad.phishing.sites Phishing bad sites list update failed!
+ logger -p $SYSLOG.info -t update.bad.phishing.sites The phishing bad sites master file does not exist or is not readable. Update failed! ; echo "The phishing bad sites master file does not exist or is not readable. Update failed!" ;
+ gotAnError=1
+ bad_updated=0
fi
fi
@@ -202,6 +235,8 @@
else
#echo Check phishing.safe.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.safe.sites.conf.master
+ logger -p $SYSLOG.warn -t update.safe.phishing.sites Downloaded safe phishing site master file is corrupt, update failed. ; echo "Downloaded safe phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
else
#echo Remote phishing.safe.sites.conf.master not newer than local copy.... everything OK
@@ -215,10 +250,12 @@
else
#echo Check phishing.safe.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.safe.sites.conf.master
+ logger -p $SYSLOG.warn -t update.safe.phishing.sites Downloaded safe phishing site master file is corrupt, update failed. ; echo "Downloaded safe phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
fi
else
- logger -p mail.warn -t update.safe.phishing.sites Updating using curl failed, trying wget. ; echo Updating using curl failed, trying wget. ; CURLORWGET = 'wget';
+ logger -p $SYSLOG.warn -t update.safe.phishing.sites Updating using curl failed, trying wget. ; echo Updating using curl failed, trying wget. ; CURLORWGET = 'wget';
fi
fi
@@ -236,6 +273,7 @@
else
#echo Check phishing.safe.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.safe.sites.conf.master
+ logger -p $SYSLOG.warn -t update.safe.phishing.sites Downloaded safe phishing site master file is corrupt, removing it. ; echo "Downloaded safe phishing site master file is corrupt, removing it." ;
fi
else
#echo Remote phishing.safe.sites.conf.master not newer than local copy.... everything OK
@@ -249,10 +287,14 @@
else
#echo Check phishing.safe.sites.conf.master failed: It looks corrupt
rm -f $CONFIGDIR/phishing.safe.sites.conf.master
+ logger -p $SYSLOG.warn -t update.safe.phishing.sites Downloaded safe phishing site master file is corrupt, removing it. ; echo "Downloaded safe phishing site master file is corrupt, removing it." ;
+ gotAnError=1
fi
fi
else
- logger -p mail.warn -t update.safe.phishing.sites Updating using curl and wget failed. ; echo Updating using curl and wget failed. ; exit 1;
+ rm -f $CONFIGDIR/phishing.safe.sites.conf.master
+ logger -p $SYSLOG.warn -t update.safe.phishing.sites The curl/wget download of the safe phishing site master file failed. Removing whatever was downloaded.; echo The curl/wget download of the safe phishing site master file failed. Removing whatever was downloaded.;
+ gotAnError=1
fi
fi
@@ -271,9 +313,11 @@
mv -f phishing.safe.sites.conf.new phishing.safe.sites.conf
chmod a+r phishing.safe.sites.conf
#echo Creation of fresh phishing.safe.sites.conf is OK
- logger -p mail.info -t update.safe.phishing.sites Phishing safe sites list updated
+ logger -p $SYSLOG.info -t update.safe.phishing.sites Phishing safe sites list updated
else
- logger -p mail.info -t update.safe.phishing.sites Phishing safe sites list update failed!
+ logger -p $SYSLOG.info -t update.safe.phishing.sites The phishing safe sites master file does not exist or is not readable. Update failed! ; echo "The phishing safe sites master file does not exist or is not readable. Update failed!" ;
+ gotAnError=1
+ safe_updated=0
fi
fi
@@ -283,19 +327,19 @@
if [ $updated -ge 1 ]; then
if [ "$ms_cron_ps_restart" = "1" ]; then
if [ ! -f /var/lock/subsys/MailScanner.off ]; then
- logger -p mail.info -t ms-update-phishing reload MailScanner....
+ logger -p $SYSLOG.info -t ms-update-phishing reload MailScanner....
if [ -d /etc/systemd ]; then
- systemctl reload mailscanner.service > /dev/null 2>&1
+ systemctl reload $MSSERVICENAME > /dev/null 2>&1
if [ $? != 0 ] ; then
#echo "MailScanner reload failed - Retrying..."
- systemctl reload mailscanner.service > /dev/null 2>&1
+ systemctl reload $MSSERVICENAME > /dev/null 2>&1
if [ $? != 0 ] ; then
#echo "Stopping MailScanner..."
- systemctl stop mailscanner.service
+ systemctl stop $MSSERVICENAME
#echo "Waiting for a minute..."
perl -e "sleep 60;"
#echo "Attemping to start MailScanner..."
- systemctl start mailscanner.service
+ systemctl start $MSSERVICENAME
fi
fi
else
@@ -319,4 +363,4 @@
fi
fi
-exit 0
+exit ${gotAnError}
More information about the MailScanner
mailing list