dansguardian - more updates, almost done

5 files changed, 1262 insertions, 9 deletions

diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
new file mode 100755
index 00000000..bbee18a3
--- /dev/null
+++ b/config/dansguardian/dansguardian.inc
@@ -0,0 +1,1253 @@
+<?php
+/*
+	dansguardian.inc
+	part of the Dansguardian package for pfSense
+	Copyright (C) 2012 Marcello Coutinho
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+require_once("util.inc");
+require("globals.inc");
+#require("guiconfig.inc");
+
+
+function dg_text_area_decode($text){
+	return preg_replace('/\r\n/', "\n",base64_decode($text));	
+}
+
+function sync_package_dansguardian() {
+	global $config;
+
+	#assign xml arrays
+	if (is_array($config['installedpackages']['dansguardian']))
+		$dansguardian=$config['installedpackages']['dansguardian']['config'][0];
+	if (is_array($config['installedpackages']['dansguardianconfig']))
+		$dansguardian_config=$config['installedpackages']['dansguardianconfig']['config'][0];
+	if (is_array($config['installedpackages']['dansguardianlimits']))
+		$dansguardian_limits=$config['installedpackages']['dansguardianlimits']['config'][0];
+	if (is_array($config['installedpackages']['dansguardianlog']))
+		$dansguardian_log=$config['installedpackages']['dansguardianlog']['config'][0];
+	
+	#daemon options
+	$dansguardian_enabled=$dansguardian['enable_dg'];
+	$filterports=($dansguardian['filterports']?$dansguardian['filterports']:"8080");
+	$softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no");
+	$nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"no");
+	if ($dansguardian['children'])
+		list($min_children,$max_children) = split ("/", $dansguardian['children'], 2);
+	else
+		list($min_children,$max_children) = split ("/", "8/120", 2);
+	if ($dansguardian['sparechildren'])
+		list($min_spare_children,$max_spare_children) = split ("/", $dansguardian['sparechildren'], 2);
+	else
+		list($min_spare_children,$max_spare_children) = split ("/", "8/64", 2);	
+	$maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500");
+	$maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0");
+
+	
+	#general options
+	$urlcachenumber=($dansguardian_config['urlcachenumber']?$dansguardian_config['urlcachenumber']:"1000");
+	$urlcacheage=($dansguardian_config['urlcacheage']?$dansguardian_config['urlcacheage']:"900");
+	$scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"yes":"no");
+	$hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"yes":"no");
+	$forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"yes":"no");
+	$reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"yes":"no");
+	$reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"yes":"no");
+	$logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"yes":"no");
+	$createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"yes":"no");
+	$prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"yes":"no");
+	$deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"yes":"no");
+	$weightedphrasemode=($dansguardian_config['weightedphrasemode']?$dansguardian_config['weightedphrasemode']:"2");
+	$phrasefiltermode=($dansguardian_config['phrasefiltermode']?$dansguardian_config['phrasefiltermode']:"2");
+	$preservecase=($dansguardian_config['preservecase']?$dansguardian_config['preservecase']:"0");
+	$clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"yes":"no");
+	$icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"yes":"no");
+	$contentscannertimeout=($dansguardian_config['contentscannertimeout']?$dansguardian_config['contentscannertimeout']:"60");
+	$contentscanexceptions=($dansguardian_config['contentscanexceptions']?"on":"off");
+	$recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"yes":"no");
+	$forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"yes":"no");
+	$recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"yes":"no");
+	$usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"yes":"no");
+	
+	#limits
+	$maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1");
+	$maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256");
+	$maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"2000");
+	$maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"1000");
+	$initialtrickledelay=($dansguardian_limits['initialtrickledelay']?$dansguardian_limits['initialtrickledelay']:"20");
+	$trickledelay=($dansguardian_limits['trickledelay']?$dansguardian_limits['trickledelay']:"20");
+	
+	#report and log
+	$reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3");
+	$reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish");
+	$showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off");
+	$usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off");
+	$usecustombannedimage=(preg_match('/usecustombannedimage/',$dansguardian_log['report_options'])?"on":"off");
+	$nonstandarddelimiter=(preg_match('/nonstandarddelimiter/',$dansguardian_log['report_options'])?"on":"off");
+	
+	$logchildprocesshandling=(preg_match('/logchildprocesshandling/',$dansguardian_log['logging_options'])?"on":"off");
+	$logconnectionhandlingerrors=(preg_match('/logconnectionhandlingerrors/',$dansguardian_log['logging_options'])?"on":"off");
+	$nologger=(preg_match('/nologger/',$dansguardian_log['logging_options'])?"on":"off");
+	$logadblocks=(preg_match('/logadblocks/',$dansguardian_log['logging_options'])?"on":"off");
+	$anonymizelogs=(preg_match('/anonymizelogs/',$dansguardian_log['logging_options'])?"on":"off");
+
+	$loglevel=($dansguardian_log['loglevel']?$dansguardian_log['loglevel']:"2");
+	$logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2");
+	$logfileformat=($dansguardian_log['logfileformat']?$dansguardian_log['logfileformat']:"1");
+	
+	/*
+Language Strings = %report-dir%/languages.conf
+*/
+	#check files
+	$load_samples=0;
+	$dansguardian_dir="/usr/local/etc/dansguardian";
+	
+	if($attachments['filename_rules'] == ""){
+		$config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filename.rules.conf.sample'));
+		$load_samples++;
+	}
+	if($attachments['filetype_rules'] == ""){
+		$config['installedpackages']['msattachments']['config'][0]['filetype_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filetype.rules.conf.sample'));
+		$load_samples++;
+	}
+	if($content['phishing_safe'] == ""){
+		$config['installedpackages']['mscontent']['config'][0]['phishing_safe']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.safe.sites.conf.sample'));
+		$load_samples++;
+	}
+	if($content['phishing_bad'] == ""){
+		$config['installedpackages']['mscontent']['config'][0]['phishing_bad']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.bad.sites.conf.sample'));
+		$load_samples++;
+	}	
