aboutsummaryrefslogtreecommitdiffstats
path: root/config/p3scan-pf/p3scan-pf.inc
diff options
context:
space:
mode:
authorBill Marquette <bill.marquette@gmail.com>2009-02-06 19:18:00 -0600
committerBill Marquette <bill.marquette@gmail.com>2009-02-06 19:18:00 -0600
commit55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1 (patch)
treeba4783bab1dd65f1ceef2dfac9fdbd515531d18b /config/p3scan-pf/p3scan-pf.inc
parent67780cc9d469288742aea5bc378c29a54edd5ec5 (diff)
downloadpfsense-packages-55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1.tar.gz
pfsense-packages-55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1.tar.bz2
pfsense-packages-55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1.zip
mv packages to config dir to match web layout
Diffstat (limited to 'config/p3scan-pf/p3scan-pf.inc')
-rw-r--r--config/p3scan-pf/p3scan-pf.inc395
1 files changed, 395 insertions, 0 deletions
diff --git a/config/p3scan-pf/p3scan-pf.inc b/config/p3scan-pf/p3scan-pf.inc
new file mode 100644
index 00000000..b6f497b2
--- /dev/null
+++ b/config/p3scan-pf/p3scan-pf.inc
@@ -0,0 +1,395 @@
+<?php
+/* $Id$ */
+/*
+ $RCSfile$
+ Copyright (C) 2006 Daniel S. Haischt <me@daniel.stefan.haischt.name>
+ All rights reserved.
+
+ Copyright (C) 2006 Fernando Lemos
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notices,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notices, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* ====================== USAGE NOTE: ====================== */
+/* Depending on your use case scenario, this software may */
+/* depend on the following software packages: */
+/* */
+/* - renatach (part of the FreeBSD ports collection) */
+/* - a virus scanner (e.g. ClamAV) */
+/* - a spam filter (e.g. DSPAM or SpamAssassin) */
+/* ========================================================= */
+
+
+/* include all configuration functions */
+require_once("functions.inc");
+require_once("notices.inc");
+
+function sync_package_p3scan() {
+ global $config, $g;
+ conf_mount_rw();
+ config_lock();
+ $fd = fopen("/etc/p3scan.conf","w");
+
+ /* shorten the config path */
+ $cfg = $config['installedpackages']['p3scanpf']['config'][0];
+ $cfgmsg = $config['installedpackages']['p3scanpfmsg']['config'][0];
+ $cfgemer = $config['installedpackages']['p3scanpfemer']['config'];
+ $cfgvir = $config['installedpackages']['p3scanpfvir']['config'][0];
+ $cfgspam = $config['installedpackages']['p3scanpfspam']['config'][0];
+
+ fwrite($fd, "## p3scan-pf config file - generated by pfSense.\n##\n");
+ fwrite($fd, "## at: " . date("l dS of F Y h:i:s A") . "\n##\n");
+ /* ================================================================ */
+ /* == Tab: Daemon Settings == */
+ /* ================================================================ */
+ fwrite($fd, "## Daemon Settings.\n");
+ fwrite($fd, "pidfile = /var/run/p3scan/p3scan.pid\n");
+ if (isset($cfg['maxchilds']) && $cfg['maxchilds'] <> "")
+ fwrite($fd, "maxchilds = {$cfg['maxchilds']}\n");
+ else
+ fwrite($fd, "maxchilds = 10\n");
+ if (isset($cfg['ipaddr']) && $cfg['ipaddr'] <> "")
+ fwrite($fd, "ip = {$cfg['ipaddr']}\n");
+ else
+ fwrite($fd, "ip = 127.0.0.1\n");
+ if (isset($cfg['port']) && $cfg['port'] <> "")
+ fwrite($fd, "port = {$cfg['port']}\n");
+ else
+ fwrite($fd, "port = 8110\n");
+ if (isset($cfg['sslport']) && $cfg['sslport'] <> "")
+ fwrite($fd, "sslport = {$cfg['sslport']}\n");
+ else
+ fwrite($fd, "sslport = 995\n");
+ if (isset($cfg['targetip']) && $cfg['targetip'] <> "") {
+ if ($cfg['targetip'] == "0.0.0.0")
+ setup_transparency();
+ else
+ remove_transparency();
+ fwrite($fd, "targetip = {$cfg['targetip']}\n");
+ } else {
+ setup_transparency();
+ fwrite($fd, "targetip = 0.0.0.0\n");
+ }
+ if (isset($cfg['targetport']) && $cfg['targetport'] <> "")
+ fwrite($fd, "targetport = {$cfg['targetport']}\n");
+ else
+ fwrite($fd, "targetport = 8110\n");
+ if (isset($cfg['emailport']) && $cfg['emailport'] <> "")
+ fwrite($fd, "emailport = {$cfg['emailport']}\n");
+ else
+ fwrite($fd, "emailport = 25\n");
+ if (isset($cfg['daemonuser']) && $cfg['daemonuser'] <> "")
+ fwrite($fd, "user = {$cfg['daemonuser']}\n");
