OpenEFA v1.5.4

🚀 What's New

This release brings enterprise-grade security features with the simplicity of a one-command update.

🔒 Advanced Phishing Detection

HTML Attachment Analyzer

• Credential theft detection
  Identifies password, SSN, and credit card harvesting attempts in HTML attachments
• Hidden iframe detection
  Catches drive-by download attempts and invisible tracking elements
• Brand impersonation detection
  Recognizes spoofing of Microsoft, PayPal, Chase, and other major brands
• High-risk URI analysis
  Flags suspicious TLDs (.tk, .ml), URL shorteners, and IP-based links
• Dynamic threat scoring
  Adds 10-40 points to spam score based on threat severity

🌍 Geographic Email Blocking (GeoIP2)

• Country-based blocking
  Block emails from high-risk countries using IP geolocation
• Optional installation
  Prompted during fresh installs, can be skipped if not needed
• No license required
  Uses free GeoLite2 database (Creative Commons licensed)
• Easy configuration
  Add country blocking rules via SpacyWeb dashboard with 2-letter ISO codes (RU, CN, KP, IR, NG, etc.)
• Complementary protection
  Works alongside existing domain and sender blocking rules

🛡️ Enhanced Security Controls

Release Restrictions

• Administrator-only release
  Emails with spam scores ≥90 can now only be released by administrators
• Client user blocking
  Client users are blocked from releasing critical threat emails (403 Forbidden)
• Security audit logging
  All unauthorized release attempts are logged for security audit
• Clear error messaging
  Directs users to contact administrators when blocked

System Information Page

• Superadmin-only access
  Shows OpenEFA version and component details
• System details
  Displays VERSION, hostname, OS, Python version
• Real-time component status
  SpaCy, ClamAV, Redis, and other service status
• Auto-refresh
  Updates every 30 seconds automatically

🎨 Dashboard Improvements

Blocking Rules Interface

• Dynamic placeholder text
  Input examples update based on selected rule type
• Country code examples
  Clear guidance showing RU=Russia, CN=China, KP=North Korea, IR=Iran, NG=Nigeria
• Context-sensitive help
  Inline explanations for each rule type
• Improved rule type badges
  Visual distinction between domain, sender, and country rules

Quarantine Dashboard

• Renamed "Virus Detected" to "Security Threats"
  Now includes viruses, malicious URIs, BEC attempts, and phishing
• Fixed "Expiring Soon" calculation
  Was incorrectly showing 6 on fresh installs, now shows accurate count based on retention policy
• Removed broken "Advanced Settings" card
  Eliminated non-functional dashboard element

🐛 Bug Fixes

Installation & Updates

• Fixed success message formatting
  Removed broken ANSI color codes from install completion message
• SMS notification permissions
  Corrected permissions for notifications.log and notification_config.json
• Test email improvements
  Proper domain configuration, FQDN HELO, visible output
• VERSION file deployment
  Now persists to /opt/spacyserver/ for system information display
• VERSION file parsing
  Fixed display showing raw file content instead of clean version number

Update System

• Backward compatibility
  update.sh now handles both old (plain version) and new (VERSION=x.x.x) file formats
• Deployed to /opt/spacyserver/tools/
  Persistent location, easy to remember
• Graceful error handling
  Clear messages when updates aren't needed or network issues occur

Uninstallation

• Self-contained uninstall script
  No external dependencies, works from /root/openefa-uninstall.sh
• Recognizable naming
  Clear location and purpose
• All functions embedded
  No lib/ directory requirements

📦 Installation & Upgrade

Fresh Installation

curl -sSL http://install.openefa.com/install.sh | sudo bash

During installation, you'll now be prompted to enable GeoIP2 geographic blocking (optional).

Upgrading Existing Installation

It's this easy:

sudo /opt/spacyserver/tools/update.sh

The smart update script will:

1. ✅ Check your current version
2. ✅ Download the latest release from GitHub
3. ✅ Create automatic backup before updating
4. ✅ Deploy new features and fixes
5. ✅ Restart services automatically
6. ✅ Provide rollback option if needed

🔧 What's Under the Hood

Files Added/Modified (v1.5.4)

• NEW: openefa-files/modules/html_attachment_analyzer.py (696 lines)
• NEW: openefa-files/web/templates/system_info.html
• UPDATED: lib/modules.sh (GeoIP2 installation, HTML analyzer deployment)
• UPDATED: lib/services.sh (notification permissions fix)
• UPDATED: lib/validation.sh (test email improvements)
• UPDATED: openefa-files/email_filter.py (HTML attachment integration)
• UPDATED: openefa-files/web/app.py (system info route, VERSION parsing)
• UPDATED: openefa-files/web/auth.py (release restrictions)
• UPDATED: openefa-files/web/templates/quarantine.html (Security Threats rename)
• UPDATED: openefa-files/web/templates/config_dashboard.html (removed broken Advanced Settings)
• UPDATED: openefa-files/web/templates/blocking_rules_config.html (dynamic country examples)
• UPDATED: openefa-files/tools/update.sh (VERSION format compatibility)

📊 Testing & Validation

This release has been extensively tested on:

• ✅ Production: 192.168.50.58 (openspacy)
• ✅ Test: 192.168.50.66 (ubtemplate)
• ✅ Fresh install validation
• ✅ Upgrade path validation (1.5.3 → 1.5.4)

🙏 Credits

Third-Party Data

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com

Community

Thank you to everyone testing, reporting issues, and contributing to OpenEFA!

📚 Documentation

• Installation Guide: Installation Documentation
• System Management: System Management Guide
• Release Notes: Full Changelog v1.5.4

🌟 What's Next?

We're continuing to enhance OpenEFA with:

• Additional phishing detection techniques
• Enhanced reporting and analytics
• Performance optimizations
• Community-requested features

💬 Get Involved

• Forum: https://forum.openefa.com
• GitHub: https://github.com/openefaadmin/openefa-installer
• Documentation: https://docs.openefa.com

Found a bug? Report it on our GitHub Issues page.
Have a feature request? Start a discussion on our forum!