+	if($content['country_domains'] == ""){
+		$config['installedpackages']['mscontent']['config'][0]['country_domains']=base64_encode(file_get_contents($dansguardian_dir.'/country.domains.conf.sample'));
+		$load_samples++;
+	}
+	if($antispam['sa_pref_file'] == ""){
+		$config['installedpackages']['msantispam']['config'][0]['sa_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.assassin.prefs.conf.sample'));
+		$load_samples++;
+	}
+	if($antispam['rbl_file'] == ""){
+		$config['installedpackages']['msantispam']['config'][0]['rbl_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.lists.conf.sample'));
+		$load_samples++;
+	}
+	if($antispam['mcp_pref_file'] == ""){
+		$config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf.sample'));
+		copy($dansguardian_dir.'/mcp/10_example.cf.sample',$dansguardian_dir.'/mcp/10_example.cf');
+		copy($dansguardian_dir.'/mcp/v320.pre.sample',$dansguardian_dir.'/mcp/v320.pre');
+		$load_samples++;
+	}
+	if($antispam['bounce'] == ""){
+		$config['installedpackages']['msantispam']['config'][0]['bounce']=base64_encode(file_get_contents($dansguardian_dir.'/rules/bounce.rules.sample'));
+		$load_samples++;
+	}
+	if($antispam['spam_whitelist'] == ""){
+		$config['installedpackages']['msantispam']['config'][0]['spam_whitelist']=base64_encode(file_get_contents($dansguardian_dir.'/rules/spam.whitelist.rules.sample'));
+		$load_samples++;
+	}
+	if($antispam['max_message_size'] == ""){
+		$config['installedpackages']['msantispam']['config'][0]['max_message_size']=base64_encode(file_get_contents($dansguardian_dir.'/rules/max.message.size.rules.sample'));
+		$load_samples++;
+	}
+	
+	$report_dir="/usr/local/share/dansguardian/reports/".strtolower($report['language']);
+	#CHECK REPORT FILES
+	$report_files= array('deletedbadcontent' => 'deleted.content.message.txt',
+						'deletedbadfilename' => 'deleted.filename.message.txt',
+						'deletedvirus' =>'deleted.virus.message.txt',
+						'deletedsize' => 'deleted.size.message.txt',
+						'storedbadcontent' => 'stored.content.message.txt',
+						'storedbadfilename' => 'stored.filename.message.txt',
+						'storedvirus' => 'stored.virus.message.txt',
+						'storedsize' =>  'stored.size.message.txt',
+						'disinfected' => 'disinfected.report.txt',
+						'sendercontent' => 'sender.content.report.txt',
+						'sendererror' => 'sender.error.report.txt',
+						'senderbadfilename' => 'sender.filename.report.txt',
+						'sendervirus' => 'sender.virus.report.txt',
+						'sendersize' => 'sender.size.report.txt',
+						'senderrbl' => 'sender.spam.rbl.report.txt',
+						'sendersa' => 'sender.spam.sa.report.txt',
+						'sendermcp' => 'sender.mcp.report.txt',
+						'senderspam'=>'sender.spam.report.txt',
+						'recipientmcp'=>'recipient.mcp.report.txt',
+						'recipientspam'=>'recipient.spam.report.txt',
+						'rejection' =>'rejection.report.txt');
+	
+	foreach ($report_files as $key_r => $file_r){
+		if ($report[$key_r] == ""){
+			#$input_errors[]= $key;
+			$config['installedpackages']['msreport']['config'][0][$key_r]=base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample'));
+			file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX);
+			$load_samples++;
+			}
+		#print $key_r ."X $file_r X". base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')) ."<br>";
+		
+		if ($alert['sig']){
+			if($alert['sig_html'] == ""){
+				$config['installedpackages']['msalerts']['config'][0]['sig_html']=base64_encode(file_get_contents($report_dir.'/inline.sig.html'));
+				$load_samples++;
+				}
+			if($alert['sig_txt'] == ""){
+				$config['installedpackages']['msalerts']['config'][0]['sig_txt']=base64_encode(file_get_contents($report_dir.'/inline.sig.txt'));
+				$load_samples++;
+				}
+			}
+
+		if ($alert['warning']){
+			if($alert['warning_html'] == ""){
+				$config['installedpackages']['msalerts']['config'][0]['warning_html']=base64_encode(file_get_contents($report_dir.'/inline.warning.html'));
+				$load_samples++;
+				}
+			if($alert['warning_txt'] == ""){
+				$config['installedpackages']['msalerts']['config'][0]['warning_txt']=base64_encode(file_get_contents($report_dir.'/inline.warning.txt'));
+				$load_samples++;
+				}
+			}
+			
+			
+	}
+	#exit;
+	if($load_samples > 0)
+		write_config();
+
+		
+#create dansguardian.conf
+	$dg=<<<EOF
+# DansGuardian config file for version 2.12.0.0
+
+# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf
+
+
+# Web Access Denied Reporting (does not affect logging)
+#
+# -1 = log, but do not block - Stealth mode
+#  0 = just say 'Access Denied'
+#  1 = report why but not what denied phrase
+#  2 = report fully
+#  3 = use HTML template file (accessdeniedaddress ignored) - recommended
+#
+reportinglevel = {$reportlevel}
+
+# Language dir where languages are stored for internationalisation.
+# The HTML template within this dir is only used when reportinglevel
+# is set to 3. When used, DansGuardian will display the HTML file instead of
+# using the perl cgi script.  This option is faster, cleaner
+# and easier to customise the access denied page.
+# The language file is used no matter what setting however.
+#
+languagedir = '/usr/local/share/dansguardian/languages'
+
+# language to use from languagedir.
+language = '{$reportlanguage}'
+
+# Logging Settings
+#
+# 0 = none  1 = just denied  2 = all text based  3 = all requests
+loglevel = {$loglevel}
+
+# Log Exception Hits
+# Log if an exception (user, ip, URL, phrase) is matched and so
+# the page gets let through.  Can be useful for diagnosing
+# why a site gets through the filter.
+# 0 = never log exceptions
+# 1 = log exceptions, but do not explicitly mark them as such
+# 2 = always log & mark exceptions (default)
+logexceptionhits = {$logexceptionhits}
+
+# Log File Format
+# 1 = DansGuardian format (space delimited)
+# 2 = CSV-style format
+# 3 = Squid Log File Format
+# 4 = Tab delimited
+logfileformat = {$logfileformat}
+
+# truncate large items in log lines
+# 0 = no truncating (default)
+#maxlogitemlength = 0
+
+# anonymize logs (blank out usernames & IPs)
+anonymizelogs = {$anonymizelogs}
+
+
+# Syslog logging
+#
+# Use syslog for access logging instead of logging to the file
+# at the defined or built-in "loglocation"
+#logsyslog = off
+
+# Log file location
+# 
+# Defines the log directory and filename.
+#loglocation = '/var/log/access.log'
+
+
+# Statistics log file location
+#
+# Defines the stat file directory and filename.
+# Only used in conjunction with maxips > 0
+# Once every 3 minutes, the current number of IPs in the cache, and the most
+# that have been in the cache since the daemon was started, are written to this
+# file. IPs persist in the cache for 7 days.
