aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-12-01 22:31:33 +0100
committerdoktornotor <notordoktor@gmail.com>2015-12-01 22:31:33 +0100
commit9c69bdb1fa2c86ddd80115c0c7d1a1c29cf2cd78 (patch)
tree9f523c0ebc603cdd96b2c6ecc382db7c7277e03e
parent26f41b6b1136ac5216cd748c6e5e5254275c88a5 (diff)
downloadpfsense-packages-9c69bdb1fa2c86ddd80115c0c7d1a1c29cf2cd78.tar.gz
pfsense-packages-9c69bdb1fa2c86ddd80115c0c7d1a1c29cf2cd78.tar.bz2
pfsense-packages-9c69bdb1fa2c86ddd80115c0c7d1a1c29cf2cd78.zip
Add option to disable AV scanning of streamed audio/video
-rw-r--r--config/squid3/34/squid_antivirus.inc24
1 files changed, 24 insertions, 0 deletions
diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc
index e22ae039..4bf9ea59 100644
--- a/config/squid3/34/squid_antivirus.inc
+++ b/config/squid3/34/squid_antivirus.inc
@@ -348,6 +348,28 @@ EOF;
if (!file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
log_error("[squid] Could not save generated {$cf} file!");
}
+ if ($antivirus_config['clamav_disable_stream_scanning'] == "on") {
+ $stream_exclude = <<< EOF
+# Do not scan (streamed) videos and audios
+abort ^.*\.(flv|f4f|mp(3|4))(\?.*)?$
+abort ^.*\.(m3u|pls|wmx|aac|mpeg)(\?.*)?$
+abortcontent ^video\/x-flv$
+abortcontent ^video\/mp4$
+abortcontent ^audio\/mp4$
+abortcontent ^.*audio\/mp4.*$
+abortcontent ^video\/webm$
+abortcontent ^audio\/webm$
+abortcontent ^video\/MP2T$
+abortcontent ^audio\/wmx$
+abortcontent ^audio\/mpeg$
+abortcontent ^audio\/aac$
+abortcontent ^.*application\/x-mms-framed.*$
+
+EOF;
+ if (!file_put_contents("{$cf}", "{$stream_exclude}", FILE_APPEND | LOCK_EX)) {
+ log_error("[squid] Could not add streaming exclusions to {$cf} file!");
+ }
+ }
} else {
log_error("[squid] Template not found; could not generate '{$cf}' file!");
}
@@ -468,6 +490,8 @@ function squid_antivirus_install_config_files() {
} else {
$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";
}
+ $squidclamav_m[3] = "@dnslookup\s1@";
+ $squidclamav_r[3] = "dnslookup 0";
if (!file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
}