+ else
+ fwrite($fd, "user = root\n");
+ fwrite($fd, "notifydir = /var/spool/p3scan/notify\n");
+ fwrite($fd, "virusdir = /var/spool/p3scan\n");
+ fwrite($fd, "template = /usr/local/etc/p3scan/p3scan.mail\n");
+
+ /* ================================================================ */
+ /* == Tab: Message Processing == */
+ /* ================================================================ */
+ fwrite($fd, "## Message Processing Settings.\n");
+ if (isset($cfgmsg['justdelete']) && $cfgmsg['justdelete'] <> "")
+ fwrite($fd, "justdelete\n");
+ if (isset($cfgmsg['bytesfree']) && $cfgmsg['bytesfree'] <> "")
+ fwrite($fd, "bytesfree = {$cfgmsg['bytesfree']}\n");
+ else
+ fwrite($fd, "bytesfree = 10000\n");
+ if (isset($cfgmsg['broken']) && $cfgmsg['broken'] <> "")
+ fwrite($fd, "broken\n");
+ if (isset($cfgmsg['timeout']) && $cfgmsg['timeout'] <> "")
+ fwrite($fd, "timeout = {$cfgmsg['timeout']}\n");
+ else
+ fwrite($fd, "timeout = 30\n");
+ if (isset($cfgmsg['ispspam']) && $cfgmsg['ispspam'] <> "")
+ fwrite($fd, "ispspam = {$cfgmsg['ispspam']}\n");
+ if (file_exists("/usr/local/bin/renattach"))
+ fwrite($fd, "renattach = /usr/local/bin/renattach\n");
+ if (isset($cfgmsg['subject']) && $cfgmsg['subject'] <> "")
+ fwrite($fd, "subject = {$cfgmsg['subject']}\n");
+ else
+ fwrite($fd, "subject = Subject: \"[Virus] found in a mail to you:\" <virus name>\n");
+ if (isset($cfgmsg['notify']) && $cfgmsg['notify'] <> "")
+ fwrite($fd, "notify = {$cfgmsg['notify']}\n");
+ else
+ fwrite($fd, "notify = Per instruction, the message has been deleted.\n");
+ if (isset($cfgmsg['smtpreject']) && $cfgmsg['smtpreject'] <> "")
+ fwrite($fd, "smtprset = {$cfgmsg['smtpreject']}\n");
+ else
+ fwrite($fd, "smtprset = Virus detected! P3scan rejected message!\n");
+ if (isset($cfgmsg['checksize']) && $cfgmsg['checksize'] <> "")
+ fwrite($fd, "checksize = {$cfgmsg['checksize']}\n");
+ if (isset($cfgmsg['footer']) && $cfgmsg['footer'] <> "")
+ fwrite($fd, "footer = {$cfgmsg['footer']}\n");
+
+ /* ================================================================ */
+ /* == Tab: Emergency Contact == */
+ /* ================================================================ */
+ fwrite($fd, "## Emergency Contacts.\n");
+ if (is_array($cfgemer)) {
+ foreach ($cfgemer as $addr) {
+ $contact .= "{$addr['emailaddress']} ";
+ }
+ if (isset($contact) && $contact <> "")
+ fwrite($fd, "emergcon = {$contact}\n");
+ }
+
+ /* ================================================================ */
+ /* == Tab: Virus Scanner Settings == */
+ /* ================================================================ */
+ fwrite($fd, "## Virus Scanner Settings.\n");
+ if (isset($cfgvir['scannertype']) && $cfgvir['scannertype'] <> "")
+ fwrite($fd, "scannertype = {$cfgvir['scannertype']}\n");
+ else
+ fwrite($fd, "scannertype = clamd\n");
+ if (isset($cfgvir['scanner']) && $cfgvir['scanner'] <> "")
+ fwrite($fd, "scanner = {$cfgvir['scanner']}\n");
+ else
+ fwrite($fd, "scanner = 127.0.0.1:3310\n");
+ if (isset($cfgvir['viruscode']) && $cfgvir['viruscode'] <> "")
+ fwrite($fd, "viruscode = {$cfgvir['viruscode']}\n");
+ else
+ fwrite($fd, "viruscode = 1\n");
+ if (isset($cfgvir['goodcode']) && $cfgvir['goodcode'] <> "")
+ fwrite($fd, "goodcode = {$cfgvir['goodcode']}\n");
+ if (isset($cfgvir['virusregexp']) && $cfgvir['virusregexp'] <> "")
+ fwrite($fd, "virusregexp = {$cfgvir['virusregexp']}\n");
+ if (isset($cfgvir['demime']) && $cfgvir['demime'] <> "")
+ fwrite($fd, "demime\n");
+
+ /* ================================================================ */
+ /* == Tab: SPAM Settings == */
+ /* ================================================================ */
+ if ((isset($cfgspam['checkspam']) && $cfgspam['checkspam'] <> "") ||
+ $config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') {
+ fwrite($fd, "## SPAM Settings.\n");
+ fwrite($fd, "checkspam\n");
+ if (isset($cfgspam['spamcheck']) && $cfgspam['spamcheck'] <> "") {
+ /* most times the command line for the spam binary becomes
+ * quite lengthy, which my be the reason that users are
+ * the XML tag and the command line itself into several
+ * lines. Thus strip whitespaces.