+#statlocation = '/var/log/stats'
+
+
+# Network Settings
+# 
+# the IP that DansGuardian listens on.  If left blank DansGuardian will
+# listen on all IPs.  That would include all NICs, loopback, modem, etc.
+# Normally you would have your firewall protecting this, but if you want
+# you can limit it to a certain IP. To bind to multiple interfaces,
+# specify each IP on an individual filterip line.
+# You can have the same IP twice so long as it has a different port.
+filterip = {$filterip}
+
+# the ports that DansGuardian listens to.  Specify one line per filterip
+# line.  You can specify different authentication mechanisms per port but
+# only if the mechanisms can co-exist (e.g. basic/proxy auth can't)
+filterports = 8080
+#filterports = 8081
+{$filterports}
+
+# the ip of the proxy (default is the loopback - i.e. this server)
+proxyip = 127.0.0.1
+
+# the port DansGuardian connects to proxy on
+proxyport = 3128
+
+# Whether to retrieve the original destination IP in transparent proxy
+# setups and check it against the domain pulled from the HTTP headers.
+#
+# Be aware that when visiting sites which use a certain type of round-robin
+# DNS for load balancing, DG may mark requests as invalid unless DG gets
+# exactly the same answers to its DNS requests as clients.  The chances of
+# this happening can be increased if all clients and servers on the same LAN
+# make use of a local, caching DNS server instead of using upstream DNS
+# directly.
+#
+# See http://www.kb.cert.org/vuls/id/435052
+# on (default) | off
+#!! Not compiled !! originalip = on
+
+# accessdeniedaddress is the address of your web server to which the cgi
+# dansguardian reporting script was copied. Only used in reporting levels 1 and 2.
+#
+# This webserver must be either:
+#  1. Non-proxied. Either a machine on the local network, or listed as an exception
+#     in your browser's proxy configuration.
+#  2. Added to the exceptionsitelist. Option 1 is preferable; this option is
+#     only for users using both transparent proxying and a non-local server
+#     to host this script.
+#
+# Individual filter groups can override this setting in their own configuration.
+#
+accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
+
+# Non standard delimiter (only used with accessdeniedaddress)
+# To help preserve the full banned URL, including parameters, the variables
+# passed into the access denied CGI are separated using non-standard
+# delimiters. This can be useful to ensure correct operation of the filter
+# bypass modes. Parameters are split using "::" in place of "&", and "==" in
+# place of "=".
+# Default is enabled, but to go back to the standard mode, disable it.
+nonstandarddelimiter = {$nonstandarddelimiter}
+
+
+
+# Banned image replacement
+# Images that are banned due to domain/url/etc reasons including those
+# in the adverts blacklists can be replaced by an image.  This will,
+# for example, hide images from advert sites and remove broken image
+# icons from banned domains.
+# on (default) | off
+usecustombannedimage = {$usecustombannedimage}
+custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif'
+
+
+#Banned flash replacement
+usecustombannedflash = {$usecustombannedflash}
+custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf'
+
+
+
+# Filter groups options
+# filtergroups sets the number of filter groups. A filter group is a set of content
+# filtering options you can apply to a group of users.  The value must be 1 or more.
+# DansGuardian will automatically look for dansguardianfN.conf where N is the filter
+# group.  To assign users to groups use the filtergroupslist option.  All users default
+# to filter group 1.  You must have some sort of authentication to be able to map users
+# to a group.  The more filter groups the more copies of the lists will be in RAM so
+# use as few as possible.
+filtergroups = 1
+filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist'
+
+
+
+# Authentication files location
+bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist'
+exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist'
+
+# Per-Room blocking definition directory
+# A directory containing text files containing the room's name followed by IPs or ranges
+# Think of it as bannediplist on crack
+perroomblockingdirectory = '/usr/local/etc/dansguardian/lists/bannedrooms/'
+
+# Show weighted phrases found
+# If enabled then the phrases found that made up the total which excedes
+# the naughtyness limit will be logged and, if the reporting level is
+# high enough, reported. on | off
+showweightedfound = {$showweightedfound}
+
+# Weighted phrase mode
+# There are 3 possible modes of operation:
+# 0 = off = do not use the weighted phrase feature.
+# 1 = on, normal = normal weighted phrase operation.
+# 2 = on, singular = each weighted phrase found only counts once on a page.
+# 
+# IMPORTANT: Note that setting this to "0" turns off all features which
+# extract phrases from page content, including banned & exception
+# phrases (not just weighted), search term filtering, and scanning for
+# links to banned URLs.
+#
+weightedphrasemode = {$weightedphrasemode}
+
+
+
+# Positive (clean) result caching for URLs
+# Caches good pages so they don't need to be scanned again.
+# It also works with AV plugins.
+# 0 = off (recommended for ISPs with users with disimilar browsing)
+# 1000 = recommended for most users
+# 5000 = suggested max upper limit
+# If you're using an AV plugin then use at least 5000.
+urlcachenumber = {$urlcachenumber}
+#
+# Age before they are stale and should be ignored in seconds
+# 0 = never
+# 900 = recommended = 15 mins
+urlcacheage ={$urlcacheage} 
+
+
+
+# Cache for content (AV) scan results as 'clean'
+# By default, to save CPU, files scanned and found to be
+# clean are inserted into the clean cache and NOT scanned
+# again for a while.  If you don't like this then choose
+# to disable it.
+# on = cache results; do not re-scan
+# off = do not cache; always re-scan
+# (on|off) default = on.
+scancleancache = {$scancleancache}
+
+
+
+# Smart, Raw and Meta/Title phrase content filtering options
+# Smart is where the multiple spaces and HTML are removed before phrase filtering
+# Raw is where the raw HTML including meta tags are phrase filtered
+# Meta/Title is where only meta and title tags are phrase filtered (v. quick)
+# CPU usage can be effectively halved by using setting 0 or 1 compared to 2
+# 0 = raw only
+# 1 = smart only
+# 2 = both of the above (default)
+# 3 = meta/title
+phrasefiltermode = {$phrasefiltermode}
+
+# Lower casing options
+# When a document is scanned the uppercase letters are converted to lower case
+# in order to compare them with the phrases.  However this can break Big5 and
+# other 16-bit texts.  If needed preserve the case.  As of version 2.7.0 accented
+# characters are supported.
+# 0 = force lower case (default)
+# 1 = do not change case
+# 2 = scan first in lower case, then in original case
+preservecase = {$preservecase}
+
+# Note:
+# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase
+# filtering passes. If you have a large enough userbase for this to be a
+# worry, and need to filter pages in exotic character encodings, it may be
+# better to run two instances on separate servers: one with preservecase 1
+# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one
+# with preservecase 0 and ASCII/UTF-8 lists.
