What are these crontab programs doing?

Hey Scott,

Trust us.

Just kidding, of course. I agree that they should all be documented, and I'll make sure they get documented in the new Virtualmin wiki.

In the meantime, here's a rundown of exactly what they all do, and identifies the two that phone home and why:

/etc/webmin/virtual-server/sendratings.pl - Updates Install Script ratings (the little star indicators). This is so your users can know what the best rated scripts are. Disabling it is harmless, but you won't get ratings and your ratings won't be applied to the Virtualmin.com total. It's just a fun feature that we think gives some extra value to the Install Scripts module--it helps answer the question, that I'm sure many of your users have, "Which wiki/blog/whatever script is the most popular one?". This script phones home (home being Virtualmin.com) periodically, and only shares ratings data. Ideally we'll add a way to review scripts in more detail on Virtualmin.com in the not too distant future.

/etc/webmin/virtual-server/spamclear.pl - Deletes old spam from users spam folders, if they've opted to do so. Disabling it means your users need to manually empty their spam folder periodically (or just take up a lot of space). It is likely this will also become a "learning" tool so that everyones spam is used to train a system-wide, and possibly world-wide, statistical analysis tool, like the Bayesian filter in SpamAssassin or CRM114 (in the future). It does not phone home, but we may add an option to have it phone home for aggregated anonymized corpus support (gmail is so good with spam prevention because they have so many users helping refine their filters...Virtualmin email users number in the tens of thousands now, and that'll only increase going forward...it could be a very effective mechanism for spotting spam).

/etc/webmin/virtual-server/maillog.pl - Analyses mail usage for the new mail reporting features. Disabling it means you won't be able to use the mail reporting features. These will be getting quite a bit more advanced over time. This does not phone home and will never have any reason to do so.

/etc/webmin/virtual-server/spamconfig.pl - I'm actually not sure why this is a cronjob rather than a one-time thing on SpamAssassin config updates, but I assume Jamie knows better than I when it needs to run to keep things spinning nicely. I guess it's to allow editing of the file directly. Basically it syncs up changes from the global config to the per-domain configs. It does not phone home and would never have any reason to do so.

/etc/webmin/virtual-server/collectinfo.pl - Builds the database from which the System Information page is built. If you disable it, system information will not be up to date, or will be built from scratch every time you load the page. It doesn't phone home, currently, but probably will in the future to enable a number of monitoring tools we're building for Virtualmin.com. The monitoring stuff will be optional, but we believe it'll be very useful (and actually mirrors, for free, a major feature of one of our upcoming products).

/etc/webmin/virtual-server/fcgiclear.pl - Cleans up old fcgi processes. This is a side effect of a few buggy mod_fcgid versions and php scripts out there. We'll hopefully get to the point where this script never finds anything to prune among the scripts that we install, but we'll never have control over all scripts and applications that might need minding. If you aren't seeing fcgi processes hanging around for a long time, disabling it is harmless. If you find that a few days later, you have dozens or hundreds of stray fcgi/php scripts hanging around, you might consider re-enabling it. Obviously, this has no reason to phone home.

/etc/webmin/virtual-server/licence.pl - This one keeps up with your license. Disabling it will trigger a license warning on the System Information page. It's going to become more interesting in the near future, as we begin integrating our license manager with the new status monitoring application mentioned above. This script phones home periodically, but only sends/receives license data. Disabling it is going to confuse our licensing system and cause problems with updates, so even if you disable everything else, you need to keep this one running.

In short, we're not getting all up in your business. ;-)

All but the licence.pl are doing minor housekeeping work so that you don't have to do it manually (or so that you don't have to wait while it happens in real-time whenever you load a page). licence.pl takes the place of more intrusive mechanisms of license checks that our competitors use (as you may know, ours doesn't shut down your system in the event of an expired license, and we don't tie you to specific IP and make you call us or contact us to move to another server). In fact, if you've ever had to think about our licensing mechanisms (aside from paranoia over the cronjob), then we consider it a bug and we'll figure out how to make it less obtrusive.

Holler if clarity is lacking on any of these. We're not hiding anything (and the source is all there, so anyone who thinks we might be hiding something sinister can dig in for a closer look).

Well,
THe liscense should be self explainatory ;-)

liscense verification and compliance

I think it's a good trait to be security conscious, there's a lot to watch out for on the Net.

Of all the programs Webmin/Virtualmin installs and runs as root, I'm curious why you're concerned about these 7 in particular. I hadn't run across any general documentation on the ones run as root from within the webmin daemon, have you had a chance to audit them?
-Eric

If Joe and Jamie have 240 hours a day and their stomach can convert air into nutrients for the body, I'm sure it will be documented in a flash... hand-carved into a 10-tonne stone block decorated with neon lights. ;-)