+ */
+ $cfgspam['spamcheck'] = trim($cfgspam['spamcheck']);
+ fwrite($fd, "spamcheck = {$cfgspam['spamcheck']}\n");
+ } else {
+ if ($config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') {
+ fwrite($fd, "spamcheck = /usr/bin/spamc\n");
+ } else {
+ fwrite($fd, "spamcheck = /usr/local/bin/dspam --user dspamuser --mode=teft --stdout --deliver=innocent,spam --feature=ch,no,wh\n");
+ }
+ }
+ }
+
+ fclose($fd);
+
+ /* NOTE: The following code requires the p3scan-pf.inc file to
+ * be saved with UNIX Linefeeds. LF that is and NOT CR LF.
+ */
+ $start = <<<EOD
+test_p3scan_user=`cat /etc/passwd | grep p3scan`
+test_p3scan_group=`cat /etc/passwd | grep p3scan`
+
+if [ -z "\${test_p3scan_group}" ]; then
+ pw groupadd p3scan -g 108
+fi
+
+if [ -z "\${test_p3scan_user}" ]; then
+ pw useradd p3scan -u 108 -g p3scan -d /var/spool/p3scan -s /sbin/nologin -c 'P3Scan Daemon'
+fi
+
+if [ ! -d "/var/spool/p3scan" ]; then
+ mkdir /var/spool/p3scan && chown p3scan:p3scan /var/spool/p3scan
+fi
+
+if [ ! -d "/var/spool/p3scan/children" ]; then
+ mkdir /var/spool/p3scan/children && chown p3scan:p3scan /var/spool/p3scan/children
+fi
+
+if [ ! -d "/var/spool/p3scannotify" ]; then
+ mkdir /var/spool/p3scannotify && chown p3scan:p3scan /var/spool/p3scannotify
+fi
+
+if [ ! -d "/var/run/p3scan" ]; then
+ mkdir /var/run/p3scan && chown p3scan:p3scan /var/run/p3scan
+fi
+
+/sbin/mount_fdescfs fdescfs /dev/fd
+/usr/local/sbin/p3scan --configfile=/usr/local/etc/p3scan/p3scan.conf &
+
+EOD;
+
+ $stop = "/usr/bin/killall p3scan\n" .
+ "sleep 2";
+
+ if (! file_exists("/usr/local/etc/rc.d/030.p3scan.sh")) {
+ write_rcfile(array(
+ "file" => "030.p3scan.sh",
+ "start" => $start,
+ "stop" => $stop
+ )
+ );
+ }
+
+ /* finally get rid of files that were instaled by the package */
+ removePackageLeftovers();
+
+ conf_mount_ro();
+ config_unlock();
+
+ if (! file_exists("/usr/local/etc/p3scan")) {
+ mkdir("/usr/local/etc/p3scan");
+ }
+ if (! file_exists("/usr/local/etc/p3scan/p3scan.conf")) {
+ mwexec("ln -s /etc/p3scan.conf /usr/local/etc/p3scan/p3scan.conf");
+ }
+ if (! file_exists("/usr/local/etc/p3scan/p3scan.mail")) {
+ $fd = fopen("/usr/local/etc/p3scan/p3scan.mail","w");
+
+ $p3scanmail = <<<EOD
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Content-Type: text/plain;
+ charset="iso-8859-1"
+
+Hello %USERNAME%.