+
+
+
+# Hex decoding options
+# When a document is scanned it can optionally convert %XX to chars.
+# If you find documents are getting past the phrase filtering due to encoding
+# then enable.  However this can break Big5 and other 16-bit texts.
+# off = disabled (default)
+# on = enabled
+hexdecodecontent = {$hexdecodecontent}
+
+
+
+# Force Quick Search rather than DFA search algorithm
+# The current DFA implementation is not totally 16-bit character compatible
+# but is used by default as it handles large phrase lists much faster.
+# If you wish to use a large number of 16-bit character phrases then
+# enable this option.
+# off (default) | on (Big5 compatible)
+forcequicksearch = {$forcequicksearch}
+
+
+
+# Reverse lookups for banned site and URLs.
+# If set to on, DansGuardian will look up the forward DNS for an IP URL
+# address and search for both in the banned site and URL lists.  This would
+# prevent a user from simply entering the IP for a banned address.
+# It will reduce searching speed somewhat so unless you have a local caching
+# DNS server, leave it off and use the Blanket IP Block option in the
+# bannedsitelist file instead.
+reverseaddresslookups = {$reverseaddresslookups}
+
+
+
+# Reverse lookups for banned and exception IP lists.
+# If set to on, DansGuardian will look up the forward DNS for the IP
+# of the connecting computer.  This means you can put in hostnames in
+# the exceptioniplist and bannediplist.
+# If a client computer is matched against an IP given in the lists, then the
+# IP will be recorded in any log entries; if forward DNS is successful and a
+# match occurs against a hostname, the hostname will be logged instead.
+# It will reduce searching speed somewhat so unless you have a local DNS server, 
+# leave it off.
+reverseclientiplookups = {$reverseclientiplookups}
+
+
+# Perform reverse lookups on client IPs for successful requests.
+# If set to on, DansGuardian will look up the forward DNS for the IP
+# of the connecting computer, and log host names (where available) rather than
+# IPs against requests.
+# This is not dependent on reverseclientiplookups being enabled; however, if it
+# is, enabling this option does not incur any additional forward DNS requests.
+logclienthostnames = {$logclienthostnames}
+
+
+# Build bannedsitelist and bannedurllist cache files.
+# This will compare the date stamp of the list file with the date stamp of
+# the cache file and will recreate as needed.
+# If a .processed file exists for an item (e.g. domain/URL) list, then that
+# will be used instead, if it is up to date (i.e. newer than the unprocessed
+# list file).
+# This can increase process start speed on slow computers.
+# Fast computers do not need this option.
+# on | off, default = on
+createlistcachefiles = {$createlistcachefiles}
+
+
+# Prefer cached list files
+# If enabled, DansGuardian will always prefer to load ".processed" versions of
+# list files, regardless of their time stamps relative to the original
+# unprocessed lists.  This is not generally useful unless you have a specific
+# list update process which results in - for example - up-to-date, pre-sorted
+# ".processed" list files with dummy unprocessed files.
+# on | off, default = off
+prefercachedlists = {$prefercachedlists}
+
+
+
+# POST protection (web upload and forms)
+# does not block forms without any file upload, i.e. this is just for
+# blocking or limiting uploads
+# measured in kibibytes after MIME encoding and header bumph
+# use 0 for a complete block
+# use higher (e.g. 512 = 512Kbytes) for limiting
+# use -1 for no blocking
+#maxuploadsize = 512
+#maxuploadsize = 0
+maxuploadsize = {$maxuploadsize}
+
+
+
+# Max content filter size
+# Sometimes web servers label binary files as text which can be very
+# large which causes a huge drain on memory and cpu resources.
+# To counter this, you can limit the size of the document to be
+# filtered and get it to just pass it straight through.
+# This setting also applies to content regular expression modification.
+# The value must not be higher than maxcontentramcachescansize
+# The size is in Kibibytes - eg 2048 = 2Mb
+# use 0 to set it to maxcontentramcachescansize
+maxcontentfiltersize = {$maxcontentfiltersize}
+
+
+
+# Max content ram cache scan size
+# This is only used if you use a content scanner plugin such as AV
+# This is the max size of file that DG will download and cache
+# in RAM.  After this limit is reached it will cache to disk
+# This value must be less than or equal to maxcontentfilecachescansize.
+# The size is in Kibibytes - eg 10240 = 10Mb
+# use 0 to set it to maxcontentfilecachescansize
+# This option may be ignored by the configured download manager.
+maxcontentramcachescansize = {$maxcontentramcachescansize}
+
+
+
+# Max content file cache scan size
+# This is only used if you use a content scanner plugin such as AV
+# This is the max size file that DG will download
+# so that it can be scanned or virus checked.
+# This value must be greater or equal to maxcontentramcachescansize.
+# The size is in Kibibytes - eg 10240 = 10Mb
+maxcontentfilecachescansize = {$maxcontentfilecachescansize}
+
+
+
+# File cache dir
+# Where DG will download files to be scanned if too large for the
+# RAM cache.
+filecachedir = '/tmp'
+
+
+
+# Delete file cache after user completes download
+# When a file gets save to temp it stays there until it is deleted.
+# You can choose to have the file deleted when the user makes a sucessful
+# download.  This will mean if they click on the link to download from
+# the temp store a second time it will give a 404 error.
+# You should configure something to delete old files in temp to stop it filling up.
+# on|off (defaults to on)
+deletedownloadedtempfiles = {$deletedownloadedtempfiles}
+
+
+
+# Initial Trickle delay
+# This is the number of seconds a browser connection is left waiting
+# before first being sent *something* to keep it alive.  The
+# *something* depends on the download manager chosen.
+# Do not choose a value too low or normal web pages will be affected.
+# A value between 20 and 110 would be sensible
+# This may be ignored by the configured download manager.
+initialtrickledelay = {$initialtrickledelay}
+
+
+
+# Trickle delay
+# This is the number of seconds a browser connection is left waiting
+# before being sent more *something* to keep it alive.  The
+# *something* depends on the download manager chosen.
+# This may be ignored by the configured download manager.
+trickledelay = {$trickledelay}
+
+
+
+# Download Managers
+# These handle downloads of files to be filtered and scanned.
+# They differ in the method they deal with large downloads.
+# Files usually need to be downloaded 100% before they can be
+# filtered and scanned before being sent on to the browser.
+# Normally the browser can just wait, but with content scanning,
+# for example to AV, the browser may timeout or the user may get
+# confused so the download manager has to do some sort of
+# 'keep alive'.
+#
+# There are various methods possible but not all are included.
