Merge pull request #1196 from doktornotor/patch-1

3 files changed, 38 insertions, 3 deletions

diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc
index e22ae039..4bf9ea59 100644
--- a/config/squid3/34/squid_antivirus.inc
+++ b/config/squid3/34/squid_antivirus.inc
@@ -348,6 +348,28 @@ EOF;
 				if (!file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
 					log_error("[squid] Could not save generated {$cf} file!");
 				}
+				if ($antivirus_config['clamav_disable_stream_scanning'] == "on") {
+					$stream_exclude = <<< EOF
+# Do not scan (streamed) videos and audios
+abort ^.*\.(flv|f4f|mp(3|4))(\?.*)?$
+abort ^.*\.(m3u|pls|wmx|aac|mpeg)(\?.*)?$
+abortcontent ^video\/x-flv$
+abortcontent ^video\/mp4$
+abortcontent ^audio\/mp4$
+abortcontent ^.*audio\/mp4.*$
+abortcontent ^video\/webm$
+abortcontent ^audio\/webm$
+abortcontent ^video\/MP2T$
+abortcontent ^audio\/wmx$
+abortcontent ^audio\/mpeg$
+abortcontent ^audio\/aac$
+abortcontent ^.*application\/x-mms-framed.*$
+
+EOF;
+					if (!file_put_contents("{$cf}", "{$stream_exclude}", FILE_APPEND | LOCK_EX)) {
+						log_error("[squid] Could not add streaming exclusions to {$cf} file!");
+					}
+				}
 			} else {
 				log_error("[squid] Template not found; could not generate '{$cf}' file!");
 			}
@@ -468,6 +490,8 @@ function squid_antivirus_install_config_files() {
 		} else {
 			$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";
 		}
+		$squidclamav_m[3] = "@dnslookup\s1@";
+		$squidclamav_r[3] = "dnslookup 0";
 		if (!file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
 			log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
 		}
diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml
index 495ef342..e70acf55 100755
--- a/config/squid3/34/squid_antivirus.xml
+++ b/config/squid3/34/squid_antivirus.xml
@@ -42,7 +42,7 @@
 	]]>
 	</copyright>
 	<name>squidantivirus</name>
-	<version>0.4.1</version>
+	<version>0.4.6</version>
 	<title>Proxy Server: Antivirus</title>
 	<include_file>/usr/local/pkg/squid.inc</include_file>
 	<tabs>
@@ -165,6 +165,16 @@
 			<type>checkbox</type>
 		</field>
 		<field>
+			<fielddescr>Exclude Audio/Video Streams</fielddescr>
+			<fieldname>clamav_disable_stream_scanning</fieldname>
+			<description>
+				<![CDATA[
+				This option disables antivirus scanning of streamed video and audio.
+				]]>
+			</description>
+			<type>checkbox</type>
+		</field>
+		<field>
 			<fielddescr>ClamAV Database Update</fielddescr>
 			<fieldname>clamav_update</fieldname>
 			<description>
diff --git a/config/squid3/34/squid_js.inc b/config/squid3/34/squid_js.inc
index 59b75e60..33f1923d 100644
--- a/config/squid3/34/squid_js.inc
+++ b/config/squid3/34/squid_js.inc
@@ -215,11 +215,10 @@ function on_antivirus_advanced_config_changed() {
 	if (enable_advanced === 'disabled') {
 		document.iform['clamav_url'].disabled = 0;
 		document.iform['clamav_safebrowsing'].disabled = 0;
+		document.iform['clamav_disable_stream_scanning'].disabled = 0;
 		document.iform['clamav_update'].disabled = 0;
 		document.iform['clamav_dbregion'].disabled = 0;
 		document.iform['clamav_dbservers'].disabled = 0;
-		document.iform['clamav_dbservers'].disabled = 0;
-		document.iform['clamav_dbservers'].disabled = 0;
 		document.getElementById("load_advanced").disabled = 1;
 		document.iform['raw_squidclamav_conf'].disabled = 1;
 		document.iform['raw_squidclamav_conf'].value = '';
@@ -235,6 +234,8 @@ function on_antivirus_advanced_config_changed() {
 		document.iform['clamav_url'].disabled = 1;
 		document.iform['clamav_safebrowsing'].disabled = 1;
 		document.getElementById('clamav_safebrowsing').checked = 0;
+		document.iform['clamav_disable_stream_scanning'].disabled = 1;
+		document.getElementById('clamav_disable_stream_scanning').checked = 0;
 		document.iform['clamav_update'].disabled = 0;
 		document.iform['clamav_dbregion'].disabled = 1;
 		document.getElementById("clamav_dbregion").value = '';