+This message body was generated automatically from P3Scan, which runs on
+%HOSTNAME%.%DOMAINNAME% for scanning all incoming email.
+
+It replaces the body of a message sent to you that contained a VIRUS!
+
+Instead of the infected email this message has been sent to you.
+
+You may look at the message header of this message for the complete
+email header information of the infected message.
+
+Virus name:
+ %VIRUSNAME%
+(Supposed) Sender of the email:
+ %MAILFROM%
+Sent To:
+ %MAILTO%
+On Date:
+ %MAILDATE%
+Subject:
+ %SUBJECT%
+Connection data:
+ %PROTOCOL% from %CLIENTIP%:%CLIENTPORT% to %SERVERIP%:%SERVERPORT%
+Message File:
+ %P3SCANID%
+Virus Definition Info:
+ %VDINFO%
+--
+%PROGNAME% %VERSION%
+by Jack S. Lai <laitcg@cox.net>
+
+EOD;
+
+ fwrite($fd, $p3scanmail);
+ fclose($fd);
+ }
+
+ mwexec("/usr/local/etc/rc.d/030.p3scan.sh stop");
+ /* test whether a pid file still exists and remove it if necessary */
+ if (! is_service_running("p3scan-pf"))
+ unlink_if_exists("/var/run/p3scan/p3scan.pid");
+ mwexec("/usr/local/etc/rc.d/030.p3scan.sh start");
+
+ return 0;
+}
+
+function custom_php_install_command() {
+ global $config, $g;
+ sync_package_p3scan();
+}
+
+function custom_php_deinstall_command() {
+ global $config, $g;
+ conf_mount_rw();
+
+ if (is_service_running("p3scan-pf"))
+ stop_service("p3scan-pf");
+
+ unlink_if_exists("/usr/local/etc/p3scan/p3scan.conf");
+ unlink_if_exists("/usr/local/etc/p3scan/p3scan.mail");
+ unlink_if_exists("/usr/local/etc/rc.d/030.p3scan.sh");
+ rmdir("/usr/local/etc/p3scan");
+ mwexec("rm -rf /var/spool/p3scan");
+ mwexec("rm -rf /var/run/p3scan");
+ mwexec("rm -rf /var/run/p3scan");
+
+ conf_mount_ro();
+}
+
+function removePackageLeftovers() {
+ unlink_if_exists("/usr/local/etc/rc.d/p3scan.sh");
+ unlink_if_exists("/usr/local/etc/p3scan.conf.sample");
+ unlink_if_exists("/usr/local/etc/p3scan.mail.sample");
+
+}
+
+function add_trans_table(){
+ global $config;
+
+ /* Flush all entries first, and then add them. */
+ $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush');
+ if($p3scan_pf_result <> 0) {
+ file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", "");
+ }
+ if($config['installedpackages']['p3scanpftransex']['config'] != ""){
+ foreach($config['installedpackages']['p3scanpftransex']['config'] as $tmp) {
+ $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T add ' . $tmp['ip']);
+ if($p3scan_pf_result <> 0) {
+ file_notice("P3SCAN", "There were error(s) adding the ip " . $tmp['ip'], "P3SCAN", "");
+ }
+ }
+ }
+}
+
+function remove_transparency() {
+ $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush');
+ if($p3scan_pf_result <> 0) {
+ file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", "");
+ }
+}
+
+function setup_transparency() {
+ global $config;
+ $cfg = $config['installedpackages']['p3scanpf']['config'][0];
+ $ip = $cfg['ipaddr'];
+ $port = $cfg['port'];
+
+ if ($ip == "" || $port == "") { return; }
+
+ $trans_file = fopen("/tmp/p3scan_pf.rules","w");
+ fwrite($trans_file, "table <p3scan> persist\n");
+ fwrite($trans_file, "rdr on " . $config['interfaces']['lan']['if'] . " inet proto tcp from !<p3scan> to ! " . $config['interfaces']['lan']['ipaddr'] . " port = pop3 -> {$ip} port {$port} \n");
+ fclose($trans_file);
+ $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -f /tmp/p3scan_pf.rules');
+ if($p3scan_pf_result <> 0) {
+ file_notice("P3SCAN", "There were error(s) loading the transparency rules", "P3SCAN", "");
+ }
+ add_trans_table();
+}
+?> \ No newline at end of file