+# The author does not have the time to write them all so I have
+# included a plugin systam.  Also, not all methods work with all
+# browsers and clients.  Specifically some fancy methods don't
+# work with software that downloads updates.  To solve this,
+# each plugin can support a regular expression for matching
+# the client's user-agent string, and lists of the mime types
+# and extensions it should manage.
+#
+# Note that these are the matching methods provided by the base plugin
+# code, and individual plugins may override or add to them.
+# See the individual plugin conf files for supported options.
+#
+# The plugins are matched in the order you specify and the last
+# one is forced to match as the default, regardless of user agent
+# and other matching mechanisms.
+#
+downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf'
+##!! Not compiled !! downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/trickle.conf'
+downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf'
+
+
+
+# Content Scanners (Also known as AV scanners)
+# These are plugins that scan the content of all files your browser fetches
+# for example to AV scan.  The options are limitless.  Eventually all of
+# DansGuardian will be plugin based.  You can have more than one content
+# scanner. The plugins are run in the order you specify.
+# This is one of the few places you can have multiple options of the same name.
+#
+# Some of the scanner(s) require 3rd party software and libraries eg clamav.
+# See the individual plugin conf file for more options (if any).
+#
+#contentscanner = '/usr/local/etc/dansguardian/contentscanners/clamdscan.conf'
+#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/avastdscan.conf'
+#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/kavdscan.conf'
+#contentscanner = '/usr/local/etc/dansguardian/contentscanners/icapscan.conf'
+#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/commandlinescan.conf'
+
+
+
+# Content scanner timeout
+# Some of the content scanners support using a timeout value to stop
+# processing (eg AV scanning) the file if it takes too long.
+# If supported this will be used.
+# The default of 60 seconds is probably reasonable.
+contentscannertimeout = {$contentscannertimeout}
+
+
+
+# Content scan exceptions
+# If 'on' exception sites, urls, users etc will be scanned
+# This is probably not desirable behavour as exceptions are
+# supposed to be trusted and will increase load.
+# Correct use of grey lists are a better idea.
+# (on|off) default = off
+contentscanexceptions = {$contentscanexceptions}
+
+
+
+# Auth plugins
+# These replace the usernameidmethod* options in previous versions. They
+# handle the extraction of client usernames from various sources, such as
+# Proxy-Authorisation headers and ident servers, enabling requests to be
+# handled according to the settings of the user's filter group.
+# Multiple plugins can be specified, and will be used per port in the order
+# filterports are listed.
+#
+# If you do not use multiple filter groups, you need not specify this option.
+#
+#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf'
+#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf'
+#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf'
+#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf'
+#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf'
+
+
+
+# Re-check replaced URLs
+# As a matter of course, URLs undergo regular expression search/replace (urlregexplist)
+# *after* checking the exception site/URL/regexpURL lists, but *before* checking against
+# the banned site/URL lists, allowing certain requests that would be matched against the
+# latter in their original state to effectively be converted into grey requests.
+# With this option enabled, the exception site/URL/regexpURL lists are also re-checked
+# after replacement, making it possible for URL replacement to trigger exceptions based
+# on them.
+# Defaults to off.
+recheckreplacedurls = {$recheckreplacedurls}
+
+
+
+# Misc settings
+
+# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
+# header.  This may help solve some problem sites that need to know the
+# source ip. on | off
+forwardedfor = {$forwardedfor}
+
+
+# if on it uses the X-Forwarded-For: <clientip> to determine the client
+# IP. This is for when you have squid between the clients and DansGuardian.
+# Warning - headers are easily spoofed. on | off
+usexforwardedfor = {usexforwardedfor}
+
+
+# if on it logs some debug info regarding fork()ing and accept()ing which
+# can usually be ignored.  These are logged by syslog.  It is safe to leave
+# it on or off
+logconnectionhandlingerrors = {$logconnectionhandlingerrors}
+
+
+
+# Fork pool options
+
+# If on, this causes DG to write to the log file whenever child processes are
+# created or destroyed (other than by crashes). This information can help in
+# understanding and tuning the following parameters, but is not generally
+# useful in production.
+logchildprocesshandling = {$logchildprocesshandling}
+
+# sets the maximum number of processes to spawn to handle the incoming
+# connections.  Max value usually 250 depending on OS.
+# On large sites you might want to try 180.
+maxchildren = {$maxchildren}
+
+
+# sets the minimum number of processes to spawn to handle the incoming connections.
+# On large sites you might want to try 32.
+minchildren = {$minchildren}
+
+
+# sets the minimum number of processes to be kept ready to handle connections.
+# On large sites you might want to try 8.
+minsparechildren = {$minsparechildren}
+
+
+# sets the minimum number of processes to spawn when it runs out
+# On large sites you might want to try 10.
+preforkchildren = {$preforkchildren}
+
+
+# sets the maximum number of processes to have doing nothing.
+# When this many are spare it will cull some of them.
+# On large sites you might want to try 64.
+maxsparechildren = {$maxsparechildren}
+
+
+# sets the maximum age of a child process before it croaks it.
+# This is the number of connections they handle before exiting.
+# On large sites you might want to try 10000.
+maxagechildren = {$maxagechildren}
+
+
+# Sets the maximum number client IP addresses allowed to connect at once.
+# Use this to set a hard limit on the number of users allowed to concurrently
+# browse the web. Set to 0 for no limit, and to disable the IP cache process.
+maxips = {$maxips}
+
+
+
+# Process options
+# (Change these only if you really know what you are doing).
+# These options allow you to run multiple instances of DansGuardian on a single machine.
+# Remember to edit the log file path above also if that is your intention.
+
+# IPC filename
+# 
+# Defines IPC server directory and filename used to communicate with the log process.
+ipcfilename = '/tmp/.dguardianipc'
+
+# URL list IPC filename
+# 
+# Defines URL list IPC server directory and filename used to communicate with the URL
+# cache process.
+urlipcfilename = '/tmp/.dguardianurlipc'
+
+# IP list IPC filename
+#
+# Defines IP list IPC server directory and filename, for communicating with the client
+# IP cache process.
+ipipcfilename = '/tmp/.dguardianipipc'
+
+# PID filename
+# 
+# Defines process id directory and filename.
+#pidfilename = '/var/run/dansguardian.pid'
+
+# Disable daemoning
+# If enabled the process will not fork into the background.
+# It is not usually advantageous to do this.
+# on|off (defaults to off)
+nodaemon = {$nodaemon}
+
+# Disable logging process
+# on|off (defaults to off)
+nologger = {$nologger}
+
+# Enable logging of "ADs" category blocks
+# on|off (defaults to off)
+logadblocks = {$logadblocks}
+
+# Enable logging of client User-Agent
+# Some browsers will cause a *lot* of extra information on each line!
