Goodbye, clamav

Today I removed clamav from my VPS, which was built into the mail service I run. There are a small number of users and a few thousand messages a week - I liked that I was probably offering some small protection to those people. However all have endpoint anti-virus and most are wise enough to know about malicious email attachments.

Adding fake ethernet headers to pcap files

Occasionally I see packet captures which have been saved as Raw IP, which can really mess up many of the tools developed to deal with pcap. Anything based on libnids, including the Perl module I maintain, cannot deal with it and will produce no (or bizarre) results. Wireshark displays these captures just fine, with “Raw packet data - no link information available” just above the IP layer.

Better than grep

Anybody who has used command-line systems for a serious amount of time will love grep. But today I stumbled across ack, which (for many things) is better than grep and a whole lot nicer to use. The best bit? It’s pure Perl, therefore also uses real Perl regular expressions. Yes, there might be grep --perl-regexp, but nobody bothers compiling that in. Plus ack has some other neat features. See more at the ack website.

Limiting command runtime in Linux

It is sometimes useful to limit the running time of a process, either to stop it from using up all resources or to make sure nightly cron jobs don’t continue into working hours. I needed this for rsync, to let a remote backup server slowly catch up if large amounts of data were added to the live server during the day. A useful post on the rsync mailing list discusses an rsync patch but also the timeout command.

dspam integration with dovecot

In a previous message I spoke about training dspam automatically. The script I posted there works, but it’s not brilliant so I started looking for other ways of achieving spam training from the client.

Training dspam from Thunderbird junk messages

Recently I have installed and configured dspam on my mailserver. It seems to work nicely but needs occasional training. I wanted to integrate this with Thunderbird so that users could automatically train dspam from their mail client.

Blocking SSH brute forcing using denyhosts

Tired of seeing repeated attempts to login to a Linux server you run? There are a number of options, all with their own benefits and disadvantages. The easiest way is to move the port that the SSH server runs on, perhaps to 2222 instead of 22. However. this can be annoying behind some firewalls and means that you need to specify the port each time you SSH to a host. This post looks at denyhosts, a viable alternative.

vim vs. Linux extended ACLs

Extended ACLs on Linux can be incredibly useful. Permissions can actually be more secure whilst allowing a number of users or daemons access to a file, no longer are unwieldy groups necessary to allow reading or writing. But for some reason, I noticed that these extended ACLs disappeared when a file was edited in vim.