Bugs/Features - ISSUES

0000898: Add support for 255.255.255.255 netmask on non-PPP network interfaces

From time to time, we have seen non-PPP network interfaces configured with 255.255.255.255 netmasks. Though it is certainly unusual (and broken?), adding support for this configuration is likely trivial.

0001008: /usr/sbin/filtertraining has obvious bug

Following code block trains ham messages to be treated as spam:

if [ -e "$NOTSPAM_WEBCLIENT" ]; then
chmod 440 $NOTSPAM_WEBCLIENT*
chown root.amavis $NOTSPAM_WEBCLIENT*
echo "SpamAssassin - training notspam from $NOTSPAM_WEBCLIENT*"
su -l amavis -s /bin/sh -c "/usr/bin/sa-learn --progress --spam $NOTSPAM_WEBCLIENT* --dbpath $SPAMDBDIR"
fi

line should have a --ham switch, not --spam

0001006: Flexshare Require SSL with FTP does not work

If you enable require SSL on the FTP it is not possible to connect. I've worked out this is because the Limit is denying all commands other than the ones specified and without PROT being allowed the FTP client cannot connect because it cannot specify encryption.

This can be fixed by changing this line in Flexshare.class.php

$newlines[] = "\t";

to

$newlines[] = "\t";

As changing it manually in the flex2123.conf file which is made is pointless as it gets overwritten anytime a change is made in the webconfig.

0000487: Default ping packet size may cause ping to fail on certain ISPs (Big Pond)

The size of the ping packet used by the system watch software can cause grief with some Internet Service Providers. The ping failure will cause syswatch to restart the firewall every couple of minutes.

0000941: Add smart MX Backup configuration

Since spammers use MX Backup servers to send their nasty messages ( see http://wiki.apache.org/spamassassin/OtherTricks [^] ), having an "on demand" MX Backup service would be ideal. When the port monitoring service detects that port 25 is offline, the MX backup service should be enabled on demand. Conversely, when port 25 is back online the MX backup service would be disabled.

0000220: Add chkrootkit to suite of audit tools

See subject.

0000890: Add simple checkbox to block packets destined to private IP ranges (e.g. 192.168.x.x)

In many situations, it is desirable to block packets destined to private IP ranges (e.g. 192.168.0.0/16) from going out the external network interface. In some situations this policy would be harmful; common scenarios:

- Some ISP use private IP ranges inside their networks. For example, it is not unusual to see DNS servers on 10.x.x.x even though the ClarkConnect system has a real public IP.

- Installations on large private networks (e.g. a campus network) should allow outbound connections to private networks.

- Modem/router hardware with NAT enabled often sits in front of the ClarkConnect system. Accessing the management console / web interface might be impossible if private IP ranges are blocked.

0000933: LDAP Database can be lost when hostname is changed

When the hostname is changed using the Web configuration tool, the LDAP database was either corrupted or not correctly updated with the new hostname details. This meant that usage of the Web Proxy, IMAP, Webmail is impossible.
the web configuration tool also lost records of all users. Fortunately I was able to re-add all 3 of my users with no data lost.

0001005: GUI freeze when i change ip interface

the GUI freeze after i change the ip interface

0001004: Snortsam is not restarting after a prolonged outage of eth0 (WAN)

Snortsam is not restarting after a prolonged outage of eth0 (WAN) network connection outage (i.e., disconnected ethernet cable, ISP reset of cable modem, or pretty much anytime syswatch resets the dhcp client). Possible causes/solutions include flagging the status of snortsam within syswatch before the outage, or configuring the snortsam start script to utilize a file in /var/run/subsys (daemon style). I have posted a modified syswatch script (ugly, but it works) at http://derrik.net/cc5/syswatch_derrik. [^]

0001003: Country data in the 4.x LDAP system may cause 5.x conversion to fail

The LDAP schema in version 5.0 will only allow two-letter country codes in the user object. By default, this is the data format that is used, but an administrator can manually override it.

0001002: One (of 2) sample URL's to access Flexshare HTTP does not work

Subdomain web alias for accessing web-based Flexshare does not work.

See: http://forums.clarkconnect.com/showflat.php?Cat=0&Number=118996&an=0&page=0#Post118996 [^]

0001000: Mail quarantine does not release mail properly

It has been reported that the mail quarantine system does not release mail properly.

0000999: IPsec VPN will fail if a lot (60+) protocol filter rules are enabled

IPsec VPN will fail if a lot (60+) protocol filter rules are enabled. There is an overlap in the firewall mark number that causes this to happen.

0000998: Upgrade may miss change in /etc/ipsec.secrets file

The upgrade does not detect old versions of the /etc/ipsec.secrets file properly.

0000997: Multi-PPPoE connections may not work due to network card swapping

When a PPPoE configuration is performed, two network configuration files are written (PPPoE... sigh).:

ifcfg-ethX
ifcfg-pppX

The ifcfg-ethX is the underlying hardware network interface that handles the PPPoE connection. This file *should* contain the HWADDR parameter. Without this parameter, you may see your network card order swapping around (e.g. eth0 becoming eth1 and vice versa).

0000996: Group based filtering rules

I would like to have filtering rules that different for different user groups.

What I would like to achieve is to have a 'Teachers' group and a 'Students' group and to define filtering settings for each group. I would also like to deny access to the internet to any use not in either of these groups.

I am aware that there is a current feature that allows a similar effect (all be it that I can't figure out how to work it, either that or there is a bug there) but I can see that this method has a potential for high administrative overhead when creating new users.

0000995: DansGuardian - 400 Bad Request

When a web page is blocked by the content filter, in proxy mode (with user authentication in this case) you don't get the blocked page, but an error:

"DansGuardian - 400 Bad Request"

I mucked about with things for awhile and using my noodle discovered that adding the servers IP address into the whitelist for the content filter allowed the block page to show correctly. I would expect that this should be configured by default preferably in such a way that it can't be removed (i.e. in a config file not connect to WebConfig).

0000681: E-mail summary is count the mail triple

When i check my reports i see that all mail is counted triple in the e-mail summary.
System is running on 4.0 Enterprice and i did a clean install.
I'm running Spamassasin, Dspam and Amavis. Maybe this is the problem.

0000888: Add support for Latin Characters in Disclaimer

Currently is not possible to add disclaimer with Latin characters: ç, ã, á ...

0000727: Add support for authenticating against Microsoft Active Directory and/or PDCs

Many users have asked for the content filter to authenticate against an existing Microsoft Active Directory and/or domain controllers.

0000993: Flexshare delete confirmation broken

The Flexshare delete confirmation is broken. If you go to delete a flexshare, hit cancel, and then hit delete again, you will lose any flexshares stored in /var/flexshare/shares This... is bad.

0000990: Mac OS X cannot authenticate to Samba PDC

Mac OS X cannot authenticate to the Samba PDC. You will see NT_STATUS_ACCESS_DENIED in the logs when this issue occurs.

0000992: Flexshare FTP access does not allow PWD on the flexshare base directory

Some FTP clients (notably, FileZilla) will fail if they are not permitted to do a PWD on the base directory.

0000988: yum update turns Community into Enterprise

Running yum update on CC 5.0 turns it into Enterprise 5.0