+# on|off (defaults to off)
+loguseragent = {$loguseragent}
+
+# Daemon runas user and group
+# This is the user that DansGuardian runs as.  Normally the user/group nobody.
+# Uncomment to use.  Defaults to the user set at compile time.
+# Temp files created during virus scanning are given owner and group read
+# permissions; to use content scanners based on external processes, such as
+# clamdscan, the two processes must run with either the same group or user ID.
+#daemonuser = 'nobody'
+#daemongroup = 'nobody'
+
+# Soft restart
+# When on this disables the forced killing off all processes in the process group.
+# This is not to be confused with the -g run time option - they are not related.
+# on|off (defaults to off)
+softrestart = {softrestart}
+
+# Mail program
+# Path (sendmail-compatible) email program, with options.
+# Not used if usesmtp is disabled (filtergroup specific).
+#!! Not compiled !!mailer = '/usr/sbin/sendmail -t'
+
+#SSL certificate checking path
+#Path to CA certificates used to validate the certificates of https sites.
+#sslcertificatepath = '/etc/ssl/certs/'
+
+#SSL man in the middle
+#CA certificate path
+#Path to the CA certificate to use as a signing certificate for 
+#generated certificates.
+#cacertificatepath = '/home/stephen/dginstall/ca.pem'
+
+#CA private key path
+#path to the private key that matches the public key in the CA certificate.
+#caprivatekeypath = '/home/stephen/dginstall/ca.key'
+
+#Cert private key path
+#The public / private key pair used by all generated certificates
+#certprivatekeypath = '/home/stephen/dginstall/cert.key'
+
+#Generated cert path
+#The location where generated certificates will be saved for future use.
+#(must be writable by the dg user)
+#generatedcertpath = '/home/stephen/dginstall/generatedcerts/'
+
+#Generated link path = ''
+#The location where symlinks to certificates will be created.
+#(must be writable by the dg user)
+#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/'
+	
+EOF;
+	#write files
+	conf_mount_rw();
+
+	$mlang=strtolower($report['language']);
+	$mfiles[]="/usr/local/etc/dansguardian/virus.scanners.conf";
+	$mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/inline.spam.warning.txt";
+	$mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/languages.conf";
+	
+	foreach ($mfiles as $mfile)
+		if (! file_exists ($mfile))
+			copy($mfile.".sample",$mfile);
+			
+
+	write_config();
+	
+	file_put_contents($dansguardian_dir."/dansguardian.conf", $mc, LOCK_EX);
+	file_put_contents($dansguardian_dir."/filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX);
+	file_put_contents($dansguardian_dir."/filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX);
+	file_put_contents($dansguardian_dir."/archives.filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX);
+	file_put_contents($dansguardian_dir."/archives.filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX);
+	file_put_contents($dansguardian_dir."/phishing.safe.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_safe']),LOCK_EX);
+	file_put_contents($dansguardian_dir."/phishing.bad.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_bad']),LOCK_EX);
+	file_put_contents($dansguardian_dir."/country.domains.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['country_domains']),LOCK_EX);
+	file_put_contents($dansguardian_dir.'/spam.assassin.prefs.conf',$sa_temp,LOCK_EX);
+	file_put_contents($dansguardian_dir.'/spam.lists.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['rbl_file']),LOCK_EX);
+	file_put_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']),LOCK_EX);
+	file_put_contents($dansguardian_dir.'/rules/bounce.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['bounce']),LOCK_EX);
+	file_put_contents($dansguardian_dir.'/rules/max.message.size.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['max_message_size']),LOCK_EX);
+	file_put_contents($dansguardian_dir.'/rules/spam.whitelist.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['spam_whitelist']),LOCK_EX);
+	
+	foreach ($report_files as $key_r => $file_r)
+		file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX);
+		
+	if ($alert['sig']){
+		$sig_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_html']);
+		$sig_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_txt']);}
+	else{
+		$sig_html="";
+		$sig_txt="";}
+	file_put_contents($report_dir.'/inline.sig.txt',$sig_txt,LOCK_EX);
+	file_put_contents($report_dir.'/inline.sig.html',$sig_html,LOCK_EX);
+
+	if ($alert['warning']){
+		$warning_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_html']);
+		$warning_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_txt']);}
+	else{
+		$warning_html="";
+		$warning_txt="";}
+	file_put_contents($report_dir.'/inline.warning.txt',$warning_txt,LOCK_EX);
+	file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX);
+	
+	#check virus_scanner options
+	$libexec_dir="/usr/local/libexec/dansguardian/";
+	if ($virus_scanning == "yes"){
+		if ($antivirus['virus_scanner'] =="none"){
+			unlink_if_exists($libexec_dir.'clamav-autoupdate');
+			unlink_if_exists($libexec_dir.'clamav-wrapper');
+		}
+		else{
+			if (file_exists('/var/run/clamav/'))
+				chown('/var/run/clamav/', 'dansguardian');
+			if (file_exists('/var/log/clamav/'))
+				chown('/var/log/clamav/', 'dansguardian');
+			if (file_exists('/var/db/clamav/'))
+				chown('/var/db/clamav/', 'dansguardian');
+			if (file_exists('/var/db/clamav/bytecode.cld'))
+				chown('/var/db/clamav/bytecode.cld', 'dansguardian');
+			if (file_exists('/var/db/clamav/daily.cld'))
+				chown('/var/db/clamav/daily.cld', 'dansguardian');
+			if (file_exists('/var/db/clamav/main.cvd'))
+				chown('/var/db/clamav/main.cvd', 'dansguardian');
+			if (file_exists('/var/db/clamav/mirrors.dat'))
+				chown('/var/db/clamav/mirrors.dat', 'dansguardian');
+			if (file_exists('/var/log/clamav/clamd.log'))
+				chown('/var/log/clamav/clamd.log', 'dansguardian');
+			if (file_exists('/var/log/clamav/freshclam.log'))
+				chown('/var/log/clamav/freshclam.log', 'dansguardian');
+			
+			copy($libexec_dir.'clamav-autoupdate.sample',$libexec_dir.'clamav-autoupdate');
+			chmod ($libexec_dir.'clamav-autoupdate',0755);
