Imspector-dev - new gui options and msn2011 support

marcelloc

Hi all,

I'm working in some updates to imspector package. Help testing these changes if you need/like/usr this tool.
some options has changed / moved, backup your config before update.

Thanks,
Marcello Coutinho

settings.png_thumb

replacements.png_thumb

acls.png_thumb

acls_edit.png_thumb

sync.png_thumb

rahvin9999

Hi Marcello,

I know it is an old post but I wanted to leave some feedback

I installed IMspector-dev 20111108 pkg v 0.3.1
Because the normal IMspector package is not working.

Let me start by saying that the new layout is a big improvement
It Looks good and I can confirm that yahoo and MSN logging (to a file) works. For some reason ICQ/AIM and IRC do not seem to be logged
IRC is most likely because I use a server with SSL enabled
these are the protocols I use myself and could test, I did not try any of the other options

Second I tried playing around with the ACLS but it does not seem to be functioning at all.
I can fill in what I want here but it does not seem to do anything
even a direct Deny All does not work

I checked the config file in /usr/local/etc/imspector
which has

more imspector.conf
plugin_dir=/usr/local/lib/imspector
msn_protocol=on
icq_protocol=on
yahoo_protocol=on
irc_protocol=on
jabber_protocol=on
gadu-gadu_protocol=on
file_logging_dir=/var/imspector
acl_filename=/usr/local/etc/imspector/acls.txt
ssl=on
ssl_ca_key=/usr/local/etc/imspector/ssl/ssl_ca_key.pem
ssl_ca_cert=/usr/local/etc/imspector/ssl/ssl_ca_cert.pem
ssl_key=/usr/local/etc/imspector/ssl/ssl_server_key.pem
ssl_cert_dir=/usr/local/etc/imspector/ssl

So the config file has acl_filename=/usr/local/etc/imspector/acls.txt set which gets updated if you input something via the GUI
But even with a deny all all Set. Messages come trough. It seems that this file is ignored for some reason?

Next things to test are the notifications and the bad word lists.

Edit: forgot to mention that I use 2.0.1-RELEASE (i386)

marcelloc

did you enabled the list on gui?

what you have on acls.txt file?

rahvin9999

Yes in the Gui I enabled each and every Access List entry that i have tried

For example right now i have a deny all all activated

so if I list the file contents of acls.txt
more /usr/local/etc/imspector/acls.txt
deny all all

I can see the deny all alll. But it is not doing anything, messages are still going trough and are being logged.

Did a check if IMspector is reloading after each and every edit. It is, I can see it in the system log and I can see the messaging client(s) disconnect and then reconnect.

rahvin9999

Ok I have figured it out and all of this has to do how IMspector interprets the acls.txt file

deny all
deny all all
does not work

deny all
works

yahoo
deny localname remotename
works no @domain.xx needed

msn
deny localname remotename
does not work

deny local@domain.xx remote@domain.xx
works

Order
If you have allow all all set as the first rule, every deny rules after it will work
If you have deny all set as a rule, every allow rule that follows it will not work

I was initially confused by the deny all all not working so i think this covers that part.

What I also found is: when you add, modify or enable/disable a rule in the access list part of the GUI (or better said every time you click the save button) IMspector is automatically restarted. (good and easy but see my comments below)
However when I Delete a rule IMspector is not automatically restarted. which leaves the rule deleted in the GUI active in acls.txt/imspector until you restart IMspector manually.

as a comment on the auto restart:
The restart of IMspector disconnects all the clients (MSN,Yahoo and so on) that are connected trough it.
I see the advantage of the auto restart but if you are adding many rules or have to edit regularly I can imagine it can become quite tedious for the users.
One possible solution would be to add a restart button to the page. With the notice that you need to restart IMspector once you are done editing.

marcelloc

Thank's for the feedback,

I'll try to include it on next package release…

justinlc

I am still experiencing errors "ICQ-AIM: Error: Unable to parse snac packet, icq.20234.31" and the communication is not showing up in the log. Is there anything that can be done about that?

The IM client is trillian.

marcelloc

Current pfsense package has the latest snapshot code from imspector.

If it still need some fixes, we have to wait a next imspector release (http://www.imspector.org)

justinlc

Can the imspector-dev be compiled on a pfsense box? I would like to dump more information about why it can't parse. Maybe we can add the code ourselves.

marcelloc

@justinlc:

Can the imspector-dev be compiled on a pfsense box? I would like to dump more information about why it can't parse. Maybe we can add the code ourselves.

just compile the package on a freebsd 8.1 using ports

If you find what is going on, please help imspector project and send it o it's maintainer.
Will be really helpfull :)

justinlc

That is the problem. I am a windows programmer and have only very little knowledge about FreeBSD. I'd basically need some kind of (virtual) image that is ready for programming because I don't know how to install a full FreeBSD image from scratch and installing all the necessary components to end up with a box that is ready to test imspector.

marcelloc

maybe this post from haproxy can help you.

http://forum.pfsense.org/index.php/topic,42852.msg221708.html#msg221708