+			copy($libexec_dir.'clamav-wrapper.sample',$libexec_dir.'clamav-wrapper');
+			chmod ($libexec_dir.'clamav-autoupdate',0755);
+			if (!file_exists('/var/db/clamav/main.cvd')){
+				log_error('No clamav database found, running freshclam in background.');
+				mwexec_bg('/usr/local/bin/freshclam');
+				}
+			#clamav-wrapper file
+			$cconf=$libexec_dir."clamav-wrapper";
+			$cconf_file=file_get_contents($cconf);
+			if (preg_match('/"clamav"/',$cconf_file)){
+				$cconf_file=preg_replace('/"clamav"/','"dansguardian"',$cconf_file);
+				file_put_contents($cconf, $cconf_file, LOCK_EX);
+				}
+				
+			#freshclam conf file
+			$cconf="/usr/local/etc/freshclam.conf";
+			$cconf_file=file_get_contents($cconf);
+			if (preg_match('/DatabaseOwner clamav/',$cconf_file)){
+				$cconf_file=preg_replace("/DatabaseOwner clamav/","DatabaseOwner dansguardian",$cconf_file);
+				file_put_contents($cconf, $cconf_file, LOCK_EX);
+				}
+				
+			#clamd conf file
+			$cconf="/usr/local/etc/clamd.conf";
+			$cconf_file=file_get_contents($cconf);
+			if (preg_match('/User clamav/',$cconf_file)){
+				$cconf_file=preg_replace("/User clamav/","User dansguardian",$cconf_file);
+				file_put_contents($cconf, $cconf_file, LOCK_EX);
+				}
+			#clamd script file
+			$script='/usr/local/etc/rc.d/clamav-clamd';
+			$script_file=file($script);
+			foreach ($script_file as $script_line){
+				if(preg_match("/command=/",$script_line)){
+					$new_clamav_startup.= "/bin/mkdir /var/run/clamav\n";
+					$new_clamav_startup.= "chown dansguardian /var/run/clamav\n";
+					$new_clamav_startup.=$script_line;
+					}
+				elseif(!preg_match("/(mkdir|chown|sleep|dansguardian)/",$script_line)) {
+					$new_clamav_startup.=preg_replace("/NO/","YES",$script_line);
+					}
+				}
+			file_put_contents($script, $new_clamav_startup, LOCK_EX);
+			chmod ($script,0755);
+			mwexec("$script stop");
+			mwexec_bg("$script start");
+		}
+	}
+	else{
+		unlink_if_exists($libexec_dir.'clamav-autoupdate');
+		unlink_if_exists($libexec_dir.'clamav-wrapper');
+	}
+	
+	#check dcc startup script
+			$script='/usr/local/etc/rc.d/dccifd';
+			$script_file=file_get_contents($script);
+			if (preg_match('/NO/',$script_file)){
+				$script_file=preg_replace("/NO/","YES",$script_file);
+				file_put_contents($script, $script_file, LOCK_EX);
+				chmod ($script,0755);
+				}
+	#check dcc config file
+			$script='/usr/local/dcc/dcc_conf';
+			$script_file=file_get_contents($script);
+			if (preg_match('/DCCIFD_ENABLE=off/',$script_file)){
+				$script_file=preg_replace("/DCCIFD_ENABLE=off/","DCCIFD_ENABLE=on",$script_file);
+				file_put_contents($script, $script_file, LOCK_EX);
+				}
+			mwexec("$script stop");
+			mwexec_bg("$script start");
+				
+	$script='/usr/local/etc/rc.d/dansguardian';
+
+	#fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/dansguardian
+	$cconf="/usr/local/sbin/dansguardian";
+	$cconf_file=file_get_contents($cconf);
+	$pattern2[0]='/perl\W+I/';
+	$pattern2[1]='/\smy .current = config MIME::ToolUtils/';
+	$replacement2[0]='perl -U -I';
+	$replacement2[1]=' #my $current = config MIME::ToolUtils';
+	if (preg_match('/perl\W+I/',$cconf_file)){
+		$cconf_file=preg_replace($pattern2,$replacement2,$cconf_file);
+		file_put_contents($cconf, $cconf_file, LOCK_EX);
+		#force old process stop	
+		mwexec("$script stop");
+		}	
+	
+	$script_file=file_get_contents($script);
+	if (preg_match('/NO/',$script_file)){
+				$script_file=preg_replace("/NO/","YES",$script_file);
+				file_put_contents($script, $script_file, LOCK_EX);
+				chmod ($script,0755);
+				}
+	if($config['installedpackages']['dansguardian']['config'][0]['enable']){
+		log_error("Reload dansguardian");
+		chmod ($script,0755);
+		mwexec("$script stop");
+        sleep(2);
+        mwexec_bg("$script start");
+	}
+	else{
+		log_error("Stopping dansguardian if running");
+		mwexec("$script stop");
+		chmod ($script,0444);
+	}
+	conf_mount_ro();
+	$synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
+	if(!$synconchanges && !$syncondbchanges) 
+		return;
+	log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting.");
+	foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){
+		foreach($rs['row'] as $sh){
+		$sync_to_ip = $sh['ipaddress'];
+		$password   = $sh['password'];
+		$sync_type = $sh['sync_type'];
+		if($password && $sync_to_ip)
+			dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type);
+		}
+	}
+	log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending.");
+
+}
+
+function dansguardian_validate_input($post, &$input_errors) {
+	foreach ($post as $key => $value) {
+		if (empty($value))
+			continue;
+		if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
+			if (!is_domain($value))
+				$input_errors[] = "{$value} is not a valid domain name.";
+		} else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) {
+			if (empty($post['domain' . substr($key, 12)]))
+				$input_errors[] = "Domain for {$value} cannot be blank.";
+			if (!is_ipaddr($value) && !is_hostname($value))
+				$input_errors[] = "{$value} is not a valid IP address or host name.";
+		}
+	}
+}
+
+function dansguardian_php_install_command() {
+	sync_package_dansguardian();
+}
+
+function dansguardian_php_deinstall_command() {
+	mwexec("/usr/local/etc/rc.d/dansguardian.sh stop");
+	sleep(1);
+	conf_mount_rw();
+	unlink_if_exists("/usr/local/etc/rc.d/dansguardian.sh");
+	conf_mount_ro();
+}
+
+function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
+	global $config, $g;
+
+	if(!$password)
+		return;
+
+	if(!$sync_to_ip)
+		return;
+
+	$xmlrpc_sync_neighbor = $sync_to_ip;
+    if($config['system']['webgui']['protocol'] != "") {
+		$synchronizetoip = $config['system']['webgui']['protocol'];
+		$synchronizetoip .= "://";
+    }
+    $port = $config['system']['webgui']['port'];
+    /* if port is empty lets rely on the protocol selection */
+    if($port == "") {
+		if($config['system']['webgui']['protocol'] == "http") 
+			$port = "80";
+		else 
+			$port = "443";
+    }
+	$synchronizetoip .= $sync_to_ip;
+
+	/* xml will hold the sections to sync */
+	$xml = array();
+	$sync_xml=$config['installedpackages']['dansguardiansync']['config'][0]['synconchanges'];
+	if ($sync_xml){
+		log_error("Include dansguardian config");
+		$xml['dansguardian'] = $config['installedpackages']['dansguardian'];
+		$xml['msreport'] = $config['installedpackages']['msreport'];
+		$xml['mscontent'] = $config['installedpackages']['mscontent'];
+		$xml['msantivirus'] = $config['installedpackages']['msantivirus'];
+		$xml['msantispam'] = $config['installedpackages']['msantispam'];
+		$xml['msalerts'] = $config['installedpackages']['msalerts'];
+		}
+	if (count($xml) > 0){
+		/* assemble xmlrpc payload */
+		$params = array(
+			XML_RPC_encode($password),
+			XML_RPC_encode($xml)
+		);
+	
+		/* set a few variables needed for sync code borrowed from filter.inc */
+		$url = $synchronizetoip;
+		log_error("Beginning dansguardian XMLRPC sync to {$url}:{$port}.");
+		$method = 'pfsense.merge_installedpackages_section_xmlrpc';
+		$msg = new XML_RPC_Message($method, $params);
+		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+		$cli->setCredentials('admin', $password);
+		if($g['debug'])
+			$cli->setDebug(1);
+		/* send our XMLRPC message and timeout after 250 seconds */
+		$resp = $cli->send($msg, "250");
+		if(!$resp) {
+			$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}.";
+			log_error($error);
+			file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
+		} elseif($resp->faultCode()) {
+			$cli->setDebug(1);
+			$resp = $cli->send($msg, "250");
+			$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+			log_error($error);
+			file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
+		} else {
+			log_error("dansguardian XMLRPC sync successfully completed with {$url}:{$port}.");
+		}
+		
+		/* tell dansguardian to reload our settings on the destionation sync host. */
+		$method = 'pfsense.exec_php';
+		$execcmd  = "require_once('/usr/local/pkg/dansguardian.inc');\n";
+		$execcmd .= "sync_package_dansguardian();";
+		
+		/* assemble xmlrpc payload */
+		$params = array(
+			XML_RPC_encode($password),
+			XML_RPC_encode($execcmd)
+		);
+	
+		log_error("dansguardian XMLRPC reload data {$url}:{$port}.");
+		$msg = new XML_RPC_Message($method, $params);
+		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+		$cli->setCredentials('admin', $password);
+		$resp = $cli->send($msg, "250");
+		if(!$resp) {
+			$error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+			log_error($error);
+			file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
+		} elseif($resp->faultCode()) {
+			$cli->setDebug(1);
+			$resp = $cli->send($msg, "250");
+			$error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+			log_error($error);
+			file_notice("sync_settings", $error, "dansguardian Settings Sync", "");
+		} else {
+			log_error("dansguardian XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+		}
+	}
+}
+
+?>
diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml
index f81be0e3..c8b630d1 100644
--- a/config/dansguardian/dansguardian.xml
+++ b/config/dansguardian/dansguardian.xml
@@ -7,7 +7,7 @@
 /* $Id$ */
 /* ========================================================================== */
 /*
-    pfblocker.xml
+    dansguardian.xml
     part of the dansguardian for pfSense
     Copyright (C) 2012 Marcello Coutinho
 
@@ -49,7 +49,7 @@
 	<menu>
 		<name>dansguardian</name>
 		<tooltiptext>Configure dansguardian</tooltiptext>
-		<section>Firewall</section>
+		<section>Services</section>
 		<url>pkg_edit.php?xml=dansguardian.xml</url>
 	</menu>
 	<additional_files_needed>
@@ -125,7 +125,7 @@
 		</field>
 		<field>
 			<fielddescr>Enable dansguardian</fielddescr>
-			<fieldname>enable_cb</fieldname>
+			<fieldname>enable_dg</fieldname>
 			<type>checkbox</type>
 			<description></description>
 		</field>
@@ -168,7 +168,7 @@
 		</field>
 			<field>
 			<fielddescr>Min/Max Spare Children</fielddescr>
-			<fieldname>minsparechildren</fieldname>
+			<fieldname>sparechildren</fieldname>
 			<type>input</type>
 			<size>10</size>
 			<description><![CDATA[Default: <strong>4/32</strong><br>
diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml
index 41e3c335..d3ed5277 100644
--- a/config/dansguardian/dansguardian_config.xml
+++ b/config/dansguardian/dansguardian_config.xml
@@ -104,7 +104,7 @@
 		</field>
 		<field>
 			<fielddescr>Scan Options</fielddescr>
-			<fieldname>report_options</fieldname>
+			<fieldname>scan_options</fieldname>
 			<description><![CDATA[Scan options. Default values are in ( )]]></description>
 	    	<type>select</type>
  				<options>
@@ -171,7 +171,7 @@
 			<description><![CDATA[Content Scanners options. Default values are in ( )]]></description>
 	    	<type>select</type>
  				<options>
- 				<option><name>clamdscan (on)</name><value>icapscan</value></option>
+ 				<option><name>clamdscan (on)</name><value>clamdscan</value></option>
  				<option><name>icapscan (on)</name><value>icapscan</value></option>
  				</options>
  				<multiple/>
diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml
index ecc3c020..2a1be7d6 100644
--- a/config/dansguardian/dansguardian_limits.xml
+++ b/config/dansguardian/dansguardian_limits.xml
@@ -7,7 +7,7 @@
 /* $Id$ */
 /* ========================================================================== */
 /*
-    dansguardian_config.xml
+    dansguardian_limits.xml
     part of the dansguardian for pfSense
     Copyright (C) 2012 Marcello Coutinho
 
diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml
index 885aebf8..386fe159 100644
--- a/config/dansguardian/dansguardian_log.xml
+++ b/config/dansguardian/dansguardian_log.xml
@@ -42,7 +42,7 @@
 	<description>Describe your package here</description>
 	<requirements>Describe your package requirements here</requirements>
 	<faq>Currently there are no FAQ items provided.</faq>
-	<name>dansguardianlimits</name>
+	<name>dansguardianlog</name>
 	<version>1.0</version>
 	<title>Services: Dansguardian</title>
 	<include_file>/usr/local/pkg/dansguardian.inc</include_file>
@@ -150,7 +150,7 @@
 		</field>
 		<field>
 			<fielddescr>Logging Options</fielddescr>
-			<fieldname>report_options</fieldname>
+			<fieldname>logging_options</fieldname>
 			<description><![CDATA[Logging options. Default values are in ( )]]></description>
 	    	<type>select</type>
  				<options>